Scammers posing asGillian And Adrian Bayford

Scammer couple! Got 2 emails from them, very short ones though


Delivered-To:
Received: by 10.70.125.129 with SMTP id mq1csp197645pdb;
Tue, 4 Feb 2014 04:24:43 -0800 (PST)
X-Received: by 10.180.87.232 with SMTP id bb8mr12514287wib.48.1391516682551;
Tue, 04 Feb 2014 04:24:42 -0800 (PST)
Return-Path:
Received: from mail1.bemta14.messagelabs.com (mail1.bemta14.messagelabs.com. [193.109.254.106])
by mx.google.com with ESMTPS id e3si11765403wja.28.2014.02.04.04.24.41
for
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 04 Feb 2014 04:24:42 -0800 (PST)
Received-SPF: neutral (google.com: 193.109.254.106 is neither permitted nor denied by best guess record for domain of ) client-ip=193.109.254.106;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 193.109.254.106 is neither permitted nor denied by best guess record for domain of ) smtp.mail=
Return-Path:
Received: from [85.158.140.211:27365] by server-2.bemta-14.messagelabs.com id CF/B3-01236-20CD0F25; Tue, 04 Feb 2014 12:24:34 +0000
X-Env-Sender:
X-Msg-Ref: server-3.tower-194.messagelabs.com!1391516672!7956995!3
X-Originating-IP: [83.217.235.134]
X-StarScan-Received:
X-StarScan-Version: 6.9.16; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 23055 invoked from network); 4 Feb 2014 12:24:33 -0000
Received: from outlook.xe2hosting.net (HELO outlook.xe2hosting.net) (83.217.235.134)
by server-3.tower-194.messagelabs.com with AES128-SHA encrypted SMTP; 4 Feb 2014 12:24:33 -0000
Received: from JSAPC201001 (195.157.189.76) by outlook.xe2hosting.net
(83.217.235.211) with Microsoft SMTP Server id 8.3.342.0; Tue, 4 Feb 2014
12:24:11 +0000
From:
To:
Subject: FW: Donation
Date: Tue, 4 Feb 2014 12:21:12 +0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac7eD288lVRQ2vunTGahi1Ny31PtQRDlCUVA
Content-Language: en-gb



-----Original Message-----
From: Gillian And Adrian Bayford [mailto:[email protected]]
Sent: Sunday, November 10, 2013 10:15 AM
To: Recipients
Subject: Donation

I have been trying to reach you, My wife and i are donating 1,500,000Pounds
to Five people each, which you have been sellected, Send your
name,Country,Age,Occupation and Phone number for details. see our interview
http://www.bbc.co.uk/news/uk-england-19254228

2nd email from them. Hope I'm posting the headers ok?

Delivered-To:
Received: by 10.70.125.129 with SMTP id mq1csp197644pdb;
Tue, 4 Feb 2014 04:24:42 -0800 (PST)
X-Received: by 10.180.211.239 with SMTP id nf15mr4481367wic.9.1391516681857;
Tue, 04 Feb 2014 04:24:41 -0800 (PST)
Return-Path:
Received: from mail1.bemta14.messagelabs.com (mail1.bemta14.messagelabs.com. [193.109.254.120])
by mx.google.com with ESMTPS id z12si6059585wij.50.2014.02.04.04.24.41
for
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Tue, 04 Feb 2014 04:24:41 -0800 (PST)
Received-SPF: neutral (google.com: 193.109.254.120 is neither permitted nor denied by best guess record for domain of ) client-ip=193.109.254.120;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 193.109.254.120 is neither permitted nor denied by best guess record for domain of ) smtp.mail=
Return-Path:
Received: from [85.158.140.211:49534] by server-16.bemta-14.messagelabs.com id D0/B0-21945-70CD0F25; Tue, 04 Feb 2014 12:24:39 +0000
X-Env-Sender:
X-Msg-Ref: server-3.tower-194.messagelabs.com!1391516672!7956995!13
X-Originating-IP: [83.217.235.134]
X-StarScan-Received:
X-StarScan-Version: 6.9.16; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 23703 invoked from network); 4 Feb 2014 12:24:39 -0000
Received: from outlook.xe2hosting.net (HELO outlook.xe2hosting.net) (83.217.235.134)
by server-3.tower-194.messagelabs.com with AES128-SHA encrypted SMTP; 4 Feb 2014 12:24:39 -0000
Received: from JSAPC201001 (195.157.189.76) by outlook.xe2hosting.net
(83.217.235.211) with Microsoft SMTP Server id 8.3.342.0; Tue, 4 Feb 2014
12:24:26 +0000
From:
To:
Subject: FW: Hello
Date: Tue, 4 Feb 2014 12:21:27 +0000
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac7dR3hZPkkrjlVgTyihMayq24z5eBEXCIpg
Content-Language: en-gb



