| Visit Our Catalog at SteelGuitarShopper.com |

Post new topic Important Security Message
Reply to topic
Author Topic:  Important Security Message
b0b


From:
Cloverdale, CA, USA
Post  Posted 5 Nov 2004 4:42 pm    
Reply with quote

My friend Bobby D. Hunter has been handling security issues for the Forum. Here is an important announcement from him regarding the Nigerian Scam threat, and what you can do to help defeat these crooks:


Fellow Forumites on the SGF:

As many of you are now aware, our seller's forums have been invaded by offshore scam artists, who are attempting to defraud us with forged certified checks or money orders. Anybody who has replied to one of their poorly worded and horribly misspelled letters has been told that the person wants to pay an amount far in excess of your selling price, and have you refund the balance, via Western Union. This is a 419 scam, used mostly by Nigerians. 419 is the Nigerian Penal Code that deals with advanced fee and other financial fraud. 99.999% of your scams are coming directly from Nigeria, according to my research.

It is my job to track the sources and take measures to block them from further access to any of our forums. To do this I would like to enlist your help. While I have succeeded in tracking and blocking most of the offenders, some are still sneaking through by using ISPs I haven't discovered yet. With your input I can block them all, or come awful close. If you want to help, don't be a girly-man, just read on...

You can help put a stop to the scammers on the SGF by sending me the HEADERS from the emails that they send to you. The HEADERS contain the routing information that tracks the email from it's point of origin until it is delivered to it's recipient. The Headers are not usually visible when you read an email, but they can be viewed by viewing the Properties, or Source of the message.

If you use browser-based email, like Yahoo! or Hotmail, there will be a place where you can change your email settings or Preferences to display the Full Headers. The instructions for Yahoo! and Hotmail follow.

If you use Yahoo! email, login and click on "Mail Options." When the options page loads locate the section labeled Personalization and click on the link labeled "General Preferences." On the General Preferences" page scroll to "Messages" and put the dot in the radio choice labeled "Show ALL Headers." Scroll down farther to "Message Actions" and find "Forwarding Messages." Select the radio choice to "Forward as Inline Text." Click the "Save" button at the bottom. After this all you have to do is Forward any scam emails to me and the full headers will be at the top.

If you are using browser-based Hotmail, login and go to "Options." At the Options page click the link labeled "Mail Display Settings" and find the section "Message Headers." Put the dot in the option "Full." Click on "OK" at the bottom to save your changes. Now, when you get a scam email and Forward it to me, at wizardodelasteel@hotmail.com , I will see the full headers and may be able to trace the message.

If you use Outlook Express, Mozilla , Eudora, Incredimail, or some other desktop email program (Email Client) you may have to extract the headers, by opening the Properties box, then copy them and paste them into a new email, and send it to me. Most of the commonly used programs can display the headers, in a separate window, by highlighting the message and right-clicking on it, then selecting "Properties." Alternately, you might be able to highlight it, or open it, then press the ALT and ENTER keys together, to open it's source Properties. Once in Properties look for a tab or button labeled Details, or Source, etc. Clicking that tab or button should open a window that contains the raw headers. Use CTRL and A to select all of the text, then CTRL and C to copy it. Then, open a new email and Paste the headers into the message body, add a descriptive subject and address it to me, to wizardodelasteel@hotmail.com

I would like to encourage those of you who have had enough of scammers and spammers to join SpamCop as a Reporting Member. Their URL is www.spamcop.net . You can make a big difference by making life unprofitable for spammers and scammers alike.

Thanks in advance for your assistance and input.
Bobby D. Hunter
Hunting Slimeball Game
Member of SpamCop
(Warning to spammers: if you send spam to this email address you will most certainly regret it.)

[This message was edited by b0b on 05 November 2004 at 04:44 PM.]

View user's profile Send private message Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 9 Nov 2004 9:05 am    
Reply with quote

Here are some links to online articles explaining about these latest Nigerian scams, and what befell one person who was convicted of committing them.

From: http://www.wired.com/news/business/0,1367,65631,00.html
quote:

09:50 AM Nov. 08, 2004 PT

A Sydney man was imprisoned for more than five years for duping people into sending him millions of dollars in a global internet ruse known as the Nigerian scam.

Nick Marinellis pleaded guilty in the New South Wales District Court to 10 counts of fraud for taking part in the scam promising people millions from Nigerian bank accounts in return for an "administration fee."

