Dangerous fake email scams Page 17

I've just received the following to my gmail account:
"Dear tom Pennington,
You recently added Myname@gmail.com as a new alternate email address for your Apple ID. To verify this email address belongs to you, click the link below and then sign in using your Apple ID and password.
Verify now >
Why you received this email.
Apple requests verification whenever an email address is added to an Apple ID. Your email address cannot be used without verification.
If you didn't make this change or if you believe an unauthorized person is attempting to access your account, you can reset your password by going to My Apple ID.
Apple Support"

(Myname is my own name obviously)
I do have an Apple ID but it's linked to my Hotmail account, not my gmail account. I've had these emails before, always apparently addressed to some other person (goodness knows who Tom Pennington is). I've always ignored them. Does anybody know if it's some sort of scam? The email came from (appleid@id.apple.com)

>The email came from (appleid@id.apple.com)

I very much doubt that was the real origin, but you have to learn how to display the (normally hidden) headers of the received email and how to understand them to find where it really came from.

It is really really really easy for anyone to put a fake address in the FROM part of an email, all you have to do is change your own email address in your email program. Such as outlook, outlook express, aapple-mail, thunderbird etc etc; though you cannot normally do that on an online account such as hotmail, gmail, outlook.com.

Here's what the beginning of the headers typically look like:

From - Wed Dec 3 04:52:09 2014
X-Account-Key: account2
X-UIDL: 1417582081.H833913P12574.store01b.mail.zen.net.uk,S=2963
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys: zz_downloaded
Return-path: <ecorazza@ville-chevilly-larue.fr>
Received: from macqf1.qf.cie.uva.es ([157.88.37.196])
by bastion01c.mail.zen.net.uk with esmtp (Exim 4.72)
(envelope-from <ecorazza@ville-chevilly-larue.fr>
id 1Xw1r7-0001W2-1w
for xxxxxxxx@datahighways.co.uk; Wed, 03 Dec 2014 04:48:01 +0000
Message-ID: <C83E5DD724ABB4AE583BB142CDD2C83E@FJ4H6FT3U0>
From: <ecorazza@ville-chevilly-larue.fr>
To: <xxxxxxx@datahighways.co.uk>
Subject: response
Date: 3 Dec 2014 05:11:01 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

You have to find the earliest one of these (there can be more than one, but they have Date&Time)
Received: from macqf1.qf.cie.uva.es ([157.88.37.196])
by bastion01c.mail.zen.net.uk with esmtp (Exim 4.72)
(envelope-from <ecorazza@ville-chevilly-larue.fr>
id 1Xw1r7-0001W2-1w
for xxxxxxx@datahighways.co.uk; Wed, 03 Dec 2014 04:48:01 +0000

the bit like this: from macqf1.qf.cie.uva.es ([157.88.37.196])
shows the domain name and the IP address of where it really came from..
{unless they were really clever and faked a Received header too.}

FAKE:

Good morning,

We proudly thank you for doing business with our organization Lucid Optical Services Ltd.
This is the general payment reminder email generated by our sales team.

Invoice: FIWI-47095RI-78790
Date: December 11, 2014. 03:04pm
Amount: £566.97

Please view attached file "FIWI-47095RI-78790.zip" for details.

Best regards,
Lucid Optical Services Ltd
Anabel Kopinski
+07781 375 369

I am getting LOTS of these kind of fake order acknowlwdgements at present. It seem to be the scammers latest 'invention.

This is not email - but real-mail

Came this morning... looks official and is for a car I sold 2 years ago.

Scamming twots want £80 from me - where did they get the details???

Google Inter Credit International and see for yourself.

This is a sample http://www.legalbeagles.info/forums/showthread.php?38370-Inter-Credit-International-on-behalf-of-DVLA

So does that mean it's a genuine company?

Why am I suddenly being bombarded on my email account (daily).............

@eddieizzard ???????(?): The screening + Q&A of Lost Christmas here at @dlwp Bexhill starts in 2 hours - at 7pm

...............with Twitter feeds in Russian about English people??? Very effin weird.

Dear Client,

We bring to your notice our newly enhanced SSL servers
to give our clients a better upgrade, fast and secure online service.

This process requires you to confirm your records
to ensure your safety while using the online service.

Confirm profile records.

You may experience future problems with your
access by failing to attend to this matter.

Ibanking Service

I'm always tempted to reply to these emails with the simple phrase 'F**k off' but that would only confirm my email address is active.

WTF ?

'Salut again

Well, got you wandering the tumblr, you just can't cast aside my commitment.
Watching last events about the disaster in Europe, they are prompting me feel trembling... Anyway, my apartment is now being leased by someone else and I was forced to switch to a nearby site with my dogs. I am so sorry but I am pretty over with my sister's birthday, I didn't remember talking to you. Well, I don't know how, but is it a sunny evening so far South?
Will you contact me if and when you read this?'

Naturally you will contact him/her and offer your bank details.

Quote: Oldrocker @ 27th January 2015, 11:41 PM GMT

WTF ?

'Salut again

Well, got you wandering the tumblr, you just can't cast aside my commitment.
Watching last events about the disaster in Europe, they are prompting me feel trembling... Anyway, my apartment is now being leased by someone else and I was forced to switch to a nearby site with my dogs. I am so sorry but I am pretty over with my sister's birthday, I didn't remember talking to you. Well, I don't know how, but is it a sunny evening so far South?
Will you contact me if and when you read this?'

View original

It is ah not raining here also..........

I read an article recently that puts a different slant on the fake emails.

It is thought that these scam emails purposely use poor grammar and bad spelling to weed out the intelligent people.

What! but it sort of makes sense.

Your average intelligent person immediately sees that it is poorly written and disregards it whereas the 'thick' do not and are more likely to respond.

The scammers would surely have use of a spell and grammar checker and would use them to add to the authenticity of the email.

They mail-bomb these letters to thousands, maybe millions of people at a time and the 'savvy' are not their intended targets.

Interesting.

Quote: Oldrocker @ 27th January 2015, 11:41 PM GMT

WTF ?

'Salut again

Well, got you wandering the tumblr, you just can't cast aside my commitment.
Watching last events about the disaster in Europe, they are prompting me feel trembling... Anyway, my apartment is now being leased by someone else and I was forced to switch to a nearby site with my dogs. I am so sorry but I am pretty over with my sister's birthday, I didn't remember talking to you. Well, I don't know how, but is it a sunny evening so far South?
Will you contact me if and when you read this?'

View original

There's a big spate of these nonsense emails going on. The text is arbitary quotes from books ? The aim is to make it look like real normal messages to by-pass spam filters.

But oddly these spam emails have no payload; no links or attachments.

I can only presume that they are checking to see which email addresses do NOT get "Non-Delivery Reporrts" NDRs.

Quote: keewik @ 9th January 2015, 9:46 PM GMT

I'm always tempted to reply to these emails with the simple phrase 'F**k off' but that would only confirm my email address is active.

View original

Maybe coincidence but I did just that with a couple of Nigerian Prince/Finance Minister scams and didn't get another one.

Can only assume that the higher echelons of Nigerian society get easily upset with such language, Timothy.