30 September 2007

new email scam purportes to be from LINDA JOHNSON 1st Armored Division in Iraq with saddam hussein's money

Good Day!

an email that appears to originate in .pl poland, pretends to be from...
My name is Linda Johnson, I am with the US Army and I am serving in the 1st Armoured Division in Iraq. Me and my partner discovered and moved funds belonging to Saddam Hussein.

The total is $25,000,000.00 (Twenty Five million US dollars) this money is being kept safe. Click on this link to read about events that took place here.

http://news.bbc.co.uk/2/hi/middle_east/2988455.stm

Basically since we are working for the American government we cannot keep these funds so we want to transfer the funds to you, so that you can keep it for us in your safe account until after our service.

We will divide the total fund this way, 80% for me and my partner while 15% will be for you and the other 5% will be set aside for any expenses that might be incurred.

This business is should be kept confidential due to the nature of our work and present status.
If you are interested send me an e-mail signifying your interest including your private telephone/fax numbers for quick communication.

Anticipating your immediate response.

Sincerely
Private Alex Ramon & Ms Linda Johnson.
the link in the email does go to a legitimate bbc site...

30 april 2003

the reply to email address is hosted by yahoo they take the appropriate action when these scammers use their email accounts to send
advance fee (419) fraud spam or as a drop box to receive replies.

Delivered-To: wesawthat@gmail.com
Received: by 10.141.15.15 with SMTP id s15cs278727rvi;
Mon, 24 Sep 2007 10:40:48 -0700 (PDT)
Received: by 10.86.79.19 with SMTP id c19mr4882360fgb.1190655646860;
Mon, 24 Sep 2007 10:40:46 -0700 (PDT)
Return-Path: <brigthness@gazeta.pl>
Received: from poczta.gazeta.pl (mailic01.gazeta.pl [193.42.231.60])
by mx.google.com with ESMTP id
p9si10957814fkb.2007.09.24.10.40.46;
Mon, 24 Sep 2007 10:40:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of brigthness@gazeta.pl
designates 193.42.231.60 as permitted sender) client-ip=193.42.231.60;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
brigthness@gazeta.pl designates 193.42.231.60 as permitted sender)
smtp.mail=brigthness@gazeta.pl
Received: from User (unverified [213.136.117.122])
by mailic01.gazeta.pl (mailic01.gazeta.pl) with ESMTP id
111804030-1945724
for multiple; Mon, 24 Sep 2007 19:40:37 +0200
Return-Path: <brigthness@gazeta.pl>
Reply-To: <linda_johnson_2005@yahoo.com>
From: "linda johnson"<brigthness@gazeta.pl>
Subject: Good Day,
Date: Mon, 24 Sep 2007 17:40:24 +0400
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: 1190655637_985437@mailic01.gazeta.pl

ABUSE@YAHOO-INC.COM this advance fee (419) fraud spam references an email account that you host please would you terminate service to:

ABUSE@GAZATA.PL this advance fee (419) fraud spam references an email account that you host please would you terminate service to:
Hello,

Thank you for writing to Yahoo! Customer Care.

In this particular case, we have taken appropriate action against the
Yahoo! account in question that was reported for fraudulent activities,
as per our Terms of Service (TOS).
Regards,

Charmaine McDaniels

we havent heard back from gazata.pl yet,

anything on this header could be forged, except probably, the reply to address. what the header shows as the ip address of the sender: 193.42.231.60 is from gazeta.pl so maybe what these 419 spammers are doing is sending their spam from their own isp email address and through their own isp and using the yahoo email address to collect the replies at...and just maybe the isp can cut them off totally.

we hate to give anything away but you can see how the fraudsters messed up in getting the partner and the soldier names mixed up.

see link for related posts

EXTERNAL LINK