Thursday, September 25, 2008

Senegal Scam?? No more Nigerian scam

Gmail
Received this interesting Phishing email in my Gmail mailbox. I have seen many Spam/Scam mails, but find this "Pen Pal" email very interesting.
For many, it may looks like a perfectly normal mail. But if you look carefully, you will see that the mail is send "from" the address d24alle@katamail.com but the "reply-to" address is goodnessjohn@yahoo.com. The "To" address also looks suspicious with the address goodnessyyy@yahoo.com instead of your email address.

Mail Header
The above was an extract of the email header. You will see that the mail was sent from Katamail.com. It successfully pass the SPF and Anti Spam check on the google mail server. The sender actual source IP was found inside the mail header (196.207.194.10), likely to be added by Katamail. I have check on the IP and it is belonging to "SOCIETE NATIONALES DES TELECOMMUNICATIONS" (should be "National Telecom of Senegal". See picture below).

From the look of it, it is likely to be a Scam mail that would lure guys who is looking for a date to send money, either by using emotion or some "too good to be true" business plan.

African NIC recordsSo next time you received any email from a unfamilar sender, be extra careful. Make sure you check the email header ("From", "Reply-to" and "To" field). Many times when the email is too good to be true, it is a SCAM.

Glossary:
Phishing emails - Emails that disguised as a trustworthy sender and trying to steal sensitive information or money from the recipients.

SPF - Sender Policy Framework (SPF), an anti spam initiatives, that allow mail server to identify emails that are authorized to use the domain name in the "Return-path" address ("From" field in mail header)

Anti Spam check - There were many types of Anti Spam techniques. Those commonly used were by Key-words, heurestic filtering with score, Real-time blocklist on IP, Domain and URL. Reputation scoring was also widely used these days where each domain or IP were given a score to see how "trustworthy"were those emails coming from it.

2 comments:

Anonymous said...

how do you get the mail header from free email like hotmail or gmail?

w01f said...

For gmail, use "Show original" at the Drop-dwon arrow beside the "Reply" button.
You will see the whole email in text format with all the headers.