Culprits in the Nigerian scam typically present themselves as people who need access to a Western bank account in order to transfer a large sum of money out of a politically troubled country. They promise a cut of the money but ask for a smaller upfront cost before the larger sum can be transferred. Prosecutors said Marinellis fleeced his victims of AU$5 million ($3.8 million).



Read this article, and this one, to learn the basics of the current Nigerian counterfit check scams. The stand taken by most US banks, concerning counterfit Certified Checks, Cashier's Checks and Money Orders should be an eye-opener.

These people have created a website dedicated to exposing the email addresses used by Nigerian 419 scammers. The list is in a form suitable for use in email filters, to screen out these email messages from your inbox.

You can also Google for keywords such as: 419 scams, 419 scammers, overpayment counterfit checks, auction payment fraud, advanced fee fraud. You might find some comic relief from any frustration caused by these scammers by visiting 419eater.com, where potential victims reverse the scams against the scammers! These people are known in the anti-419 movement as 419 Baiters. (Proceed at your own risk)

I still urge you all to think about joining SpamCop as Reporting Members, where you can paste the source code (must include Headers and message body) of any spam or scam emails into a text input field, then have SpamCop process it and report the offenders to their ISPs and web hosts. SpamCop supplies a blocklist of reported spammers to many Internet Service Providers, and also makes it freely available for personal use as a Blacklist Check for programs like Mailwasher Pro, which I use to screen all incoming email. Ask me for details if you are interested.

Bobby D. Hunter
Hunting Slimeball Game

[This message was edited by Bobby D. Hunter on 09 November 2004 at 09:23 AM.]

View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 9 Nov 2004 9:40 am    
Reply with quote

Here is another keyboard shortcut that can be used to display the headers and html source code of an email that is opened in Outlook Express: CTRL + F3.

After the source window opens you can use CTRL + A to Select All, then CTRL + C to Copy the selected text, and finally, you can paste it into either a new email to me, or paste it into the SpamCop Reporting textarea, by clicking in the body or textarea and pressing CTRL + V.

Outlook Express also has the means of forwarding an email as an attachment, which is the preferred method of insuring that the headers are delivered along with the message body. Plain Forwarding (using the "Forward" button) will strip the headers from the original message, making it useless for tracking purposes. By Forwarding as an attachment you save yourself the work of extracting the headers and pasting them into a new message.

To do this, simply right-click on the (un-opened) email in your inbox or other folder, and select Forward As Attachment. If your message is already open, click on the menu-bar item Message, then select Forward As Attachment.

Thanks again to all of the Forumites who are helping in the quest.

Bobby D. Hunter

[This message was edited by Bobby D. Hunter on 09 November 2004 at 10:45 AM.]

View user's profile Send private message Send e-mail Visit poster's website
J Hill

 

From:
Colorado, USA
Post  Posted 3 Dec 2004 6:59 pm    
Reply with quote

Bobby,

I use Mailwasher too and its great. Now, when I get a scam-email pretending to be Ebay wanting my personal information I just do a "Forward" to spoof@ebay.com

Could we do the same thing and just forward all this Nigerian stuff to you...or bOb (is that you? I usually delete those but would be glad to take them and send them to you if that's not risky. Thanks.

Leila
View user's profile Send private message Send e-mail
b0b


From:
Cloverdale, CA, USA
Post  Posted 4 Dec 2004 9:17 am    
Reply with quote

Yes, that's the idea, Leila. Please forward any suspicious Forum scam emails to Bobby D. Hunter aka "Wiz" at wizardodelasteel@hotmail.com .

And no, I'm not him, but he and I work together to block access by scammers, for your protection.

------------------
               Bobby Lee
-b0b-   quasar@b0b.com
 System Administrator
View user's profile Send private message Visit poster's website
J Hill

 

From:
Colorado, USA
Post  Posted 10 Dec 2004 7:31 pm    
Reply with quote

bOb,

Okay, I've forwarded two of them, with many more to follow I'm sure. Now do I get compensated for missing out on all those millions in Nigeria?

Leila
View user's profile Send private message Send e-mail
J Hill

 

From:
Colorado, USA
Post  Posted 13 Dec 2004 1:32 pm    
Reply with quote

Here is one I received today...different from the others I've gotten. I forwarded it on to "Wiz". I hope the format looks normal after I push Submit.

Greetings and Compliments.

