Forward scams to - remove your name and email address first! TO CONTACT US CLICK HERE INSTEAD

Scam email #255720 - Attn:Dear ATM VISA CARD Owner.......Read Carefully

Email info

The email was sent on 2019-01-07 01:44:18 and appeared to be from trumpmelania709@yahoo.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to christopherawray0984@gmail.com which was the scammer's actual email address.
It was probably sent from 74.6.133.43 in Washington D.C., Location found from phone number in email

Email header

Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it

Header field	Description	Value
X-Apparently-To:	Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to	[email address removed] Sun, 06 Jan 2019 22:44:17 +0000
Return-Path:	The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path	[email address removed]
X-YahooFilteredBulk:	The IP here was blacklisted by Yahoo for sending spam	74.6.133.43
Received-SPF:	Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info	pass (domain of yahoo.com designates 74.6.133.43 as permitted sender)
X-YMailISG:	A unique ID added by the Yahoo Inbound Spam Guard	Y1bZdEIWLDuDQsWrQ6YlH5mOkynFydW2IpIjoBe.F0MzsNzv RlOV1wclI_qx020h4hoSCt5.OqSS43vFW_M.CUPVUJU8pfyS_D9zTjF06mI. d8ZllSagrMWL.YH.SLU9exOc0NvjDYrUOex.98v97cn_1N8cw.nEaRFTX0QR bJHpy15LlV95PDo1ng.oSpL0szZaioqFYIkn9xYaXD1BxosNC5yaImzgVzBt SP.qFbxsjiaxmpxGfN7w0i7N5GrGFkivYbhWFdsgIRYhThZg8T70VkU0porC 2f.3lbHlMmEG48eJ0q2eF28ZFWRChvtfgASOFYt9YmSeQ.eXVKeyU7L4BhNs 1qa07SKuZcznC03R1jpfNZxvCGVi8syN6i7VXFwCGmLpEQYIe4geptjNoZeC nu2beAqNL.9Q5cRFwRB_MQjyPQVRonJkkYAlNaEHT_JH7TWy9WK9zdc8vsA8 qwEQ7lGLu8pfJuphPsQtJarYKa8l9Z3ny9ab7IbVzyTD5ysfdA_QMbjhz.Kt wJJ2yPFtusf7gtBOy2dzRbQtNxCX74Mibo9IBKleqVzuixfr8o_22kqLpkTH 6L7sy99VRnVU5PSlOC6M.n4BeL8CEX6_TjN9GrhBQQxwm101NpZwTegRi5f0 vc4goesI2Pe82.AariHor9Z6r_Dm4HfYOmry9fPPQeuQvS35p0sJ1Oi7.Ups ju68dlcavlpX45mXQBRhKV1tawFB7GLSZqGRko1XCZrFS7TP66FW9yP.7.tN .6hiiiaHJhPZRAr6ThSUrb06o8RQ8jYN9Xb.2xyVfQdSTq2TMxIeh0Ntme8M TIl_AH13SLfXAYw4hxIucqHVEK56Ho.XCFwrCwY6y7ae2QbsxEyBntJ2sa91 mu_fD3VLG1Cc_5CBDdIcaZ5IgCEBO8qRkc2rc0Ewe4WX79bx_MIWni2VhKB9 5qLcCRA6HAay7xhLj7UOFElfC8EBqaXTrkzPTjiQvIwE8QQ5OaRJHD8TbEXj GKDuEo45FGsRE0xsDMVT9oxRsh11Q8deyQzzuplndqeNbM8U2PDI96kF7v9a g2EffRX9P260ae5kcOhRbux2vVxDExonIHpfeq4qEcNyXgKnRIeB.QioP4t0 HssWnYdY_dSLVYu9oKKfbzD6uUj20nyU0KPcs11gbGJMrCKmHEFSEgVSHGIn CevDA0Req.oCpi_UpIgeqwjIVW8zNUjoo8PUs9AX36JegdkWEG7phiGt.R.N s40.6PeT7ZI_oDDPhvRUyHw-
X-Originating-IP:	The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from	[74.6.133.43]
Authentication-Results:	Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info	mta4309.mail.ne1.yahoo.com [email address removed] header.s=s2048; dkim=pass (ok)
Received:	Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	from 127.0.0.1 (EHLO sonic305-4.consmr.mail.bf2.yahoo.com) (74.6.133.43) by mta4309.mail.ne1.yahoo.com with SMTPS; Sun, 06 Jan 2019 22:44:17 +0000
DKIM-Signature:	Used to verify message integrity and ensure the header is not spoofed	v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1546814656; bh=SP6UQEJCCd8q7pz3wS7xdu4uJZqKKsmNovhNFcgQ/sU=; h=Date:From:Reply-To:Subject:References:From:Subject; b=Z8WKv5KboqmRPUf0uhZ7zDQIUlLWfxhDUclEYk6l9VsME05B51UjLngKrRqdJQCSZQxVd0owR4rhLwKqcOdc5+vPMt58PTIj8c7QkoLhbyRClCFpzXLYH5n0N/kqn3HgCeUDU77NisG44Pb1NR60iIfFyqIZfcUs0f3Xrt+6RHfqI5aSB6oFlAv5HyD45qIO15G8JwxLig+4wAdWywQfMEWqyZtn69C1MIjUjcd70MBuGl+TPJ7Z6SCFz9DlK+tNBvbetz3dDQVUm85FUQatJtSuFrqC0KQEWuA6S3KJehlZTgvOxJZgt/KwJzy1z8yoBvTFW/6Zkj2QC64qQPzIAA==
