Has someone offered you a huge sum of money or a valuable consignment? It's a 419 or advance fee fraud - find out how they work, and what to do to be safe.
#213711 by Debra1533 Thu Aug 07, 2014 3:11 am
I did locate the info about where it came from - do I copy and paste that here? A girlfriend's Email - addresses were hacked and used by creating same email but different appendage. Real address - Removed identifying information. ~Bubbles@yahoo.com Fake is same but with Hotmail appendage Here's the 1st email text

" I hope you get this on time, I made a trip to LUGANSK(UKRAINE) and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle my hotel bills with the Manager.

I have made contact with my bank but it would take me 3-5 working days to access funds in my account, the bad news is my flight will be leaving very soon but i am having problems settling the hotel bills and the hotel manager won't let me leave until i settle the bills, I need your help/LOAN financially and I promise to make the refund once i get back home, you are my last resort and hope, Please let me know if i can count on you and i need you to keep checking your email because it's the only way i can reach you.



Here's the first ID Section about sender - X-Message-Info-Pas: VHnlfOXknX5JVRUcBM4ir6aWTNzzefnYwpEan10nOIPuUzhu6omJaEPwFXOIbF6ZMD7lujtnDihjdWCAuRJRFiPO0muVAHex
Return-Path: color=green]Removed identifying information. ~Bubbles[/[email protected]
Received: from imta18.westchester.pa.mail.comcast.net (LHLO
imta18.westchester.pa.mail.comcast.net) ( by
resmail-po-033v.sys.comcast.net with LMTP; Wed, 6 Aug 2014 14:07:11 +0000
Received: from nm21-vm6.bullet.mail.ne1.yahoo.com ([])
by imta18.westchester.pa.mail.comcast.net with comcast
id bS741o01Z2U2Qx60JS75WF; Wed, 06 Aug 2014 14:07:09 +0000
Last edited by Bubbles on Sat Aug 09, 2014 9:13 pm, edited 1 time in total. Reason: Added quotes for clarity.

#213725 by vonpaso xlura Thu Aug 07, 2014 4:37 am
There should be more headers below that. Received headers are added to the top, so the earliest one, which is the one we want, is at the bottom, just above From, To, and Subject. There may also be one or more X-Originating-IP headers.

If they actually used her email address, not spoofed it, she needs to close it and make a new one. If they spoofed it (the email was sent with her address in the headers, but they didn't log in as her), or they made their own address that looks like hers but isn't, her address should be safe. But if they got her address book by guessing her password, she needs to change her password to something extremely unguessable.

Yahoo seems to be particularly prone to this sort of scam. It once happened to a friend of mine, who was using Yahoo at the time. I called him on the phone and verified that he was not out of the country.

... ni los estafadores heredarán el reino de Dios. 1 Cor. 6:10
#213762 by Bryon Williams Thu Aug 07, 2014 10:13 am
Welcome to Scamwarners Debra1533,

As Vx stated we need to see the whole email header.

Your friend needs to change their password on their account along with the security questions. Then she needs to do the same with her recovery email address. Once that is completed she needs to run two anti virus programs on her computer. Not at the same time. Disable one as she runs the other. She will also need to change her password on everything ( Bank accounts, Ebay, Paypal, stores and etc.) Everything.

I agree with Vx that she needs to get a new email address as this one is posted on an Anti Scam Forum.

Please contacta moferatorstor if you have a question or information about this post.

Please do not tell the scammer he is posted here.

Please remember the fallen. https://www.odmp.org/

Who is online

Users browsing this forum: Bing [Bot], Knucklaus and 22 guests