I strongly regret any inconvenience the receipt of this letter may cause you, bearing in mind the nature of its content coming from a person without any referral, but please read and assimilate its content and objectively consider if we can work together.

I am the head of the account department of a Private Bank in Netherlands and I would like to intimate you with certain facts that I believe would be of interest to you.

This involves a client who shared the same last name with you and had an investment placed under our bank\'s management years ago, the circumstances surrounding the investment made by this client who died interstate, with no known nominated successor in title over this investment made with the Private Banking Branch of my bank has made it very difficult to locate anyone who is directly related to the deceased.

With the very strong feeling that no one will ever come forward to claim the funds and the investigation coming to a close after several months, the need for an assistance becomes crucial, as a next of kin to the depositor is earnestly being searched for, I have already developed a foolproof, legal and totally risk free means through which the fund can be released to your
nominated bank account within a very short time after due documentation and authentication process.

The strategy is to use my position and influence as the Head of the branch and Personal Account office of the deceased to present you as a next of Kin and beneficiary of the deposit. I want to assure you that I have concluded all local modalities for the successful completion of this within 10
banking days of your agreement to proceed with me as the required assistance is perfected to be 100% risk free.

I expect your urgent response and if in the affirmative, I shall advice you on what we need to do.

Best regards,
Barry Douglas.

Leila
View user's profile Send private message Send e-mail
Jon Light


From:
Saugerties, NY
Post  Posted 13 Dec 2004 1:58 pm    
Reply with quote

Well, that's certainly a new angle. Instead of appealing to your decency to help someone in a bind get access to money legitimately his (the typical Nigerian scam), this one is appealing to your greed to help defraud a bank out of money that is neither yours nor his. I say give him all of your money, your bank account number, your credit card number, and your first, second and third born. You can't lose!
View user's profile Send private message Send e-mail Visit poster's website
CrowBear Schmitt


From:
Ariege, - PairO'knees, - France
Post  Posted 13 Dec 2004 3:06 pm    
Reply with quote

i got one from a scammer who says he's got access to dormant or sleeping accounts in Switzerland from Holocaust victims
thanx to wizardo's tips i traced this schmuck to Nigeria....as usual
View user's profile Send private message Send e-mail Visit poster's website
b0b


From:
Cloverdale, CA, USA
Post  Posted 13 Dec 2004 5:03 pm    
Reply with quote

Just to be clear, what we're trying to prevent is scammers pretending to buy things from the Forum Classifed Ads. We do this by blocking their addresses on the Forum server, so that they can't see the ads to begin with.

This will have no effect on other kinds of scams, where they got your email address from somewhere else.

------------------
               Bobby Lee
-b0b-   quasar@b0b.com
 System Administrator
View user's profile Send private message Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 18 Dec 2004 6:40 am    
Reply with quote

I'd like to reiterate what b0b said, that we are looking for Nigerian scammers that can be tracked to ads on the SGF. These are my primary target.

However, after receiving some outside 419 and ebay scammers' messages I was able to trace some of them to previously unknown satellite services who resell IPs to Nigeria.

Many more of these scam emails originate, or appear to originate in the Netherlands and Denmark, which is a bit of a problem since we have members in those countries.

I would really like to find out if any of our European members are using any of these ISPs:

  • Tiscali BV (www.tiscali.nl),
  • Easyway BV (www.easyw.nl),
  • IMAGEDK (Tiscali Denmaerk A/S) (dk.tiscali.com),
  • World Online Denmark A/S, in Frederiksberg Denmark,
  • Concepts ICT BV (CONCEPTS-CUST-ADSL-DHCP) (concepts.nl), located at St. Ignatiusstraat 265, 4817 KK Breda, The Netherlands


If anybody knows of any SGF members using any of these services, please email me about it.

------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game

[This message was edited by Bobby D. Hunter on 18 December 2004 at 06:41 AM.]

View user's profile Send private message Send e-mail Visit poster's website
David L. Donald


From:
Koh Samui Island, Thailand
Post  Posted 18 Dec 2004 2:48 pm    
Reply with quote

I get these files sent that are clearly windows aimed viruses carriers,
but I don't know the file type.

.pif ??

