Scam email #255720 - Attn:Dear ATM VISA CARD Owner.......Read Carefully
Email info
The email was sent on 2019-01-07 01:44:18 and appeared to be from trumpmelania709@yahoo.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to christopherawray0984@gmail.com which was the scammer's actual email address.
It was probably sent from 74.6.133.43 in Washington D.C., Location found from phone number in email
Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to
[email address removed] Sun, 06 Jan 2019 22:44:17 +0000
Return-Path:
The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path
[email address removed]
X-YahooFilteredBulk:
The IP here was blacklisted by Yahoo for sending spam
74.6.133.43
Received-SPF:
Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info
pass (domain of yahoo.com designates 74.6.133.43 as permitted sender)
The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from
[74.6.133.43]
Authentication-Results:
Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info
Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took
from 127.0.0.1 (EHLO sonic305-4.consmr.mail.bf2.yahoo.com) (74.6.133.43)
by mta4309.mail.ne1.yahoo.com with SMTPS; Sun, 06 Jan 2019 22:44:17 +0000
DKIM-Signature:
Used to verify message integrity and ensure the header is not spoofed
Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took
from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Sun, 6 Jan 2019 22:44:16 +0000
Date:
The date/time the email was sent
Sun, 6 Jan 2019 22:44:15 +0000 (UTC)
From:
This is the address the email was apparently sent from
CHRISTOPHER A WRAY [email address removed]
Reply-To:
This is the email address any reply would be sent to by default
CHRISTOPHER A WRAY [email address removed]
Message-ID:
A unique ID assigned to the ID for reference purposes
[email address removed]
Subject:
The subject of the email
Attn:Dear ATM VISA CARD Owner.......Read Carefully
MIME-Version:
Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)
1.0
Content-Type:
What type of content the email usually is, usually text/html, and what character set is used
text/plain; charset=UTF-8
Content-Transfer-Encoding:
How the email has been encoded to comply with regulations (e.g. maximum characters per line)
quoted-printable
References:
Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation
[email address removed]
X-Mailer:
The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters
WebService/1.1.12857 YahooMailBasic Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Content-Length:
The size of the email, in bytes
3694
Your content is below the advert
The scam
Federal Bureau of Investigation United States Department Of Justice Fbi New York 26 Federal Plaza 23rd Floor New. York 10278-0004
Attn:Dear ATM VISA CARD Owner.......Read Carefully
I, MR CHRISTOPHER A WRAY, is hereby announcing to you that your ATM VISA CARD worth $7.400.000.00usd received at JFK airport since last few moths 4th october (2018) from Benin Republic government authorities and Every necessary fees/charges has been paid by senders except $550.00 for CCC custom clearance certificate but a Lady Mrs. Pamela Robert came forward and claimed you sent her to claim your $7,400,000.00 because you are sick and been in the hospital ,that you are having kidney problem in a process of surgery as it's now .
Did you order her to pay for Custom Clearance Certificate (CCC) to claim your fund ATM VISA CARD ? Also be informed that we came to an agreement with the U.S Custom Authority at (JFK) John F. Kennedy Int'l Airport NYC that you will send $550.00 latest tomorrow morning.
This is to bring to your notice that we have just been informed through secrete source that the U.S Custom Authority at (JFK) John F. Kennedy International Airport New York are making arrangement to have your contract fund wired into the Bank account of Mrs. Pamela Robert, the lady that contacted them, earlier and presented some documentations evidencing your claim purported to have being signed personally by you for the release of your contract fund to her, since you have chose to ignore their messages and refuse to pay the required $550 for Custom Clearance Certificate charges as imposed, despite the advise we gave to you.
I want to personally assure you once again that you will have every course to smile and be happy upon conclusion of this project, as we will continue monitoring all your services with them at all level as well as your correspondence, until you have received your ATM VISA CARD accordingly. As a LEGAL OWNER, we are here to protect your interest and that is the reason why we are doing all we can to make sure all goes well, this is a huge amount of money which we don't wish for you to lose.
We understand that the imposed fee might be too much for you to pay so to further make things easier for you, we have discussed with the U.S Custom Authority at (JFK) John F. Kennedy International Airport New York pleaded on your behalf for them to give you the grace of sending half of the charges $275 for now after which the Diplomatic Agent makes the delivery of your ATM VISA CARD to you then once you receive your fund, you can then pay the balance of $275 ,
All we want you to do right now is to send the half of the money with the name listed below so we can forward it to Benin Republic Customs authority to help us bobtail the Custom Clearance Certificate and the diplomat will make the delivery to your home address tomorrow morning by 9:00 AM
Receiver's Data / information:
Receivers Name: joe del
Country: Benin Republic
City : Cotonou
Text Question: Urgent
Answer: Urgent
Amount: $275
Sender s Name...MTCN#...
try and make the payment through money gram via transfer
contact me (+1 202 852 0491)
Contact us right away and let me know when you send half of the charges as we discussed with them to enable them route your fund to you with immediate effect. This is a life time opportunity and we will advise you take advantage of it, before it is too late to do so.
God bless you!
Thanks.
Yours in service,
Best Regards,
Mr Christopher A Wray
BADGE ? JTT0471011111
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE
WASHINGTON, D.C. 20535
SpamAssassin Report (spam score: 4.9)
pts rule description
---- ---------------------- --------------------------------------------------
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score:
0.0000]
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 TVD_RCVD_IP4 Message was received from an IPv4 address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (trumpmelania709[at]yahoo.com)
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit
(trumpmelania709[at]yahoo.com)
1.0 MISSING_HEADERS Missing To: header
-0.0 SPF_PASS SPF: sender matches SPF record
1.6 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(christopherawray0984[at]gmail.com)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust [74.6.133.43 listed in list.dnswl.org]
0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate. ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)