X-YMail-OSG:	A unique ID added by the Yahoo Outbound Spam Guard	DSrb12AVM1mO1yERBMjbqb_io41RLWPtIO8h9QXetuR3zpnv60ckaGgWTE80qU2 HQjuN6gTlbenrdhbBxgvqO5Kppv52YTmlBADUfhSl5gQC1YDGvEKfVlThWjFssZUTchtgfTblbgv mSFwMN1tlOnjFZHEs4h9RIOlAMF29yLo1_UGRMmIh4bVqyaiVTikafc5oGhg51ifxKnhB_ehNKH_ iW5sjktphjKzsm3_PE3b_FnceMzHKZjcgqOcM.PYdcsPbxtQkDMcZCw.ZMziRzwX8kMbiyOaoCEo n5Z1yraEinlPn21OGedy5wZIh5D7v_ODG.G_GsMOmhxk7r_PYicvngoRYL38gnFHSoHus9Um.RjC iMXlBkcDpsWoxz1U1PFHuuZiEP.xfZQxx5._k12lr00ugmDA41S6dIR4X6ExJKIM470jnfgF_sOA hmjmPFpA07ZKU4kl3JFYp8b9u8.jsg_fKAh3_LIrTlBvRjF16L1U8jtlNFdW1WKnNdTvc4oHeg0N n8emn0_NPLevrjxuEXdKTvT3_yUp2b03bN_ApZeiAETkNo25y3DBm9zTrKQBLNO7UzFMZ3NX02k4 hNxB0C.5fT6CWB6cpM7uwwILMPVJDB2Vk.ldsFQDJpWS7L91r5qSsd65JiKl3q6KuzDU5fjsc.sW qqSPjuGPlUCqqBif2TU4.DNOB1VEDKQt2boEkR.8JzFjrYoF63u3W_h26bLjHOoKGV9lsXe61XpK 6XaW5fU0w7Q3xwy4xqcuLfXOLETrTvaB4IaKlie35dqnZgyQLM6lWguu5qi9fdRfk8bSA2RrwI1g faV.6FXyrfPTBNAHnHVgJ0MxyFdVOnCXsc3zAAndQgBltwE6lRrZH4.yMB_DYshXaGhGYqvjm0PO 22X_OBlHXwXQCKtRfACPMK5vlcn_8uJo9sUBjrChwJbERgEOEcwl3ttncKxHQXcCYif7_7BW59Pf l4vqaseysM6PMKGgag_hubzusFrCHQvnHwn5cDjVPF6nAi5_EH5qQskO7G9WfwV4MZ5QwZY8MoN0 rCfxt5qUT_K8gSr5GNvrRGxZpM.VyBJJUa6wyz30Vyrlx6yKhsV0DJOkedhZPSQ--
Received:	Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took	from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Sun, 6 Jan 2019 22:44:16 +0000
Date:	The date/time the email was sent	Sun, 6 Jan 2019 22:44:15 +0000 (UTC)
From:	This is the address the email was apparently sent from	CHRISTOPHER A WRAY [email address removed]
Reply-To:	This is the email address any reply would be sent to by default	CHRISTOPHER A WRAY [email address removed]
Message-ID:	A unique ID assigned to the ID for reference purposes	[email address removed]
Subject:	The subject of the email	Attn:Dear ATM VISA CARD Owner.......Read Carefully
MIME-Version:	Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)	1.0
Content-Type:	What type of content the email usually is, usually text/html, and what character set is used	text/plain; charset=UTF-8
Content-Transfer-Encoding:	How the email has been encoded to comply with regulations (e.g. maximum characters per line)	quoted-printable
References:	Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation	[email address removed]
X-Mailer:	The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters	WebService/1.1.12857 YahooMailBasic Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Content-Length:	The size of the email, in bytes	3694

Your content is below the advert

The scam

Federal Bureau of Investigation United States Department Of Justice Fbi New York 26 Federal Plaza 23rd Floor New. York 10278-0004

Attn:Dear ATM VISA CARD Owner.......Read Carefully

I, MR CHRISTOPHER A WRAY, is hereby announcing to you that your ATM VISA CARD worth $7.400.000.00usd received at JFK airport since last few moths 4th october (2018) from Benin Republic government authorities and Every necessary fees/charges has been paid by senders except $550.00 for CCC custom clearance certificate but a Lady Mrs. Pamela Robert came forward and claimed you sent her to claim your $7,400,000.00 because you are sick and been in the hospital ,that you are having kidney problem in a process of surgery as it's now .

Did you order her to pay for Custom Clearance Certificate (CCC) to claim your fund ATM VISA CARD ? Also be informed that we came to an agreement with the U.S Custom Authority at (JFK) John F. Kennedy Int'l Airport NYC that you will send $550.00 latest tomorrow morning.

This is to bring to your notice that we have just been informed through secrete source that the U.S Custom Authority at (JFK) John F. Kennedy International Airport New York are making arrangement to have your contract fund wired into the Bank account of Mrs. Pamela Robert, the lady that contacted them, earlier and presented some documentations evidencing your claim purported to have being signed personally by you for the release of your contract fund to her, since you have chose to ignore their messages and refuse to pay the required $550 for Custom Clearance Certificate charges as imposed, despite the advise we gave to you.

I want to personally assure you once again that you will have every course to smile and be happy upon conclusion of this project, as we will continue monitoring all your services with them at all level as well as your correspondence, until you have received your ATM VISA CARD accordingly. As a LEGAL OWNER, we are here to protect your interest and that is the reason why we are doing all we can to make sure all goes well, this is a huge amount of money which we don't wish for you to lose.

We understand that the imposed fee might be too much for you to pay so to further make things easier for you, we have discussed with the U.S Custom Authority at (JFK) John F. Kennedy International Airport New York pleaded on your behalf for them to give you the grace of sending half of the charges $275 for now after which the Diplomatic Agent makes the delivery of your ATM VISA CARD to you then once you receive your fund, you can then pay the balance of $275 ,

All we want you to do right now is to send the half of the money with the name listed below so we can forward it to Benin Republic Customs authority to help us bobtail the Custom Clearance Certificate and the diplomat will make the delivery to your home address tomorrow morning by 9:00 AM

Receiver's Data / information:
Receivers Name: joe del
Country: Benin Republic
City : Cotonou
Text Question: Urgent
Answer: Urgent
Amount: $275
Sender s Name...MTCN#...
try and make the payment through money gram via transfer

contact me (+1 202 852 0491)

Contact us right away and let me know when you send half of the charges as we discussed with them to enable them route your fund to you with immediate effect. This is a life time opportunity and we will advise you take advantage of it, before it is too late to do so.

God bless you!
Thanks.
Yours in service,

Best Regards,
Mr Christopher A Wray
BADGE ? JTT0471011111
FEDERAL BUREAU OF INVESTIGATION
UNITED STATES DEPARTMENT OF JUSTICE

WASHINGTON, D.C. 20535

SpamAssassin Report (spam score: 4.9)

 pts rule                       description                                       
---- ----------------------     --------------------------------------------------
-1.9 BAYES_00                   BODY: Bayes spam probability is 0 to 1% [score:   
                                0.0000]                                           
 0.0 TVD_RCVD_IP                Message was received from an IP address           
 0.0 TVD_RCVD_IP4               Message was received from an IPv4 address         
 0.0 FREEMAIL_FROM              Sender email is commonly abused enduser mail      
                                provider (trumpmelania709[at]yahoo.com)           
 0.0 DKIM_ADSP_CUSTOM_MED       No valid author signature, adsp_override is       
                                CUSTOM_MED                                        
 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit     
                                (trumpmelania709[at]yahoo.com)                    
 1.0 MISSING_HEADERS            Missing To: header                                
-0.0 SPF_PASS                   SPF: sender matches SPF record                    
 1.6 FORGED_YAHOO_RCVD          'From' yahoo.com does not match 'Received' headers
 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit          
                                (christopherawray0984[at]gmail.com)               
-0.0 RCVD_IN_DNSWL_NONE         RBL: Sender listed at http://www.dnswl.org/, no   
                                trust [74.6.133.43 listed in list.dnswl.org]      
 0.0 MIME_QP_LONG_LINE          RAW: Quoted-printable line longer than 76 chars   
 0.1 DKIM_SIGNED                Message has a DKIM or DK signature, not           
                                necessarily valid                                 
 0.1 DKIM_INVALID               DKIM or DK signature exists, but is not valid     
 1.6 REPLYTO_WITHOUT_TO_CC      No description available.                         
 0.0 LOTS_OF_MONEY              Huge... sums of money                             
 1.0 FREEMAIL_REPLYTO           Reply-To/From or Reply-To/body contain different  
                                freemails                                         
 0.9 NML_ADSP_CUSTOM_MED        ADSP custom_med hit, and not from a mailing list

Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)