.EXE I understand, but .pif... unknown to me.
View user's profile Send private message Send e-mail Visit poster's website
Jack Stoner


From:
Kansas City, MO
Post  Posted 19 Dec 2004 3:18 am    
Reply with quote

Here is one I got yesterday, supposedly an inquiry about The Florida Steel Guitar Club. He wants to transfer his "Yearly Payment", etc. The grammer is very poor, my name is mis-spelled and he has the club's e-mail address and if he got that and the club info from our web site then he would have known we do not have any dues.

Obviously I am not going to answer it.

I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.

Them Message was from "Mike Forst Talent Agency [mft1@msn.com]"

The Subject Line is "Thinking about A PEDAL STEEL GUITAR the ASSOCIATION"

Mr. Stone
First of all I like to wish you and your family happy holidays .
The reasons I am writing you . I a member of North Nashville Pedal Steel now
what I would like to do. because my yearly payment is due. But I never get to
Nashville. In the winter we go for the monthly January. We have a place in
New Port Richey . I do not know how far that is from you? So I am thinking
about . joining you all. But do I need anything from Nashville so it would be in good standards. With them or not? How much yearly membership ?


Thank you
Mike Forst
12/18/04for
View user's profile Send private message Send e-mail
Jim Smith


From:
Midlothian, TX, USA
Post  Posted 19 Dec 2004 10:14 am    
Reply with quote

Quote:
I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.
Double click the message to open it in its own window. Then click View-Options and you can view the data in the "Internet headers" pane. You can copy that data and paste it into another email.
View user's profile Send private message Send e-mail
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 19 Dec 2004 1:13 pm    
Reply with quote

Jim Smith wrote
quote:

quote:I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.

Double click the message to open it in its own window. Then click View-Options and you can view the data in the "Internet headers" pane. You can copy that data and paste it into another email.



Thanks for that info Jim! I didn't know that.


David;
An attached file with a .pif extesion is a link to an executable on the sender's Domain, or to a file he is hosting on his own machine, with an ftp server to send it to you if you are foolish enuf to double click it.

Here are some of the hostile file extensions that I currently block from incoming email (there are others also):

  • exe
  • scr
  • vbs
  • com
  • pif
  • cmd
  • cpl
  • bat
  • zip (I virus check these in case they are legitimate attachments I need)
  • rar (I virus check these in case they are legitimate attachments I need)


You also need to look carefully for double extensions, with long spaces before the last one, used to try to fool people into thinking they are opening an image, when it is really an executable. Sometimes your default folder-file settings will hide extensions of known file types. This is a dangerous setting, because you may not see a .exe, or .scp extension that can cause you to be fooled into thinking the file is a harmless image or text file. I advise everybody to change that so all extensions are displayed, for all file types.

I hope this helps

------------------
Bob "Wiz" Feinberg
1983 Rosewood Emmons D10 Push-Pull, with 8 pedals and 9 knee levers, Wallace TrueTone E9 and Lawrence L-910 C6 pickups and aluminum necks. Nashville 400 amp with Peavey Mod. Emmons pedalbar mounted, and Goodrich LDR floor volume pedals.
I use and endorse Jagwire Strings and accessories.

Keep Steelin' but don't get caught!

[This message was edited by Wiz Feinberg on 19 December 2004 at 01:57 PM.]

View user's profile Send private message Send e-mail Visit poster's website
Andy Volk


From:
Boston, MA
Post  Posted 7 Jan 2005 11:40 am    
Reply with quote

also beware of so called "spoof" emails purporting to be from legitiamte businesses. I got one yesterday - a fake eBay email telling me another user had hijacked my ID and I must verify my identity by supplying credit card numbers and passwords. Yeah, right. No business will ask for sensitive info via email. Make sure to double check before you respond!
View user's profile Send private message Send e-mail Visit poster's website
Jason Odd


From:
Stawell, Victoria, Australia
Post  Posted 14 Feb 2005 7:09 am    
Reply with quote

We've had similar bank ones, it looks official, but they ask to verify details in email in a way similar to what Any described.

It took my bank a couple of weeks to figure it out and get some news coverage to warn people.
I've also had plenty of similar emails since, usually from banks and institutions I don't deal with, some I've never heard of.
Lottery winnings to be claimed, that's another one.

View user's profile Send private message Send e-mail
Bobby D. Hunter

 

From:
USA
Post  Posted 15 Feb 2005 8:06 am    
Reply with quote

I would like to thank everybody on the seller's forums who have forwarded scam messages to me thusfar. With your input we have been able to block access to tens of thousands of IP addresses used by African and South African based scam artists.

