Rental Scam from Scotland

Nigerian scams, chain letters, pyramid schemes and anything not auction related.
Post Reply
bloman
Members
Posts: 2
Joined: Wed Mar 15, 2006 8:29 pm
Location: Manawatu

Rental Scam from Scotland

Post by bloman » Wed Jun 08, 2011 10:51 pm

My wife and I rent rooms on the NZ studentrent website, we got the message below from someone saying they are from Scotland

I am 100% certain it is a rental scam, they keep asking for our bank details and want to rent without asking any questions about the location etc.

Notice the bad english, I did some googling of the way he/she words the initial message and it shows up in the US as well.

Date: Tue, 7 Jun 2011 02:25:32 +1200
From: pee.little1122@gmail.com
To: emailremoved@hotmail.com
Subject: Studentrent Enquiry - SomeplaceinNZ, 4 bedrooms, $115pw

SomeplaceinNZ, 4 bedrooms, $115pw

From : pee.little1122@gmail.com

Message :
Hi,
I am Peter LittleJohn from Scotland,i will like to secure room for my
son and daughter coming to New Zealand on post graduate program,and i will
like you to reconfirm the weekly rent and bond payment for me again if
any bond apply,which i will like to make a deposit before they leave
Scotland for accommodation assurance purpose,

Thanks,
Peter.
Phone Number:+447031952172

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Rental Scam from Scotland

Post by Foggyone » Wed Jun 08, 2011 11:28 pm

Hi Bloman

A couple of points that occur from the email.

1. Gmail does not include the senders IP address, making it impossible for you to ascertain the whereabouts of the sender.
2. The +4470 phone number is a forwarding service. This means that the call could go anywhere without your knowledge as to the ultimate destination. The +4470 service is loved by scammers. A google search on this phone number is very revealing.

The usual course of scams of this nature is a payment is made in excess of that required. The victim would be requested to send on the overpayment (there are a legion of excuses used as to why too much was sent). The victim is typically asked to use Western Union. It's only later that the funds are found to be illusory. Either they are non existent, or from a stolen source in which case the victim has to repay the lost amount.

The scammers may also be trying to target your bank account. In this case the approach could be part of a spear phishing exercise. Make sure you do not open any email attachments from this source. If it's a spear phish you can expect they will want to get nasties onto your computer.

If you want to find out the senders IP address try my trick. email back and tell the sender your ISP is in conflict with Google, and you will be unable to access emails via gmail. Ask them to use another service.

Scammers use a range of email providers, and this has worked well for me in the past. If you can get an email with this ruse and are unsure of how to get the Ip address just ask. Almost certainly will lead to Nigeria.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
dobby
Members
Posts: 3336
Joined: Wed Apr 05, 2006 7:48 am
First Name: Dobby
Location: Wellington

Re: Rental Scam from Scotland

Post by dobby » Wed Jun 15, 2011 5:33 am

Foggyone wrote: 1. Gmail does not include the senders IP address, making it impossible for you to ascertain the whereabouts of the sender.
Say what? You can pull headers off Gmail. Am I missing something?
Idealism increases in direct proportion to your distance from the problem.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Rental Scam from Scotland

Post by Foggyone » Wed Jun 15, 2011 7:54 am

Yes, you are. Gmail has headers, but do not include the senders IP address as do other systems.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Wed Jun 15, 2011 9:44 pm

With Gmail you have to click the "Show details" box at the top of each email, then
"Show original" in the drop down box on the RHS. Why Google strips originating IPs
is beyond me.

User avatar
dobby
Members
Posts: 3336
Joined: Wed Apr 05, 2006 7:48 am
First Name: Dobby
Location: Wellington

Re: Rental Scam from Scotland

Post by dobby » Thu Jun 16, 2011 10:18 am

From a selection of today's spam ...
Delivered-To: <my emaiil - removed>
Received: by 10.220.187.198 with SMTP id cx6cs184353vcb;
Wed, 15 Jun 2011 01:36:19 -0700 (PDT)
Received: by 10.236.66.17 with SMTP id g17mr393111yhd.106.1308126978550;
Wed, 15 Jun 2011 01:36:18 -0700 (PDT)
Return-Path: <taramedium@conceptsinfatuation.com>
Received: from conceptsinfatuation.com (ww-ptr-228.conceptsinfatuation.com [198.252.45.242])
by mx.google.com with ESMTP id g63si1039496yhn.67.2011.06.15.01.36.17;
Wed, 15 Jun 2011 01:36:18 -0700 (PDT)
Received-SPF: pass (google.com: domain of taramedium@conceptsinfatuation.com designates 198.252.45.242 as permitted sender) client-ip=198.252.45.242;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of taramedium@conceptsinfatuation.com designates 198.252.45.242 as permitted sender) smtp.mail=taramedium@conceptsinfatuation.com; dkim=pass header.i=taramedium@conceptsinfatuation.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=main; d=conceptsinfatuation.com;
h=Date:Message-Id:From:To:Subject:MIME-VERSION:Content-Type; i=taramedium@conceptsinfatuation.com;
bh=5H/+vRFZdIcQntk2vykwxFXEWAg=;
b=HAVZRk9VGNRC4vvCHQCcS1XIPSg+VGDIQ0JqhnXe7PY5DnSi8VGcehTBLcjFu5YmZ3g/vBsJdzHi
SlOf2skgm5KJ4EMZhy0drGL2ZjInDe+NPbMbLD9Jpth9o+7x5oT1QKu4dk6S7LNMxB6wxHGFEOIL
5dcpHFmaU3LVj4/2Byo=
Received: by conceptsinfatuation.com id hv1ng40ikec8 for <my emaiil - removed>; Wed, 15 Jun 2011 08:36:14 +0000 (envelope-from <taramedium@conceptsinfatuation.com>)
Date: 15 Jun 2011 08:36:14 GMT
Message-Id: <13092718A8A.FD0k9547@conceptsinfatuation.com>
From: Tara Medium<taramedium@conceptsinfatuation.com>
To: <my emaiil - removed>
Subject: Tara will answer your questions
MIME-VERSION: 1.0
Content-Type: text/html; charset="ISO-8859-1"
So is the orange IP address not the originating??
Idealism increases in direct proportion to your distance from the problem.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Rental Scam from Scotland

Post by Foggyone » Thu Jun 16, 2011 7:18 pm

Dobby

This is a non standard header that I suspect has been thoroughly forged. Almost all elements in a header are forge able.
Everything below this line is, I believe, forged to obscure the senders IP
Received: from conceptsinfatuation.com (ww-ptr-228.conceptsinfatuation.com [198.252.45.242])
by mx.google.com with ESMTP id g63si1039496yhn.67.2011.06.15.01.36.17;
Wed, 15 Jun 2011 01:36:18 -0700 (PDT)
This email has NOT been sent via gmail. The IP address is correct for the domain conceptsinfatuation.com. Emails into gmail will display the IP address, but emails sent from gmail do not.

This discusses email headers and forging.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
dobby
Members
Posts: 3336
Joined: Wed Apr 05, 2006 7:48 am
First Name: Dobby
Location: Wellington

Re: Rental Scam from Scotland

Post by dobby » Fri Jun 17, 2011 4:02 am

Now I understand - thanks Foggy.

And apologies to bloman for highjacking your thread. My bad. :oops:
Idealism increases in direct proportion to your distance from the problem.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests