Broadband Tech > Security > Scam and Phishbusters > [Scam] Nigerian scammer hijacked my BIL's email account!?

[Scam] Nigerian scammer hijacked my BIL's email account!?

quote:

---

Return-path: <MY_BILS_ADDRESS@yahoo.com>
Envelope-to: MY_NAME@MY_DOMAIN
Delivery-date: Mon, 12 Nov 2007 14:28:49 -0500
Received: from web33410.mail.mud.yahoo.com ([68.142.206.142])
by MY_DOMAIN with smtp (Exim 4.62)
(envelope-from <MY_BILS_ADDRESS@yahoo.com>)
id 1Irexl-0000DH-Bb
for MY_NAME@MY_DOMAIN; Mon, 12 Nov 2007 14:28:49 -0500
Received: (qmail 99347 invoked by uid 60001); 12 Nov 2007 19:28:48 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=WET4dlraFKD42jz9NBBjuxyfuW4zZL4dlAdPwVTdU7tdOFKQJBb+vqUe+U
fG2iK0wIAffaplHOo0IEvRcrTdj5wkbzWjohJGI15DI1UQoVppacitRjVVgp
FRSMZO+/+P3ofuktN7PMMi4jFl6j2aHSyrC3R5xE++eQ2MK9FYmpM=;
X-YMail-OSG: vZ5LvMQVM1l9lHT683kHYDcFjJr3y3K2uu1GytPj3bck0F5S4IPDS69wT9V
ArOtj4H_dfWbQPStBRXK4YaT_dG1cAalw.XT6D9puNUAZv068z.msy5Jn99h
1UfUVhw--
Received: from [196.1.179.153] by web33410.mail.mud.yahoo.com via HTTP; Mon, 12 Nov 2007 11:28:48 PST
Date: Mon, 12 Nov 2007 11:28:48 -0800 (PST)
From: BIL'S NAME <MY_BILS_ADDRESS@yahoo.com>
Subject: Please I Need Your Help
To: MY_NAME@MY_DOMAIN
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <476279.94922.qm@web33410.mail.mud.yahoo.com>

Hi ,How are you doing today? I am sorry i didn't
inform you about my traveling to Africa for a program
called "Empowering Youth to Fight against
Racism,HIV/AIDS, Poverty and Lack of Education, the
program is taking place in three major countries in
Africa which is Ghana , South Africa and Nigeria . It
as been a very sad and bad moment for me, the present
condition that i found myself is very hard for me to
explain.

I am really stranded in Nigeria because I forgot my
little bag in the Taxi where my money,
passport,documents and other valuable things were kept
on my way to the Hotel am staying, I am facing a hard
time here because i have no money on me. I am now
owning a hotel bill of $ 1550 and they wanted me to
pay the bill soon else they will have to seize my bag
and hand me over to the Hotel Management., I need this
help from you urgently to help me back home, I need
you to
help me with the hotel bill and i will also need $1600
to feed and help myself back home so please can you
help me with a sum of $3500 to sort out my problems
here? I need this help so much and on time because i
am in a terrible and tight situation here, I don't
even have money to feed myself for a day which means i
had been starving so please understand how urgent i
needed your help.

I am sending you this e-mail from the city Library and
I only have 30 min, I will appreciate what so ever you
can afford to send me for now and I promise to pay
back your money as soon as i return home so please let
me know on time so that i can forward you the details
you need to transfer the money through Money Gram or
Western Union.

Thanks.
BIL'S NAME

---

quote:

---

% This is the AfriNIC Whois server.

% Note: this output has been filtered.

% Information related to '196.1.178.0 - 196.1.179.255'

inetnum: 196.1.178.0 - 196.1.179.255
netname: ORG-NTL1-AFRINIC
descr: Provider Local Registry
descr: Assigned to Submarine IP WHolesale Node,
descr: Saka Tinubu
country: NG
org: ORG-NTL1-AFRINIC
admin-c: AS2-AFRINIC
tech-c: AS2-AFRINIC
status: ASSIGNED PA
mnt-by: NITEL-MNT
mnt-lower: NITEL-MNT
source: AFRINIC # Filtered
parent: 196.1.176.0 - 196.1.191.255

organisation: ORG-NTL1-AFRINIC
org-name: Nigerian Telecommunications Ltd.
org-type: LIR
country: NG
address: Nigerian Telecommunications Ltd.
Internet Services Unit,
Plot 251,
cadestral zone A0,
Herbert macauley Way,
Central Business District
Abuja,
Nigeria
phone: +23495425153
fax-no: +23495425910
e-mail: abdulmalik@nitelnet.com
admin-c: OTA1-AFRINIC
admin-c: AS2-AFRINIC
tech-c: AS2-AFRINIC
mnt-ref: NITEL-MNT
mnt-by: AFRINIC-HM-MNT
source: AFRINIC # Filtered

person: Abdul-Malik Suleiman
address: Nigerian Telecommunications Ltd.
Internet Services Unit,
Plot 251,
Cadestral Zone A0,
Herbert Macauley Way,
Central Bussiness District
Abuja,
Nigeria
phone: +23495245153
fax-no: +23495245910
org: ORG-NTL1-AFRINIC
e-mail: abuse@nitelnet.com
nic-hdl: AS2-AFRINIC
source: AFRINIC # Filtered

---

It's commonly referred to as spoofing. A spammer/scammer sends e-mail pretending to be from you or a relative, but as you noticed, the headers say otherwise.

Your brother-in-law might get a few rejection notices of e-mail the spammer sent out that didn't make it or were sent to invalid addresses. Unfortunately with a free e-mail address, there's not much you can do to stop the spoofing. With an actual domain you control the DNS for, you can set up an SPF record which could stop some of the spoofing, but with a free e-mail address you just have to let it run it's course.
--
Submit phishing to phishtracker
HostMySite.com - For your hosting needs

I just talked to my bro-in-law. He was Phished. He replied to an email that he thought was from Yahoo which asked for information including his password (oops) so now some nutcase in Nigeria has his email account. I helped him get to the appropriate Yahoo site to notify them that his account is hijacked, so hopefully things will get straightened out soon... and now he knows what phishing is all about.
--
Windows Vista has detected that your mouse was moved. In order to enhance your user experience, Vista needs to contact Microsoft to re-activate the software. Please make sure you are connected to the Internet, have your credit card handy, then click OK.

reply to kpatz

reply to kpatz

reply to kpatz

Re: [Scam] Nigerian scammer hijacked my BIL's email account!?