-----Original Message-----
From: Gillian and Adrian Bayford's [mailto:[email protected]]
Sent: Saturday, November 09, 2013 12:16 PM
To: Recipients
Subject: Hello

My wife and I is giving out a donation of 1.5 million pounds to five people,
send name, age, country and mobile number. see below Please read the article
- http://www.bbc.co.uk/news/uk-england-19254228

I think I'm doing something wrong, because I have forwarded the emails from my work email, where I receive them, so maybe its not working? My work account seems to have no view header option, so im having to forward to my gmail account

Here are the headers again, just found out how to do it:

Received: from mail6.bemta3.messagelabs.com (195.245.230.39) by
outlook.xe2hosting.net (83.217.235.211) with Microsoft SMTP Server (TLS) id
8.3.327.1; Sun, 10 Nov 2013 12:21:50 +0000
Received: from [85.158.137.3:16238] by server-5.bemta-3.messagelabs.com id
6A/B7-25946-E5A7F725; Sun, 10 Nov 2013 12:21:50 +0000
Received: (qmail 29029 invoked from network); 10 Nov 2013 12:21:50 -0000
Received: from vm-emlprdomg-07.its.yale.edu (HELO
vm-emlprdomg-07.its.yale.edu) (130.132.50.170) by
server-9.tower-38.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 10
Nov 2013 12:21:50 -0000
Received: from [41.151.135.66] (8ta-151-135-66.telkomadsl.co.za
[41.151.135.66]) (authenticated bits=0) by vm-emlprdomg-07.its.yale.edu
(8.14.5/8.14.5) with ESMTP id rAABI89Q003986 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 10 Nov 2013 07:16:34
-0500
From: Gillian And Adrian Bayford <[email protected]>
To: Recipients <[email protected]>
Date: Sun, 10 Nov 2013 10:14:48 +0000
Subject: Donation
Thread-Topic: Donation
Thread-Index: Ac7eD288lVRQ2vunTGahi1Ny31PtQQ==
Message-ID: <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Accept-Language: ja-JP, en-GB
Content-Language: ja-JP
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: XE2UK1CAS02.xe2hosting.net
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-starscan-version: 6.9.12; banners=-,-,-
x-msg-ref: server-9.tower-38.messagelabs.com!1384086109!2849815!1
x-originating-ip: [130.132.50.170]
x-spamreason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
VHJ1c3RlZCBJUDogMTMwLjEzMi41MC4xNzAgPT4gMTE5ODk=\n
x-env-sender: [email protected]
x-viruschecked: Checked
x-proofpoint-spam-details: rule=notspam policy=default score=59 spamscore=59
suspectscore=72 phishscore=0 adultscore=0 bulkscore=1 classifier=spam
adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000
definitions=main-1311100054
x-proofpoint-virus-version: vendor=fsecure
engine=2.50.10432:5.10.8794,1.0.431,0.0.0000
definitions=2013-11-10_01:2013-11-09,2013-11-10,1970-01-01 signatures=0
x-starscan-received:
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0


