The email was sent on 2019-03-04 11:39:08 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 220.127.116.11 in Unknown, United States - Click here to see the location on a map
Click here to leave a comment
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Mon, 04 Mar 2019 08:39:08 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||18.104.22.168|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of gmail.com designates 22.214.171.124 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||Ocvn04sWLDuKriiKGJc4_y1fhXXdzsE3eXw2Ri4aLL6KUSG0 go3.bgWh9fj8JxQOcKDLzQdlMgKqkugwi2deAw9o217Bv3irJVrSCYPegnNp ONg.aSGPHvPSdeU94Q.tI3.vAY2HgTZ1baTZ4qqwp6w1CDh6uHYmcY8yB_NP Q.DHFlHTKPtKpwDpSM_4Xdh_Fj.tFz36FEnP5hsLMKIcPQnVtE9_DE2uYeSG cu72QmyPc4hMhIi776.ZgJkL_bnep5RIaZeG7Q2yvMSWpK71lIfJpYfCy6s4 8F_SvAesgEK9V7155dx_2Ui9lNNJHI0KchB2iZtLvoLzLgKGOHeqjkxsY9.S uSdCxj_ogT4E86egz8JF9BMyoi0jVHuo8UUC7TEwYUzT7qTrBahH4ExUvjMc uGntp_GKe76SfCuqZZLmuu1NrhAVX.sAk7GOA4VgBQsEUJGem8kfMmax2JSt 7i9wRl1PfmvUWgmWbo49X6y_RpyR2Eq7.AIz6xm7T73DnnuibQ_nUxdJGxi3 bvbexMiG6fadvEaTGKqVqo1nCuP9lnUhf6JJRyOqjzxV_nuXUzDjvcZfxqE4 WNPS5m7Q8Yt_OieSNdoYCCIsMTMraslRk5RazHqOK2MVQBEUs3RKvdnO91iZ baams4nwNg8qAbgBFDW8Wm8LuA.DybPpWja5WRE56R1vnrn2Sn5SjsiFjSed Da3_6tIvMo.RavtuMmxIxwrU0x32lwO7X4C1w3SVtN14e0j5lUzDHXHqUsRK .SXEKQsJrfQeH0jjrEhiUnzoQ7tcCRe1o057vqfuGMpELfjsUIRNGtePtkQp nOjfs9b9cSCBV4XqSUyZU7PvzccaoFUDvL2XKFi9nPgh97nEqnCpTGJWS0XK qrdIKMYXoCku3qJM69WwlmzX6icv6ihXmPOegXm0bp1ofUSsATfSXHtv9gkZ SxVYLgwfxYleRNm5Fnk94.o_zLcOvtYDWZtyqjStj0oaC15qnUcPBR9ubCHT pqrOP6lk6Fgphm52GqpCEw0MGc41Zlo2ieisfpOWvauoZlOWuBQb3bUmG4TI qjBDKEyEe2bPFD46.qjUfGa6EH5Kid4Nf_cfANfa8hBftIuyOfYdrI4e6iuh I6KVTokL1ToSaziw6bErFpaK2ms4JEoxLISW7CmYBzfKCjsOlw_PWIQQdR4K uIzM5lFqoN7_gcyuwg--|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[126.96.36.199]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4312.mail.gq1.yahoo.com [email address removed] header.s=20161025; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO mail-ed1-f65.google.com) (188.8.131.52) by mta4312.mail.gq1.yahoo.com with SMTPS; Mon, 04 Mar 2019 08:39:07 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||by mail-ed1-f65.google.com with SMTP id f2so3510325edy.13 for [email address removed] Mon, 04 Mar 2019 00:39:07 -0800 (PST)|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:from:date:message-id:subject:to; bh=OtjmacsPQh9zqeKLQrrPLog1YDyCOfNQMZQpNzRHz3A=; b=ukl543/aMTQsy+cDJC3GzPFzEeKshQ9Lk8HQ/81EiJyvrmFuxugrHONtUXwLXqv7zn p0eQWc3mL5/r2mTOoNxkpc9dSvenX3sm4Zaj47TmeTbrXjtxmilxSd38bwY3Y32jKCSU 3MCwTwV2NyMn5iym2IHjro9nb1sUGEe8SDGLJUQePEVXuJZnT5WJdJs8GwCqt3fxrsCB okEkXEYV/H6ryxO5Q9NAPRcJWsrjuq3y2CGjHP3vgBMu94cj98E6lbSjXh11pXHNoH0S EIlfPfHZ+dkXDQskbqnIcMLaQimEuqTdJ2sUISR08I+bjNdzWX25Y6/GIRN1xuY1Q2I/ sAHg==|
|X-Google-DKIM-Signature:||Google Mail adds this to all their headers, it is used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:from:date:message-id :subject:to; bh=OtjmacsPQh9zqeKLQrrPLog1YDyCOfNQMZQpNzRHz3A=; b=R939zXI5ggpCuUqPtMo93KHBxDp7XySwl2Y/l58U9Zv6YcC5/eTKCyvs/zSgdao02F GFyNELvmkmdIGGaxGqLUzX3Vt2oMhN8U/LGGkrMKqaOdhLxLku+msYeo++C5Pop/QCA5 S7566qNBCTO0mUUyR+XhNmw9u9/THPxj7tl50LkpLE4KIGNwC+nKTkr4qb8zz4G4X1wJ jqdBZ0NIjyI/zDnRAPFydjYdnraNUyh46TI2NKR5mxtKS7jc4FJcySwpaJjmAhk5MKhs dkkek8k+ZidwaVx7gB+Q4lOVBY4VkOyY8qZ9nnSze0HSoIjriy595GJVxf13FvK1oeaJ Knbw== X-Gm-Message-State: APjAAAU4eLOy4jHWOFNjRZEGX4qO3aqICIC14qmeiXvXajcIlfuAel/z OLbaf6XfkKYVdKJvHE4khy8GEKa4GaqbAWtyuNY= X-Google-Smtp-Source: APXvYqzdYPo/NcKmFtIIRSlikxI1BHcnnbK+j4IOe+cKfz3MmLy/CvW3+IzuNS1i4E1PI1s+oey5w8pB8maj3x7TIZw=|
