Find the scammers

(If you've lost money or anything whatsoever to these people, the proper FBI channel for retaliation is here: http://www.ic3.gov/default.aspx. It's a legit, legal, government associated website.)

Or, to track them down out of interest or boredom:
Usually the information in the email is obscured, disguised, or hidden by the sender. Your email service provider should have an option somewhere to view the details of the message source or sender. What you will see will seem like gibberish at first; my own email service provider doesn't provide explicit explanations for the information I'm looking at so there is some deciphering that must be done on our end.

Different email providers will have a different ways to access the sender information, you may have to look around a bit for it.

How to understand the info in the message headers:
http://kb.mediatemple.net/questions/892/Understanding+an+email+header
How to spot forged sender information:
http://www.rahul.net/falk/mailtrack.html
Much better description of what else I'm about to say on this page:
http://www.online-tech-tips.com/computer-tips/how-to-track-the-original-location-of-an-email-via-its-ip-address/
(My previous link explaining how to track emails went bad so I replaced it with the previous links to various informational sites. updated May 6, 2014)

And the databases I use a lot are here:
https://www.arin.net/
https://www.ripe.net/
http://www.afrinic.net/
http://www.apnic.net/
http://www.lacnic.net/en/index.html
http://www.whois.net/
http://www.paladinsoftware.com/Generic/countries.htm (you'll understand what it's for if you end up needing it)

The IP should be identified. It's a short series of numbers with periods between each 2 or 3, like this 217.218.209.61. This is the number assigned to an outgoing message that identifies the very computer from which the message was sent. Most people don't know about this, or don't want to know. The information provided by my internet service provider often has several sender IP addresses due to the sender sending the email through several proxies or services before it gets to me in an effort to conceal themselves. In order to look up each IP address you need to plug it into a WHOIS search engine. There are several. I start with ARIN, at https://www.arin.net/. The search engine is at the top of the page in plain sight. The IP number sequence is what you put there. You will get one of two results: 1) You are immediately shown who owns the IP address, in many cases a street address, contact name, and phone number are listed; but these are often just the administrators of the network that owns the IP, so be careful not to do anything stupid with that information. 2) You may be told that the IP belongs to another database (other than ARIN) such as AFRINIC, APNIC, RIPE, etc. If that is the case, a WHOIS page will be listed, and you need to go to that search engine.

The sender's actual email address will often be shown in the sender information. Scam emails often appear as being sent 'from' some address hosted at a site you trust, like microsoft.com. But in the true sender information you can see that it actually came from some other funky place.

Another thing that shows up in the full message information is the coding for the message you received. In the coding you can find the links that are actually being linked to in your email. One thing they like to do is to set up a link that says something like "www.FedEx.com" but which actually links to some strange address like "www.sldkjoibldfkj.hk". I just made that up, but you get the message.

If you want to know where that true sender address, or any other address hidden in the message belongs, there are search engines for domain name ownership, such as http://www.whois.net/ To find other search sites for this, type in 'domain name whois' into a search engine and try out some of the pages. They should give you the name and address of the owner of the website just by typing in the web address. For example, for www.FedEx.com, you would type the address into their search field how the page directs you to. Don't pay any sites for this information, it should be free.

There is a lot of other information you can pull out of sender info, but I think this is more than enough to get you started in identifying what to ignore in your inbox. Usually, I just use common sense to identify the spam/scams, and I only research where they're from for fun. (and to occasionally post here)

(Updated some links, etc. on May 6, 2014)

5 comments:

  1. if you give money to these people you are worse than daft

    ReplyDelete
  2. thank you so much for taking the time to try to educate people about this stuff.... more websites like yours are needed

    ReplyDelete
  3. lovebug1136 search for scam knew they were not reall as I have being happily married for 0ver 23 years. Just reported them too

    ReplyDelete
  4. Lovebug1136/s am refuse to play with weirdoz on net

    ReplyDelete
  5. in the header for every email, in small letters, you will see. "(details)". click on that and find out about who is sending you mail

    ReplyDelete

There is now a word verification after this page to filter out spam comments.