However, the banning work is not finished. We have not discovered all of the IPs (Internet Protocol addresses) assigned to and being used in these countries and still need to be made aware when a scammer makes it through our defenses. New Skies worldwide Satellite Services, and certain Israeli, Norwegian and Danish Internet Services resellers are making even more IP blocks available to these Slimeball Vermine who sit in Internet Cafes and calmly scan the internet for forums and auction sites where people are hoping to sell their goods quickly.

As of February 14, 2005, I have still been receiving odd reports of Nigerian, and other African scammers attempting to rip-off members of the SGF who have posted items for sale on our forums. It is important that any member who receives what they believe may be a fraudulant offer to purchase their goods, should immediately forward that email to me, with the full incoming headers intact. Forward Inline with full headers displayed, or as an attachment with full headers.

Quote:
See my posts above for details about displaying the headers and properly forwarding them to me.


By doing this you will help me to protect the steel guitar community (on the SGF) from being preyed upon by these vermine.

At this time I prefer to only receive forwarded messages sent to SGF members regarding items posted for sale on the SGF, not on eBay, or some other trader's forum.

If you are unsure of what constitutes an attempted scam offer to purchase, here are some clues (your milage may vary):

  • Poor grammer and punctuation
  • Abbreviated words, like "u" instead of "you," and "pls" instead of "please."
  • Requests for "pix" or "pics."
  • Odd usage of the name of the item you are selling, in the subject and message body.
  • The persons claims to be in Great Britian, or is "out of the Country" on business, and will take care of shipping themselves (they have their own "shipper")
  • They want to pay by certified check or money order, in an amount way in excess of what you are asking, and have you refund the balance via Western Union, or some other wire service.
  • A friend, or customer owes them money, and he will pay you by certified check or money order (excess amount with refund expected), and pickup the item at your location.
  • They claim that they have been looking for this item for months and want to buy it for their Son or Daughter, but are out of the Country temporarily.
  • They ask if you ship to Nigeria, Sierra Leone, Ivory Coast, or some place in Africa, or South Africa, where your common sense tells you that there are no Steel Players or Country music.
  • They want to know your "final price" and "its condition" along with a request for "pics."
  • They have a strange name and sign the message, "Regards"


These are just guidelines. The actual words and phrases will vary, as will the ISPs through which they relay their scams. Outblaze and yahoo (us and uk) are commonly used, as are ISPs in Norway and Germany (where we do have members). Your job is to be suspicious and on the lookout, and report these activities to me. My job is determining if the message is a scam, then tracking down the perps and rendering them incapable of having further access to the SGF.

Please be aware that once they have obtained your email address they will still be able to contact you, to try to scam you again. They won't know about any new items you post for sale though. If your email address has been scraped by these Slimeballs they may try to sell it to other scammers, in which case you will get all manner of financial (419) scams and lottery spams. If you are being deluged with this kind of spam/scam email you should consider joining Spamcop, as a reporting member.

Keep Steelin' but don't get caught!


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 15 February 2005 at 02:24 PM.]

View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 18 Feb 2005 3:53 pm    
Reply with quote

This is the most current pitch, from a scammer in Kenya:

---------------------------------------------

I am Trisha Emde from Belgium, I am interested in the
above subject item and will like to purchase it, if available for pick up.

Therefore, kindly supply the following informtion
for its purpose.

1. Brief Discription of its present condition with
picture(s) if available.

2. Bottom Line Cost of it without shipping cost.

Thanks for your co-operation, while awaiting for
your quick response.

Thanks,

Trisha

---------------------------------------------

As usual, if you receive such an email, forward it to me as an attachment, so I can track it using the headers info.

Thanks again, BDH


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 18 February 2005 at 03:54 PM.]

