Chitika Ads Aid EMail Scammers
That’s right, I said it. Chitika-ads are the cause of me receiving this scam email, as well as some others I have exposed on this site. Strange, since I don’t recall ever using that service, but here’s the proof. Below you’ll see an excerpt from the complete header info that’s included with all emails.
You’ve probably never seen this stuff before, but it’s there, in every email, revealing exactly how and why this email ended up in my in box. The Scam Flags are in BOLD. Notice the chatika-ads@computergeekservices.net listed in the “for” field? This address was created only for Chitika Ads, which I decided not to use on the site. The only place the scammer could have harvested that address from is Chitika Ads.
From – Sat May 10 19:22:31 2008
X-Account-Key: account4
X-UIDL: 1210436703.374745.m1gemini00-03.prod.mesa1.1104558432
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Received: (qmail 17347 invoked from network); 10 May 2008 16:25:03 -0000
Received: from unknown (HELO p3presmtp01-01.prod.phx3.secureserver.net) ([208.109.80.150])
(envelope-sender agentjameszx@yahoo.co.uk)
by smtp24-02.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
for chatika-ads@computergeekservices.net; 10 May 2008 16:25:03 -0000
Received: (qmail 14429 invoked from network); 10 May 2008 16:25:03 -0000
Received: from fmmailgatexz.web.de ([217.72.192.184])
(envelope-sender agentjameszx@yahoo.co.uk)
by p3presmtp01-01.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP
for chatika-ads@computergeekservices.net; 10 May 2008 16:24:59 -0000
Received: from web.de
by fmmailgatezx.web.de (Postfix) with SMTP id E415223C88B7;
Sat, 10 May 2008 18:23:51 +0200 (CEST)
Received: from [41.243.149.240] by freemailng1xzy.web.de with HTTP;
Sat, 10 May 2008 18:23:51 +0200
Date: Sat, 10 May 2008 18:23:51 +0200
Message-Id: 7obscured4@web.de
From: james agentjameszx@yahoo.co.uk
To: agentjameszx@yahoo.co.uk
Subject: YOU ARE A WINNER ! ! !
Precedence: fm-user
Organization: http://freemail.web.de/
X-Sender: onlinexyz@web.de
“Agent James”, indeed.
Notice also the weird path it took to get to me. Tracing backwards we see that it came from “freemail.web.de”, which is in Germany. The email was sent to our buddy, Agent James, at a Yahoo address in Great Britain. It was then relayed on to my email through a service called QMail. QMail is a legitimate transfer agent, and is a competitor to the SendMail agent, which nearly all of us use by default. Routing emails through QMail simply provides another layer of protection for the scammer, helping to hide the true origin of the email.
Which, in this case, happens to be Germany. I’m certain the scammer never thought we would find that out, even though it’s confirmed at the end of the email by the advertising included with the free email account used to send the scam out to millions of unwary web citizens. Let’s follow along and see what other Scam Flags we can find. I’ll save my comments for last…
Yahoo Awards Center
124 Stockport Road, Longsight, Manchester M60 2DB – United Kingdom
This is to inform you that you have won a prize money of Eight Hundred,Twenty Thousand Great Britain Pounds (£820,000,00.) for the month of MAY, Prize promotion which is organized by YAHOO AWARDS & WINDOWS LIVE.
YAHOO collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail and few from other e-mail providers. Six people are selected monthly to benefit from this promotion and you are one of the Selected Winners.
PAYMENT OF PRIZE AND CLAIM
Winners shall be paid in accordance with his/her Settlement Centre. Yahoo Prize Award must be claimed no later than 93 days from date of Draw Notification. Any prize not claimed within this period will be forfeited.
Stated below are your identification numbers:
BATCH NUMBER: MFI/06/APA-43658
REFERENCE NUMBER: 2006234522
PIN: 1206
These numbers fall within the England Location file, you are requested to contact our fiduciary agent in England and send your winning identification numbers to him;
Agent Name: Mr james christopher
Address : 23 Bedford Row, High Holborn, London , WC1R 4EB , England
E-MAILS: agent.jameschristopherxy@gmail.com
+44 7031844588
Tel: +44 7031819575
You are advised to send the following information to your Claims Agent to facilitate the release of your fund to you.
1. Full name………………………….
2. Country…………………………….
3. Contact Address…………………
4. Telephone Number……………..
5. fax Number……………………….
5. Marital Status…………………….
6. Occupation………………………..
7. My Date of birth………………….
7. Sex……………………………
8. Your banking information where the fund will be transferred into either in your country or out side.
9. Your country. I.e. the account number, bank name, swift code of the bank, address of the bank and the account name.
Congratulations!! once again.
Yours in service,
There’s a picture of a respectable looking black woman inserted here above the signature line. Scammers are getting smart: they know a picture increases the ‘believability’ factor.
Dr. (Mrs.) Mercy Martins
mercymartinsxxz@sociologist.com
WARNING!
Do not tell people about your Prize Award until your money is successfully handed over to you to avoid disqualification that may arise from double claim.
You may also receive similar e-mails from people potraying to be other Organizations or Yahoo Inc. This is solely to collect your personal information from you and lay claim over your winning. In event that you receive any e-mail similar to the notification letter that was sent to you, Kindly delete it from your mail box and give no further correspondence to such person or body.
Yahoo shall not be held responsible for any loss of fund arising from the above mentioned
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 30 Tage
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220
We see here the usual suspects. Bad grammar, misspellings, incorrect punctuation, using too many titles in the names, not capitalizing the names, and of course the request for your personal information. I really enjoyed the part about receiving emails from other scammers, though. And the joint venture between Microsoft(Hotmail) and Yahoo, what a riot! And what about the picture? Sorry I’m not reproducing it here, but if you’re reading this you probably already know what it looks like! That was a good touch, don’t you think?
Without a doubt, though, I will chuckle off and on for weeks about the advertisement at the end, in German, in an email that’s supposed to be from the UK.
Ich bin Jon, Ihr Gastgeber hier in Wordout.
I have gotten several of these things, lattest two came today, one was an e-mail with the crap posted as jpg images, and them another in html. They did have pictures but not a black woman the jpg version had a white woman in a buissness suit. the html one had a fancy congradulations motion gif. A while back I reported one of these to yahoo; but I only got the computer generated reply. I’m thinking it mite be better to go a differant route. I’m thinking of reporting them to englands scottland yard or maybe interpol as this is just a bunch of crapola and I think someone needs to teach are little prankster/ID stealer a lesson mabe a few years in jail will give him an awakening. Its so hard to get the FBI or any of the other agencys in this country to do anything unless it comes from a company or person with a lot of money and clout. I would have thought Yahoo would want to get rid of these scams using their name, but they as far as I can tell haven’t done anything.
Ditto. Got the same email. Would be nice if this information was forwarde to authorities that could do something about it. Unfortunately, I don’t know which authorities would really ever do anything about it.
Awareness to unsuspecting people is the key. Can’t believe that some people fall for it without checking it out online!
Rachael