Received: from mail6.bemta3.messagelabs.com (195.245.230.39) by
outlook.xe2hosting.net (83.217.235.211) with Microsoft SMTP Server (TLS) id
8.3.327.1; Sat, 9 Nov 2013 12:30:26 +0000
Received: from [85.158.137.19:13631] by server-7.bemta-3.messagelabs.com id
02/55-13052-2EA2E725; Sat, 09 Nov 2013 12:30:26 +0000
Received: (qmail 24570 invoked from network); 9 Nov 2013 12:30:25 -0000
Received: from vm-emlprdomg-04.its.yale.edu (HELO
vm-emlprdomg-04.its.yale.edu) (130.132.50.162) by
server-9.tower-39.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 9
Nov 2013 12:30:25 -0000
Received: from [41.151.131.222] (8ta-151-131-222.telkomadsl.co.za
[41.151.131.222]) (authenticated bits=0) by vm-emlprdomg-04.its.yale.edu
(8.14.5/8.14.5) with ESMTP id rA9CFsU4027585 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 9 Nov 2013 07:17:14
-0500
From: Gillian and Adrian Bayford's <[email protected]>
To: Recipients <[email protected]>
Date: Sat, 9 Nov 2013 12:15:48 +0000
Subject: Hello
Thread-Topic: Hello
Thread-Index: Ac7dR3hZPkkrjlVgTyihMayq24z5eA==
Message-ID: <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Accept-Language: ja-JP, en-GB
Content-Language: ja-JP
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: XE2UK1CAS01.xe2hosting.net
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-starscan-version: 6.9.12; banners=-,-,-
x-msg-ref: server-9.tower-39.messagelabs.com!1384000224!13919272!1
x-originating-ip: [130.132.50.162]
x-spamreason: No, hits=0.0 required=7.0 tests=sa_preprocessor:
VHJ1c3RlZCBJUDogMTMwLjEzMi41MC4xNjIgPT4gMTI5Njk=\n
x-env-sender: [email protected]
x-viruschecked: Checked
x-proofpoint-spam-details: rule=notspam policy=default score=68 spamscore=68
suspectscore=72 phishscore=0 adultscore=0 bulkscore=1 classifier=spam
adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000
definitions=main-1311090056
x-proofpoint-virus-version: vendor=fsecure
engine=2.50.10432:5.10.8794,1.0.431,0.0.0000
definitions=2013-11-09_01:2013-11-09,2013-11-09,1970-01-01 signatures=0
x-proofpoint-spf-result: neutral
x-proofpoint-spf-record: v=spf1 ip4:130.132.50.0/24 ip4:130.132.232.0/24
include:_spf.google.com ?all
x-starscan-received:
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Thanks Alan Jones!

Just to clarify one point: Gillian and Adrian Bayford are a real couple who won a large Euromillions jackpot.
The scammers have stolen their names for use in their crimes.

The real Gillian And Adrian Bayford have nothing to do with this scam, and do not know the scammers.

Thanks, I thought that might be the case! Shall I change the title, to avoid any problems it might cause the real couple?

You can change it to "scammers posing as Gillian and Adrian Bayford" if you want to make it more clear.

You can change it to "scammers posing as Gillian and Adrian Bayford" if you want to make it more clear.

Thanks Dotti, changed it

Header Analysis Quick Report
Originating IP: 116.202.72.30
Originating ISP: Mts
City: Ghaziabad
Country of Origin: India
* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.220.70.5 with SMTP id b5csp357006vcj;
Thu, 6 Feb 2014 07:10:13 -0800 (PST)
X-Received: by 10.52.166.9 with SMTP id zc9mr5198428vdb.16.1391699413453;
Thu, 06 Feb 2014 07:10:13 -0800 (PST)
Return-Path: <[email protected]>
Received: from aliada.com.ec (mail.aliadaseg.com.ec. [200.105.251.238])
by mx.google.com with ESMTP id w5si300907vcn.101.2014.02.06.07.05.37
for <multiple recipients>;
Thu, 06 Feb 2014 07:10:13 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 200.105.251.238 as permitted sender) client-ip=200.105.251.238;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 200.105.251.238 as permitted sender) [email protected]
Received: from [116.202.72.30] ([116.202.72.30])
(authenticated bits=0)
by aliada.com.ec (8.14.4/8.14.4) with ESMTP id s16ASxpQ018034;
Thu, 6 Feb 2014 06:08:50 -0500
Message-Id: <[email protected]>
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Re Grant Donation!!!
To: Recipients <[email protected]>
From: "Adrian Gillian Bayford" <[email protected]>
Date: Thu, 06 Feb 2014 16:41:59 +0530
Reply-To: [email protected]
X-Antivirus: avast! (VPS 140205-1, 05-02-2014), Outbound message
X-Antivirus-Status: Clean
X-aliada.com.ec-MailScanner-Information: Please contact the ISP for more information
X-aliada.com.ec-MailScanner-ID: s16ASxpQ018034
X-aliada.com.ec-MailScanner: Found to be clean
X-aliada.com.ec-MailScanner-SpamScore: sss
X-aliada.com.ec-MailScanner-From: [email protected]
X-Spam-Status: No

My wife and I won the Euro Millions Lottery & will be donating 1.5 Million Pounds to you in our ongoing lucky draws donations. Please get back to us with your Name, Age, Tel, Country and i will send you more details how your funds will be sent to you.

Please read the article - http://www.bbc.co.uk/news/uk-england-19254228



Adrian & Gillian Bayford.

--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
For all your IT requirements visit: http://www.transtec.co.uk