WARNING: These are scams. They are Emails sent to a honeytrap address only ever used for this purpose. Do not reply to these people, they will try to con you into paying out money in return for nothing.

CAVEAT: Please note that some of these Emails may be impersonating a genuine company or person. We wish to make it clear that any such name mentioned within these Emails has no connection to the scam. For the sake of searching, we leave these messages untouched, but we will respond to any concerns left in our comments.

From: "GORD CH"<[email protected]>
Reply: <[email protected]>
Date: Tue, 21 Nov 2017 10:44:24 +0900
Subject: INFO!


I have important transaction for you as next of kin to claim US$8.37m email me at [email protected] so I can send you more details

Technical Analysis


This one suddenly flagged itself up as “interesting” as a result of a couple of comments being made, more on that later.

The Email itself is pretty basic text only, not pretending to look like anything official.  It lacks details of why this person is contacting you but I am not here to evaluate the scammers Emailing abilities. 

The contact address  [email protected] can be found elsewhere on line, such as Anti-Fraud International where this chap, Gordon Chang, seems to have a page all to himself, albeit with a variety of Email addresses. There is a match with ours at the bottom of the page, an Email dating back to June 2017.

The Email we received was from [email protected] and appears to have genuinely been sent via their mail servers. This would indicate that this is a hacked account being using by the spammers. Note that they have added a “reply-to” address. This is the address used when the receiver clicks “reply” and it is not immediately obvious that they are replying to a Yahoo address.

The Spammer left us a few clues to his identity.  They generated the Email from their local PC. They used Outlook Express 6, indicating that they are still on Windows XP, possibly Windows Me, 2000 or even 98!   

The IP address indicates a Japan origin. Although they could have been using a VPN, the time zone of the Email backs up the Japanese origin.

Then we had a couple of comments. They used two different Email addresses, one was a Yahoo, the other was Bank of China, probably to make it appear that they were comments from two independent people. They sent both comments from the same IP, which happened to be a US based address. I suspect this would be a VPN as USA would be have been during the early hours of the morning when the comments were posted.

Click here for the baiting