|X-Received:||Just like 'Received'. Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||by 2002:aa7:c6da:: with SMTP id b26mr14735298eds.258.1551688746282; Mon, 04 Mar 2019 00:39:06 -0800 (PST)|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||by 2002:a17:906:e2cc:0:0:0:0 with HTTP; Mon, 4 Mar 2019 00:39:05 -0800 (PST)|
|Reply-To:||This is the email address any reply would be sent to by default||[email address removed]|
|From:||This is the address the email was apparently sent from||AFRICAN DEVELOPMENT BANK GROUP [email address removed]|
|Date:||The date/time the email was sent||Mon, 4 Mar 2019 00:39:05 -0800|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||DEDUCTION FEE.|
|To:||The email address(es) the email was sent to||undisclosed-recipients:;|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/plain; charset="UTF-8"|
|Bcc:||Email addresses the email was secretly copied into, this field is usually blanked so even by viewing the email header you can't see who was secretly copied into the email||[email address removed]|
|Content-Length:||The size of the email, in bytes||1845|
pts rule description ---- ---------------------- -------------------------------------------------- 000.00 TO YOUR BANK ACCOUNT IN BY TOMORROW AS SOON
AS ALL CHARGES IS DEDUCTED.
PLEASE RE-CONFIRM YOUR BANK INFORMATION TO AVOID ANY MISTAKE DURING
THE TRANSFER BY TOMORROW. WE ARE GOING TO TRANSFER YOUR INHERITANCE
PAYMENT OF US$32,500,000.00 TO YOUR BANK ACCOUNT BY TOMORROW AND THE
TRANSFER CONFIRMATION SLIPS WILL BE SENT TO YOU FOR YOUR EASY
AS A MATTER OF URGENCY YOU ARE ADVISED TO MAKE A PAYMENT OF US$98.00
BEEN PAYMENT OF DEDUCTION FEE.
THE DEDUCTION FEE OF US$98.00 WILL ENABLE THIS BANK TO OBTAIN AN
AFFIDAVIT AND STAMP DUTIES FROM HIGH COURT OF NIGERIA, WHICH WILL
EMPOWER US TO DEDUCT ALL CHARGES AND PREPARE YOUR DEDUCTION
CERTIFICATE THAT WILL SHOW THAT ALL CHARGES HAVE BEEN DEDUCTED AND YOU
WILL NOT PAY ANY OTHER FEE.
YOU ADVISED TO SEND THE DEDUCTION FEE OF US$98.00 TODAY THROUGH
WESTERN UNION MONEY TRANSFER OR MONEY GRAM WITH THE NAME OF THE
OFFICER IN CHARGE, ONYEBUCHI QUEEN CHIDINMA , LAGOS NIGERIA,
AS SOON AS WE RECEIVE THIS PAYMENT FROM YOU TODAY, WE WILL DEDUCT ALL
CHARGES AND YOUR BALANCE WILL BE REMITTED TO YOUR ACCOUNT BY TOMORROW
MORNING AND THE TRANSFER DETAILS WILL BE FORWARDED TO YOU FOR YOUR
EASY CONFIRMATION WITH YOUR BANK.
HERE IS THE WESTERN UNION MONEY TRANSFER OR MONEY GRAM INFORMATION
RECEIVER NAME:CHIDINMA QUEEN ONYEBUCHI .
ADDRESS: LAGOS NIGERIA
ACT ACCORDING TO THE INSTRUCTIONS, I AM WAITING FOR YOUR URGENT RESPONSE.
NOTE: MAKE SURE YOU CALL ME AS SOON AS YOU RECEIVE THIS E-MAIL +234-815-405-6223
REGARDS AND GOD BLESS YOU.
PROF VICTOR EZE [...] 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (customerservicecenter909[at]gmail.com) 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (customerservicecenter909[at]gmail.com) 1.6 SUBJ_ALL_CAPS Subject is all capitals 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (africandevelopmentbank1950[at]gmail.com) 0.9 URG_BIZ BODY: Contains urgent matter -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [184.108.40.206 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [220.127.116.11 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 1.2 UPPERCASE_75_100 message body is 75-100% uppercase 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid 0.0 LOTS_OF_MONEY Huge... sums of money 0.6 YOU_INHERIT Discussing your inheritance 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases 2.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
Please do not click on links in the above email or make use of any contact details in the above email.