Brendinghat

Scam Emails and a bit of baiting

GORD CH INFO

Published / by Spud Gun / 3 Comments on GORD CH INFO

WARNING: These are scams. They are Emails sent to a honeytrap address only ever used for this purpose. Do not reply to these people, they will try to con you into paying out money in return for nothing.


From: "GORD CH"<info@ziroda.hu>
Reply: <changgordon61@yahoo.com.hk>
Date: Tue, 21 Nov 2017 10:44:24 +0900
Subject: INFO!

I have important transaction for you as next of kin to claim US$8.37m email me at changgordon61@yahoo.com.hk so I can send you more details

Technical Analysis


This one suddenly flagged itself up as “interesting” as a result of a couple of comments being made, more on that later.

The Email itself is pretty basic text only, not pretending to look like anything official.  It lacks details of why this person is contacting you but I am not here to evaluate the scammers Emailing abilities. 

The contact address  changgordon61@yahoo.com.hk can be found elsewhere on line, such as Anti-Fraud International where this chap, Gordon Chang, seems to have a page all to himself, albeit with a variety of Email addresses. There is a match with ours at the bottom of the page, an Email dating back to June 2017.

The Email we received was from info@ziroda.hu and appears to have genuinely been sent via their mail servers. This would indicate that this is a hacked account being using by the spammers. Note that they have added a “reply-to” address. This is the address used when the receiver clicks “reply” and it is not immediately obvious that they are replying to a Yahoo address.

The Spammer left us a few clues to his identity.  They generated the Email from their local PC. They used Outlook Express 6, indicating that they are still on Windows XP, possibly Windows Me, 2000 or even 98!   

The IP address indicates a Japan origin. Although they could have been using a VPN, the time zone of the Email backs up the Japanese origin.

Then we had a couple of comments. They used two different Email addresses, one was a Yahoo, the other was Bank of China, probably to make it appear that they were comments from two independent people. They sent both comments from the same IP, which happened to be a US based address. I suspect this would be a VPN as USA would be have been during the early hours of the morning when the comments were posted.


3 Comments

  1. IT IS NOT A SCAM.

    HOW MUCH DID HE TAKE FROM YOU? STOP DESTROYING THE IMAGE OF PEOPLE. I WORK IN CHINA AND WE SEE FLIGHT OF MONEY. YOU COULD TAKE A CHANCE.

    DON’T BE A DISTRACTION TO THOSE WHO WANT TO TAKE A CHANCE.

  2. never you might just be lucky to bump into such deal. Do you really know the source of wealth of the so called mighty and powerful? It started with stroke of luck like this.

    NEVER SAY IT IS A SCAM TILL YOU TRY IT OUT. Do not destroy people’s luck

Leave a Reply

Your email address will not be published. Required fields are marked *