Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD

Scam email #255432 - Payment Release Notification From The Federal Reserve Bank.

Email info

The email was sent on 2018-12-06 01:08:16 and appeared to be from innformcbnnnnpaymmentonl0@gmail.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to f_reservebanknewyork@aol.com which was the scammer's actual email address.
It was probably sent from 209.85.221.68 in Unknown, United States

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Header field	Description	Value
X-Apparently-To:	Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to	[email address removed] Wed, 05 Dec 2018 22:08:16 +0000
Return-Path:	The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path	[email address removed]
X-YahooFilteredBulk:	The IP here was blacklisted by Yahoo for sending spam	209.85.221.68
Received-SPF:	Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info	pass (domain of gmail.com designates 209.85.221.68 as permitted sender)
X-YMailISG:	A unique ID added by the Yahoo Inbound Spam Guard	QmIqSPgWLDvWXu1toFIZzVSJvPyzd72ocEFVP._f8PmoCHba OxaZMUrtaNJOkBZfgWF9nQeLCUcNFkekLXbh6e8AAc41wWRfCp1gfFWBtahD H7JIxKcCRU9Q0Ao.ijAcVkZJgw2vahIgjaytNF4GAfxhEFfJcXw5.1kJU8XG hzkeYmCnQIDH9HoIA04J7xRjdiuUcb911zysDmawWrdUOI9wxvneoqgQzwio RcIq0mXFtyii_TIN22zbFeNXYjTWLtm.yvxxUjbDGFTEn2j_gil.UHHmvXoW xv2G.6YNuvhqIrv9DdFwMivJBXynbZFpXXsTci4fI_tQHwy1wSYWcNRKWoco Zn.gCYObNr4xG.W0LpOz06bJK4A8uggO7G4tJRNJQJjQWHFpBy2RNCZ4Xo_I ab0rTd1A6_pQgwFAwp0pXWiM3ZoiONX4Pa8RuwSqsW_iSyka0DznGRa.e791 8wwS5XXPVv7jaj2ybuKQp5MVcsZLEvN7YQMUgAj.rUPzd9y8FlfXNB9wWipS MdEZRS4hTP32Vzxcwt7X5NRDig28UStAd_h3OUctpS0tSuH38AYWKhUgahv5 E3rBZ4r2vhOYihc33ClCHffJlHtS4Arb0FQtpmLzJXEJTp5rcqy7SWRRuS1l liVepT0J0en_RSgmt_lAvNplZ1DEvSB1mm0la98B7wRwkoRJqO.bsgBOt8xk r5IDwVNj8Y.iBgM8iLW2xnj5ieUFoZhUowRBOs9.903QZRvbYMcpZpiu53x9 yYoHrGBy821PVepcxydlWui4NisLCUyKBhl5x4rOSLj_rKrnD0qkGweIWM6. Fd7zwAz8cMZWD0gHgHwvRYGoj2Gmujm4XdDxrLgFLqQpwCHMoS1drBRFtshH ljHOaasPZk29Tm0Gxfw7jfjHVJn0naOvVaXeTstH.ciLCGtve9BYwomuMT6Y kq7.sl_pE8eRWwU3wEYZfY5AdyPhcM.v3_lq8QEXS9ZUn8u7oecjwFp5.9iV 6kzJqlSjH4cInULABvhfSyz6X5Y87VCNFApmrn32bdaQcdHmSIXLbDT0.qWT k2BbWNJjUADh7A8_dPMbJxkeWXGqUv9YdAtR6.OMkDLq0ay2nuHjQg1Bu1gH sKQLs_HhRwfQFoKaFQd4imRYTb70yG.OwoMKGyGsUKMAxJOSOzo5JBZSffed 815NBoPiekF.DLoUBdKOnS5pQtD8NPfqvOlh0d.Rsps6KA--
X-Originating-IP:	The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from	[209.85.221.68]
Authentication-Results:	Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info	mta4092.mail.bf1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received:	Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	from 127.0.0.1 (EHLO mail-wr1-f68.google.com) (209.85.221.68) by mta4092.mail.bf1.yahoo.com with SMTPS; Wed, 05 Dec 2018 22:08:15 +0000
Received:	Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	by mail-wr1-f68.google.com with SMTP id b14so7688515wru.12 for [email address removed] Wed, 05 Dec 2018 14:08:15 -0800 (PST)
DKIM-Signature:	Used to verify message integrity and ensure the header is not spoofed	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=lOitMb85sdjNYeWXls1f1SC22viz4DccSPHVrP/kVYQ=; b=eJGbyBtttfGpIEuk6qFT+bbN+3rO41nwbYYt8NFFnPb/8BeUAWMwf7BaYHwYEW6VVW irAM81GYzNWJbbYovOeiRoLrqB3y2LeHoaKoZOziEQA2sb6Hw+gn4UuqBs03bJNh9UCh AC/Ec1OXJLKp+5oIq4pTxWKAowkfDzXlgT/i3RyW/r58V+Bks88pWH8vKIRkifVDCCVh cvw3nDOqyllVFVcRp44bqzNKDdj5aqyTK/XqbXDUx39y5jOB0xho/7fN6Z2xPmn35TJR RF/VgZa6AMogp1+et9XEqSSblVQEWoTpnK+YZMIDgyvIQF3iCY8PpZKsGab6Mv3Fmk8o vVrg==
X-Google-DKIM-Signature:	Google Mail adds this to all their headers, it is used to verify message integrity and ensure the header is not spoofed	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=lOitMb85sdjNYeWXls1f1SC22viz4DccSPHVrP/kVYQ=; b=D4aeMH+2QkWXx0k8f9gDu9ENeIZ0lRmAr6L1xcoTy0T860P1R+Aq60upGbpGeUqxUW HcIvSP4cIlm9ee6BeyBHkfSMIuaDD1RPkbVLk01mhWTBh1K0RbGbMEAWtZKPZ4G9A7Jw f5tkHpEYD/8a2GgdY7wIrZjm7V7wr8Jv7UiIPQYPyFvygyPzGsY+HCjp6oRdfe5+v6eF I1vobqI8gKMWc0Z04urjwOWagiirKkrdx3gxtId9oBJIX/k3DifRWhsd6wvPKMsNp8XQ V6s7nx46O75vkdFnVEOXOIUUQADMhxYISgHI7ujsv6qBc0qf9wcvIHJGeIH+O7iqcdTv rZvw== X-Gm-Message-State: AA+aEWZCpJzE2NG8+9IWCef5B1H/F5Hu7//KVZluN2Gcq0dAcmMATk3T ZtgcpPd2HKGe4HrwBjN7mq0FN8PzppZk6GsTLow= X-Google-Smtp-Source: AFSGD/WcK78f0Pa5tA238ytUx41HDM8f87/tjUqY6jaU8jqu9cq2vRv05B/dBkDp5K6EqfLvo2or6nHHJV8pClzDxEs=
X-Received:	Just like 'Received'. Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	by 2002:adf:b6a1:: with SMTP id j33mr23285158wre.55.1544047694868; Wed, 05 Dec 2018 14:08:14 -0800 (PST)
MIME-Version:	Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)	1.0
Received:	Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	by 2002:a1c:60d4:0:0:0:0:0 with HTTP; Wed, 5 Dec 2018 14:08:14 -0800 (PST)
Reply-To:	This is the email address any reply would be sent to by default	[email address removed]
From:	This is the address the email was apparently sent from	Federal Reserve Bank New York [email address removed]
Date:	The date/time the email was sent	Wed, 5 Dec 2018 14:08:14 -0800
Message-ID:	A unique ID assigned to the ID for reference purposes	[email address removed]
Subject:	The subject of the email	Payment Release Notification From The Federal Reserve Bank.
To:	The email address(es) the email was sent to	undisclosed-recipients:;
Content-Type:	What type of content the email usually is, usually text/html, and what character set is used	text/plain; charset="UTF-8"
Bcc:	Email addresses the email was secretly copied into, this field is usually blanked so even by viewing the email header you can't see who was secretly copied into the email	[email address removed]
Content-Length:	The size of the email, in bytes	2348

Your content is below the advert

The scam

Federal Reserve Bank of New York
33 Liberty Street
New York, NY 10045. USA.

