Scams operating under the guise of a charity.
#257765 by Faizan Docherty Wed Jun 24, 2015 8:49 am
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 62.208.144.128
Originating ISP: Customer Pnn
City: Swindon
Country of Origin: United Kingdom
* For a complete report on this email header goto ipTRACKERonline


From "Dyson Susan (KING'S COLLEGE HOSPITAL NHS FOUNDATION TRUST)" Wed Jun 24 00:01:44 2015
X-Apparently-To: <snipped>; Wed, 24 Jun 2015 00:01:56 +0000
Return-Path: <[email protected]>
X-YahooFilteredBulk: 62.208.144.128
Received-SPF: none (domain of nhs.net does not designate permitted sender hosts)
X-YMailISG: <snipped>
X-Originating-IP: [62.208.144.128]
Authentication-Results: mta1612.mail.gq1.yahoo.com from=nhs.net; domainkeys=neutral (no sig); from=nhs.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO relay.nhs.uk) (62.208.144.128)
by mta1612.mail.gq1.yahoo.com with SMTPS; Wed, 24 Jun 2015 00:01:49 +0000
Received: from nhs-pd1e-esg105.ad1.nhs.net (nhs-pd1e-esg105.ad1.nhs.net [127.0.0.1])
by IMSVA80 (Postfix) with ESMTP id 99E73449548;
Wed, 24 Jun 2015 01:01:46 +0100 (BST)
Received: from smtp.nhs.net (unknown [192.168.9.68])
by nhs-pd1e-esg105.ad1.nhs.net (Postfix) with ESMTP id 711B2449520;
Wed, 24 Jun 2015 01:01:46 +0100 (BST)
Received: from NHS-PD1I-HTS010.AD1.NHS.NET (192.168.17.10) by
NHS-PD1e-ETS004.ad1.nhs.net (192.168.8.68) with Microsoft SMTP Server (TLS)
id 8.3.389.2; Wed, 24 Jun 2015 01:01:46 +0100
Received: from NHS-PCLI-MBC038.AD1.NHS.NET ([192.168.16.76]) by
NHS-PD1I-HTS010.AD1.NHS.NET ([192.168.17.10]) with mapi; Wed, 24 Jun 2015
01:01:45 +0100
From: "Dyson Susan (KING'S COLLEGE HOSPITAL NHS FOUNDATION TRUST)"
<[email protected]>
Date: Wed, 24 Jun 2015 01:01:44 +0100
Subject: Marie Holmes
Thread-Topic: Marie Holmes
Thread-Index: AQHQrhD1DhzS2emGEUCEFbXh7+Bq6w==
OLD-MSG-ID: <[email protected]HS.NET>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: multipart/alternative;
boundary="_000_5E7C8676DD089B49A715C492D0E745270EDA2D7613NHSPCLIMBC038_"
MIME-Version: 1.0
To: Undisclosed recipients:;
Message-Id: <[email protected]>
X-TM-AS-Product-Ver: IMSVA-8.0
X-TM-AS-Result: No--0.509-60-31-10
X-imss-scan-details: No--0.509-60-31-10;No--0.509-3-31-10;No--0.509-4-31-10
X-TMASE-MatchedRID: <snipped>
Content-Length: 3675


You are picked by Marie Holmes,U.S Powerball winner for a humanitarian donation of $2.5MUSD Reply via([email protected])For briefs
Verify by clicking on this link: http://abcnews.go.com/Business/north-ca ... d=29164478

********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.

Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be accessed anywhere

********************************************************************************************************************

Please DO NOT tell a scammer that he has been posted here!

If you wish you can email me at
faizandocherty @ scamwarners [dot] com

How do I find email headers???

How to analyze an email header.
Advertisement

#259755 by askathena Fri Jul 10, 2015 3:24 pm
Faizan Docherty wrote:
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 62.208.144.128
Originating ISP: Customer Pnn
City: Swindon
Country of Origin: United Kingdom
* For a complete report on this email header goto ipTRACKERonline


