Chitika Ads Aid EMail Scammers
That’s right, I said it. Chitika-ads are the cause of me receiving this scam email, as well as some others I have exposed on this site. Strange, since I don’t recall ever using that service, but here’s the proof. Below you’ll see an excerpt from the complete header info that’s included with all emails.
You’ve probably never seen this stuff before, but it’s there, in every email, revealing exactly how and why this email ended up in my in box. The Scam Flags are in BOLD. Notice the firstname.lastname@example.org listed in the “for” field? This address was created only for Chitika Ads, which I decided not to use on the site. The only place the scammer could have harvested that address from is Chitika Ads.
From – Sat May 10 19:22:31 2008
Received: (qmail 17347 invoked from network); 10 May 2008 16:25:03 -0000
Received: from unknown (HELO p3presmtp01-01.prod.phx3.secureserver.net) ([184.108.40.206])
by smtp24-02.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
for email@example.com; 10 May 2008 16:25:03 -0000
Received: (qmail 14429 invoked from network); 10 May 2008 16:25:03 -0000
Received: from fmmailgatexz.web.de ([220.127.116.11])
by p3presmtp01-01.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP
for firstname.lastname@example.org; 10 May 2008 16:24:59 -0000
Received: from web.de
by fmmailgatezx.web.de (Postfix) with SMTP id E415223C88B7;
Sat, 10 May 2008 18:23:51 +0200 (CEST)
Received: from [18.104.22.168] by freemailng1xzy.web.de with HTTP;
Sat, 10 May 2008 18:23:51 +0200
Date: Sat, 10 May 2008 18:23:51 +0200
From: james email@example.com
Subject: YOU ARE A WINNER ! ! !
“Agent James”, indeed.
Notice also the weird path it took to get to me. Tracing backwards we see that it came from “freemail.web.de”, which is in Germany. The email was sent to our buddy, Agent James, at a Yahoo address in Great Britain. It was then relayed on to my email through a service called QMail. QMail is a legitimate transfer agent, and is a competitor to the SendMail agent, which nearly all of us use by default. Routing emails through QMail simply provides another layer of protection for the scammer, helping to hide the true origin of the email.
Which, in this case, happens to be Germany. I’m certain the scammer never thought we would find that out, even though it’s confirmed at the end of the email by the advertising included with the free email account used to send the scam out to millions of unwary web citizens. Let’s follow along and see what other Scam Flags we can find. I’ll save my comments for last…
Yahoo Awards Center
124 Stockport Road, Longsight, Manchester M60 2DB – United Kingdom
This is to inform you that you have won a prize money of Eight Hundred,Twenty Thousand Great Britain Pounds (£820,000,00.) for the month of MAY, Prize promotion which is organized by YAHOO AWARDS & WINDOWS LIVE.
YAHOO collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail and few from other e-mail providers. Six people are selected monthly to benefit from this promotion and you are one of the Selected Winners.
PAYMENT OF PRIZE AND CLAIM
Winners shall be paid in accordance with his/her Settlement Centre. Yahoo Prize Award must be claimed no later than 93 days from date of Draw Notification. Any prize not claimed within this period will be forfeited.
Stated below are your identification numbers:
BATCH NUMBER: MFI/06/APA-43658
REFERENCE NUMBER: 2006234522
These numbers fall within the England Location file, you are requested to contact our fiduciary agent in England and send your winning identification numbers to him;
Agent Name: Mr james christopher
Address : 23 Bedford Row, High Holborn, London , WC1R 4EB , England
Tel: +44 7031819575
You are advised to send the following information to your Claims Agent to facilitate the release of your fund to you.
1. Full name………………………….
3. Contact Address…………………
4. Telephone Number……………..
5. fax Number……………………….
5. Marital Status…………………….
7. My Date of birth………………….
8. Your banking information where the fund will be transferred into either in your country or out side.
9. Your country. I.e. the account number, bank name, swift code of the bank, address of the bank and the account name.
Congratulations!! once again.
Yours in service,
There’s a picture of a respectable looking black woman inserted here above the signature line. Scammers are getting smart: they know a picture increases the ‘believability’ factor.
Dr. (Mrs.) Mercy Martins
Do not tell people about your Prize Award until your money is successfully handed over to you to avoid disqualification that may arise from double claim.
You may also receive similar e-mails from people potraying to be other Organizations or Yahoo Inc. This is solely to collect your personal information from you and lay claim over your winning. In event that you receive any e-mail similar to the notification letter that was sent to you, Kindly delete it from your mail box and give no further correspondence to such person or body.
Yahoo shall not be held responsible for any loss of fund arising from the above mentioned
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220
We see here the usual suspects. Bad grammar, misspellings, incorrect punctuation, using too many titles in the names, not capitalizing the names, and of course the request for your personal information. I really enjoyed the part about receiving emails from other scammers, though. And the joint venture between Microsoft(Hotmail) and Yahoo, what a riot! And what about the picture? Sorry I’m not reproducing it here, but if you’re reading this you probably already know what it looks like! That was a good touch, don’t you think?
Without a doubt, though, I will chuckle off and on for weeks about the advertisement at the end, in German, in an email that’s supposed to be from the UK.
Ich bin Jon, Ihr Gastgeber hier in Wordout.