View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 22 Apr 2005 9:57 pm    
Reply with quote

Here is the latest Nigerian scammer's Headers, as of April 22, 2005:

Return-Path:
Received: from [216.49.224.7] (HELO neo.ckt.net)
by ckt.net (CommuniGate Pro SMTP 3.5.9)
with ESMTP-TLS id 205615785 for xxxxxx@ckt.net; Fri, 22 Apr 2005 10:23:32 -0500
Received: from web41109.mail.yahoo.com (web41109.mail.yahoo.com [66.218.93.25])
by neo.ckt.net (8.13.1/8.13.1) with SMTP id j3MEM8Wj011192
for ; Fri, 22 Apr 2005 09:22:08 -0500
Received: (qmail 36672 invoked by uid 60001); 22 Apr 2005 15:23:31 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
b=21iAugMEqWxYK0+4xjJGOFHZX8TVZvVoQzAr7wt
Q6U7zmk5YGCk8Ye3osZ26cl3HQzM+5V5orWexjzt3lf
Io5LM4ojodJ2g/26JIGS8LV5i9YFX6RXstuuJgepakS
g7pkrAwBxoYohFfgg5NIuFVsuqbKv9LSjTQuJonda7S
FDU= ;
Message-ID: <20050422152331.36670.qmail@web41109.mail.yahoo.com>
Received: from [81.199.85.91] by web41109.mail.yahoo.com via HTTP; Fri, 22 Apr 2005 08:23:31 PDT
Date: Fri, 22 Apr 2005 08:23:31 -0700 (PDT)
From: peter anderson
Subject: price needed
To: xxxxxx
--------------------------------------------
The Scammer's IP address is in Bold, and has been traced to Lagos, Nigeria.

Bobby D. Hunter
Hunting down Slimeball Game

[This message was edited by b0b on 25 April 2005 at 09:26 AM.]

View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 3 May 2005 5:07 pm    
Reply with quote

In case any members of this Forum are also running their own Apache Web Servers, or act as Webmasters for Apache-hosted websites, I have a complete blocklist of Nigerian and West African IP addresses available, for use in your .htaccess file. The list is an ongoing project and is updated whenever I discover another Blackhat ISP that is being used by African Scammers.

To obtain a copy send me an email telling me who you are and what access you are allowed to control your server files. If it appears that you are able to apply my solution, and are Whitehat, I will send you a link to download the list from my server.

If you are a Webmaster, or own, or lease a server, and don't know how to install and test a .htaccess file, I can do it for you, for a small fee.


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 25 Jun 2005 9:26 am    
Reply with quote

Addition of Sky-Vision.net Satellite Services to our Blocklist.



To all members in Europe, Africa, or Asia

As you all must know by now I am doing security for the Steel Guitar Forum, tracking down the Nigerian criminals (and others) who are trying to scam you out of your money and instruments you are trying to sell on our forums. Most of these scams involve overpayment with counterfeit certified checks or money orders, with you sending the cash refund to the scammer or his agent, via Western Union, to Nigeria.

In the course of this Hunt I have uncovered tens of thousands of Internet Protocol (IP) addresses from which the scammers send their emails to you all, and have applied them to a blocklist, which denies them further access to the SGF. The scammers seem to have gotten wise to this tactic and are beginning to use new sources of Internet Services to view the forums, to get around the Nigerian blockade. However, when I trace the emails you good folk have been forwarding to me, they almost all come from Internet Cafes in Nigeria.

In my efforts to block access to all of these low-lifes I have had to expand the reach of the blocklist to include entire Satellite Internst Services, the most recent of which is Sky-Vision.net. This company supplies millions of persons with Internet connectivity, in Africa, Eastern Europe, and parts of Asia. They are one of the main suppliers of Internet services to Nigeria.

I am posting this notice so that members living in Africa, Asia, and Europe can check with their Internet Service Providers to see if they are receiving their signal from sky-vision.net satellite services. If any of you are, you may find your access to the SGF blocked once the new list goes into effect. If you are blocked you should contact me at - wizardodelasteel@hotmail.com, using your regular ISP to send your email. I will read the headers of your email and poke a hole in the blocklist, to let you back in.

I sincerely hope that we don't block any of our members in Europe and chances are good that we won't. I just want you to be aware that it could happen, and give you the means of contacting me outside of the SGF, so I can allow your ISP back in.

There are literally hundreds of thousands of IP addresses covered by our blocklist, and it is growing every week. With your co-operation we can rid the SGF of these Nigerian scammers and any copycats who follow them. Please read my previous Posts in this thread to learn how to Forward As Attachment any scam emails you receive, to me.

Thank you all.


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 16 Jul 2005 1:02 pm    
Reply with quote

Users of Outlook Express (and probably Outlook and other standard email clients) can attach an original scam email by opening a New Message in your email client, address it to me (wizardodelasteel AT hotmail DOT com), type a subject, briefly say what it is about in the body, then drag and drop the scam email into the body area. It will instantly be attached as a .eml attachment, and when I receive it the complete headers will be included for me to do my tracking.