Payment Release Notification From The Federal Reserve Bank.

DEAR CUSTOMER,

This is to officially inform you that we have been instructed to
release your over due contract Inheritance/ lottery Payment of $10.5
million to you without any further, and we will have no other option
than to believe that you are dead as claimed by one Mrs. Margaret
Thomson if you fail to respond back to our email this time.

As a matter of fact, we lost your Full Personal/ banking details after
our annual system upgrade which made it impossible for us to contact
you, and we were only able to find your email address after
searchlights on our documents.

Few weeks ago, a woman named Mrs. Margaret Thomson sent a letter to
our bank here in the United States claiming that you are dead and she
further stated that before you died, you informed her about your
contract Inheritance/ lottery payment worth $10.5 million which is
presently under our custody.

Note that Mrs. Margaret Thomson also sent a copy of your death
certificate to us in other to make her claim authentic, but we did not
believe her because you had never mentioned her as your next of kin to
us.

In fact, she has given us every reason to believe that you are dead
ashes claims, and she is ready to take care of what ever it will cost
her to get your funds transferred into her personal account, but Have
been instructed by the management of this bank to contact you
this last time in order to be sure that you are dead as she
claimed,before releasing the payment to her.

So are you dead or are you still alive? If yes, you have been advised
to urgently reconfirm your full personal/ banking details as requested
below to us immediately, in order for us to cancel every further
arrangement in regards to the release of your fund to Mrs. Margaret
Thomson.

However, We Shall Proceed To Issue All Payments Details To The Said
Mrs. Margaret Thomson If We Do Not Hear From You Within 48 banking
hours.

Your Urgent attention is needed if you are still alive.

Yours Faithfully,

For And On Behalf Of
Federal Reserve Bank

Mr.Walker Smith
President and CEO Federal Reserve Bank
Federal Reserve Bank. Registered in United States. Registered No.: 1026167.
Federal Reserve Bank is authorized and regulated by the Financial

SpamAssassin Report (spam score: 3.2)

 pts rule                       description                                       
---- ----------------------     --------------------------------------------------
 0.5 FROM_LOCAL_NOVOWEL         From: localpart has series of non-vowel letters   
 0.0 TVD_RCVD_IP                Message was received from an IP address           
 0.0 TVD_RCVD_IP4               Message was received from an IPv4 address         
 0.0 DKIM_ADSP_CUSTOM_MED       No valid author signature, adsp_override is       
                                CUSTOM_MED                                        
 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit     
                                (innformcbnnnnpaymmentonl0[at]gmail.com)          
-0.0 SPF_PASS                   SPF: sender matches SPF record                    
 0.0 FREEMAIL_FROM              Sender email is commonly abused enduser mail      
                                provider (innformcbnnnnpaymmentonl0[at]gmail.com) 
 0.0 HK_SCAM_N2                 BODY: No description available.                   
-0.0 RCVD_IN_MSPIKE_H2          RBL: Average reputation (+2) [209.85.221.68 listed
                                in wl.mailspike.net]                              
-0.0 RCVD_IN_DNSWL_NONE         RBL: Sender listed at http://www.dnswl.org/, no   
                                trust [209.85.221.68 listed in list.dnswl.org]    
 0.1 DKIM_SIGNED                Message has a DKIM or DK signature, not           
                                necessarily valid                                 
 0.0 LOTS_OF_MONEY              Huge... sums of money                             
 0.1 DKIM_INVALID               DKIM or DK signature exists, but is not valid     
 1.0 FREEMAIL_REPLYTO           Reply-To/From or Reply-To/body contain different  
                                freemails                                         
 1.2 NML_ADSP_CUSTOM_MED        ADSP custom_med hit, and not from a mailing list

Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)