From "Dyson Susan (KING'S COLLEGE HOSPITAL NHS FOUNDATION TRUST)" Wed Jun 24 00:01:44 2015
X-Apparently-To: <snipped>; Wed, 24 Jun 2015 00:01:56 +0000
Return-Path: <[email protected]>
X-YahooFilteredBulk: 62.208.144.128
Received-SPF: none (domain of nhs.net does not designate permitted sender hosts)
X-YMailISG: <snipped>
X-Originating-IP: [62.208.144.128]
Authentication-Results: mta1612.mail.gq1.yahoo.com from=nhs.net; domainkeys=neutral (no sig); from=nhs.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO relay.nhs.uk) (62.208.144.128)
by mta1612.mail.gq1.yahoo.com with SMTPS; Wed, 24 Jun 2015 00:01:49 +0000
Received: from nhs-pd1e-esg105.ad1.nhs.net (nhs-pd1e-esg105.ad1.nhs.net [127.0.0.1])
by IMSVA80 (Postfix) with ESMTP id 99E73449548;
Wed, 24 Jun 2015 01:01:46 +0100 (BST)
Received: from smtp.nhs.net (unknown [192.168.9.68])
by nhs-pd1e-esg105.ad1.nhs.net (Postfix) with ESMTP id 711B2449520;
Wed, 24 Jun 2015 01:01:46 +0100 (BST)
Received: from NHS-PD1I-HTS010.AD1.NHS.NET (192.168.17.10) by
NHS-PD1e-ETS004.ad1.nhs.net (192.168.8.68) with Microsoft SMTP Server (TLS)
id 8.3.389.2; Wed, 24 Jun 2015 01:01:46 +0100
Received: from NHS-PCLI-MBC038.AD1.NHS.NET ([192.168.16.76]) by
NHS-PD1I-HTS010.AD1.NHS.NET ([192.168.17.10]) with mapi; Wed, 24 Jun 2015
01:01:45 +0100
From: "Dyson Susan (KING'S COLLEGE HOSPITAL NHS FOUNDATION TRUST)"
<[email protected]>
Date: Wed, 24 Jun 2015 01:01:44 +0100
Subject: Marie Holmes
Thread-Topic: Marie Holmes
Thread-Index: AQHQrhD1DhzS2emGEUCEFbXh7+Bq6w==
OLD-MSG-ID: <[email protected]HS.NET>
Accept-Language: en-US, en-GB
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-GB
Content-Type: multipart/alternative;
boundary="_000_5E7C8676DD089B49A715C492D0E745270EDA2D7613NHSPCLIMBC038_"
MIME-Version: 1.0
To: Undisclosed recipients:;
Message-Id: <[email protected]>
X-TM-AS-Product-Ver: IMSVA-8.0
X-TM-AS-Result: No--0.509-60-31-10
X-imss-scan-details: No--0.509-60-31-10;No--0.509-3-31-10;No--0.509-4-31-10
X-TMASE-MatchedRID: <snipped>
Content-Length: 3675


You are picked by Marie Holmes,U.S Powerball winner for a humanitarian donation of $2.5MUSD Reply via([email protected])For briefs
Verify by clicking on this link: http://abcnews.go.com/Business/north-ca ... d=29164478

********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.

Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland
NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients
NHSmail provides an email address for your career in the NHS and can be accessed anywhere

********************************************************************************************************************

Content of email scam

Good Day!

My Client Marie Holmes who just won a power ball lottery has made a donation to you, contact her via her private email ([email protected]) for more detail on how to receive this. Please do not ignore, this is the third time trying to reach you.

Sincerely.