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 16 July 2005 at 02:03 PM.]

View user's profile Send private message Send e-mail Visit poster's website
Bobby D. Hunter

 

From:
USA
Post  Posted 8 Nov 2005 10:32 am    
Reply with quote

This scam began arriving in SGF members' e-mail inboxes on November 8, 2005.

This new twist on the old kited check scam was just sent to several members of the SGF. It now involves "depositing" US Postal Money Orders in your bank, taking out 10% for your "commission," and wiring the balance of the money to Nigeria, as a favor to the sender, yada, yada.

I have traced the sender to Lagos, Nigeria. If any other members receive one of these please forward them to me as attachments, or copy and paste the entire source code into a new message and send it to me.

The original message is pasted below.

Hello Dear Friend,

Good day to you, my name is Susan Bryant,I am an artist with my husband James Bryant,and we are the owner of Sus Art World .I live in London United Kingdom,with my two kids, four cats, one dog and the love of my life my husband James Bryant. It is definitely a full house.

I have been doing artwork since I was a small child. That gives me about 23 years of experience. I majored in art in high school and took a few college art courses. Most of my work is done in either pencil or airbrush mixed with color pencils. I have recently added designing and creating artwork on the computer. I have been selling my art for the last 3 years and have had my work featured on trading cards, prints and in magazines. I have sold in galleries and to private collectors from all around the world.

I am always facing serious difficulties when it comes to selling my art works to Americans, they are always offering to pay with U.S POSTAL MONEY ORDER, which is difficult for me to cash here in London United Kingdom.

I am looking for a representative in the states who will be working for me as a partime worker and i will be willing to pay 10% for every transaction, which wouldnt affect ur present state of work, someone who would help me recieve payments from my customers in the united states.i mean someone that is responsible and reliable,cause the cost of coming to the untied state and getting payments is very expensive, I am working on setting up a branch in the state, so for now I need a representative in the united state who will be handling the payment aspect.

All the payments are in U.S POSTAL MONEY ORDER and my customers will issue the U.S POSTAL MONEY ORDERS in your name and post the U.S POSTAL MONEY ORDER to your doorstep, so all you need do is to take the U.S POSTAL MONEY ORDER'S to your bank and cash them, then deduct your 10% and wire the balance back to me. This business will not cost you any amount of money, my customers will send you the U.S POSTAL MONEY ORDER'S through a courier company and the courier company will deliver the package to your doorstep, as soon as you receive the package from the courier company, just take the U.S POSTAL MONEY ORDER'S to your bank and cash them.

If you are interested, please get back to me as soon as possible via mail:susanartworld_uk01@yahoo.co.uk

I shall be waiting for your quickly response, Thanking you in advance and God be with you.

Friendly
Regards.

Susan Bryant




Because Nigerians are now counterfitting US Postal Money Orders, I strongly advise SGF members who accept UPSP Money Orders to cash them at your local Post Office branch. Do not take them to your bank and deposit them. If they bounce you will have to pay penalty fees. All Postal clerks have equipment to check the validity of Postal Money Orders. If good they cash them on the spot. If forged they may be able to launch an investigation, provided you have the original envelope in which it arrived, if it came via US Mail. If it arrived by courier contact that courier and report that you were sent a counterfit monetary instrument through their delivery service. Keep the forged money order until you are sure that no authorities want to have it for evidence.


------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 19 Jun 2006 6:01 pm    
Reply with quote

The scams referred to throughout this thread often involve sending the email headers to security for analysis. While the instructions for doing this are found from top to bottom in this thread, they are spread out. I have encapsulated the instructions for displaying, copying and pasting raw email headers and the entire source code into one single, concise article, here, on my Blog.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 19 June 2006 at 07:09 PM.]

View user's profile Send private message Send e-mail Visit poster's website

All times are GMT - 8 Hours
Jump to:  
Please review our Forum Rules and Policies
Our Online Catalog
Strings, CDs, instruction, and steel guitar accessories
www.SteelGuitarShopper.com

The Steel Guitar Forum
148 S. Cloverdale Blvd.
Cloverdale, CA 95425 USA

Click Here to Send a Donation

Email SteelGuitarForum@gmail.com for technical support.


BIAB Styles
Ray Price Shuffles for Band-in-a-Box
by Jim Baron