RE: 019/Holmes.
Yesterday 8:07 PM
From
[email protected]
[email protected]
Return-path:
<[email protected]>
Received:
from st11p00mm-smtpin011.mac.com ([17.172.87.211]) by ms21522.mac.com (Oracle Communications Messaging Server 7u4-27.08 (7.0.4.27.7) 64bit (built Aug 22 2013)) with ESMTP id <[email protected]> for [email protected]; Fri, 10 Jul 2015 03:07:12 +0000 (GMT)
Original-recipient:
rfc822;[email protected]
Received:
from smtp.mountsinai.org ([146.203.148.19]) by st11p00mm-smtpin011.mac.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPS id <[email protected]> for [email protected] (ORCPT [email protected]); Fri, 10 Jul 2015 03:07:11 +0000 (GMT)
Received-SPF:
none (st11p00mm-smtpin011.mac.com: [email protected] does not designate permitted sender hosts) receiver=st11p00mm-spfmilter009.mac.com; client-ip=146.203.148.19; helo=smtp.mountsinai.org; [email protected];
Authentication-results:
st11p00mm-smtpin011.mac.com; spf=none (st11p00mm-smtpin011.mac.com: [email protected] does not designate permitted sender hosts) [email protected];
DKIM-Signature:
v=1; a=rsa-sha256; c=relaxed/simple; d=mssm.edu; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail; bh=sWa055TxcdeHC6UG9oppjkj00wlTSRZblS0p2UCrMSE=; b=M4EkvLMqwFz19AK5uXLt+Ad1C3S0op5VvetBXvgMAPbJV8Op9hfGPOL7WjYhfZ/F84cG yKbzTM/nBZnVYh5DJ6VuRgHkHxoTsvCNn47+FuR7zCZbG8Lb8tibCWLf0eaFGVLZ3SF2 oxwvcUv0yVHqK5JqAegDuy/6CdTDwaHy4O4Dxx2SrY7QU13oSlvNV91AV2FyEDrfUMum fQE1Bw2PAfdBXs09EPKDBGHGnYP+/xUasmFmFbWQoIYvrnVree+rW2LaCl3WpQECLThD J9GdRNb3CYbWEW384SM5NCesH3ntYp9Ue74XVwUzSw3CxTaTdNmsjZFoVUEoHO7hM0Ed lQ==
Received:
from Exch-HubEb2.ExchMail.mssm.edu (msmc-f5.mountsinai.org [10.2.37.12]) by pp-serve04.mountsinai.org (8.14.7/8.14.7) with ESMTP id t6A36rk7021421 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 09 Jul 2015 23:06:53 -0400
Received:
from EXCHMBXCSM3.ExchMail.mssm.edu ([169.254.1.84]) by Exch-HubEb2.ExchMail.mssm.edu ([10.95.37.64]) with mapi id 14.02.0347.000; Thu, 09 Jul 2015 23:06:53 -0400
From:
"Stanley, Sarah" <[email protected]>
To:
"Stanley, Sarah" <[email protected]>
Subject:
RE: 019/Holmes.
Thread-topic:
019/Holmes.
Thread-index:
AdC6sN9VMn96zVlhS7W67NZCmpCwOQACT1FL
Date:
Fri, 10 Jul 2015 03:06:52 +0000
Message-id:
<[email protected].edu>
References:
<[email protected].edu>
In-reply-to:
<[email protected].edu>
Accept-Language:
en-US
Content-language:
en-US
X-Originating-IP:
[198.7.59.110]
Content-type:
multipart/alternative; boundary=_000_654BE2E98B35694A97D7048A9C9A94BFF59EDFEXCHMBXCSM3ExchMa_
MIME-version:
1.0
Authentication-results:
st11p00mm-smtpin011.mac.com; dkim=pass (2048-bit key) header.d=mssm.edu [email protected] header.b=M4EkvLMq; dkim-adsp=pass
x-icloud-spam-score:
30302230 f=mssm.edu;e=mssm.edu;is=yes;ir=no;pp=ham;spf=?;dkim=pass;dmarc=?;wl=absent;pwl=absent;clxs=ham;clxl=absent
x-dmarc-info:
pass=?; dmarc-policy=(noPolicy); s=; d=
X-MANTSH:
1TEIXWV4bG1oaGkdHB0lGUkdDRl5PWBoaHhEKTEMXGx0EGx0YBBIZBBscEBseGh8 aEQpYTRdLEQptfhcaEQpMWRcZGRkRCllNF2RFRE8RCllJFxgaGnEYHRoGHHcGGBoaBhoGGgYHG x0GBx8acRsTHRAcGB93BhoGGgYaBhoGGgYacRoQGncGGhEKWV4XY255EQpDThdLGxsaYkIfaWw afFsZeHMHHGsaGRodaxsfEQpbQxcaZHgTGhoYE2YeZGFgHx0aEQpYXBcZBBoEGB4HTRgeHh8eT hkFGx0EGx0YBBIZBBscEBseGh8bEQpeWRdnG2ReHxEKTVwXBxkeEQpMWhdpaG5NTUIRCkxGF2x raxEKQ1oXGx4cBBgaGQQbHhIEGxMRCkJeFxsRCkRYFx4SEQpCRRdreHBeQ0VTWR9cHREKQk4XZ GhHXRJLc0JLUkkRCkJMF29YXURMRBhZHRlfEQpCbBdsE3NyS34FQB1ceBEKQkAXYHNiGR1beRt aQFsRCnBnF2xkbh9/c1N4GHlrEQpwaBdmGWt9ZUlybU5BXBEKcGgXZUlDYkRaXm9NHlkRCnBoF 2BMT0ZYfn58S1pvEQpwaBdkEnJoH2FbRVxBHREKcGgXY0kFeF1zQx9sZEkRCnBsF21DWFxjcgU cAUxZEQpwQxdtHh1oEnNlHVAScBE=
X-CLX-Spam:
false
X-CLX-Score:
333
X-CLX-Shades:
None
X-Proofpoint-Virus-Version:
vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000 definitions=2015-07-10_03:2015-07-08,2015-07-10,1970-01-01 signatures=0
X-Proofpoint-Spam-Details:
rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1412110000 definitions=main-1507100045
X-Proofpoint-Virus-Version:
vendor=fsecure engine=2.50.10432:5.14.151,1.0.33,0.0.0000 definitions=2015-07-10_03:2015-07-08,2015-07-10,1970-01-01 signatures=0

Who is online

Users browsing this forum: No registered users and 1 guest