Eine interessante und im Hotelleriebereich gängige Betrugsmasche ist folgende:
Nach Bestätigung der Verfügbarkeit der angefragten Unterkünfte sowie Mitteilung des Preises erreicht einen folgende Mail:
header:01: Return-Path: <md997290 [at] gmail.com>02: X-Original-To: xxx [at] xxxxxx.de03: Delivered-To: poor [at] spamvictim.tld04: Received: from mail-vc0-f193.google.com (unknown [209.85.220.193])05: by tgs-server.de (Postfix) with ESMTP ID: [ID filtered]06: for <poor [at] spamvictim.tld>; Thu, 12 Mar 2015 xx:xx:xx +0100 (CET)07: Received: by mail-vc0-f193.google.com with SMTP ID: [ID filtered]08: for <poor [at] spamvictim.tld>; Thu, 12 Mar 2015 xx:xx:xx -0700 (PDT)09: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;10: d=gmail.com; s=20120113;11: h=mime-version:reply-to:date:message-id:subject:from:to:content-type;12: bh=QudLUPjs3ZfVUtXu96i4AFV1OoOgIc5GKbH13F6NOuw=;13: b=VWGwyoYwnVU2FIZ8lxdtKJFV6Tq7NiPlCt4mOBHoTJ5Z0hTnIDaTT78um0La5gv32v14: I+acLBUQVfCYEzO8ma3LxnJMCxuWgBLpyzfT//HPrnIwdgLPx6obwy50Wmi/BNmWAIHq15: 0XKtLQ93znDAqGEbGVwVTIQP6571r7GbtSL2O9vrWFuFx6dvfPKBzmGU8+JkuLIco8Zf16: 6buaSY6SdlohuruIrD/v9elNbwUR81qHKgZP6rXcTrWgiQaUf/qXdITvNTxNkrXxGSL+17: btLF2M4PXv7Im4qa6HfTh03tz0a3gBEfENV8IN5A3+mo4qGZqeSe3gKEBnLWAulIZ0bw18: q8Qw==19: MIME-Version: 1.020: X-Received: by 10.52.12.169 with SMTP ID: [ID filtered]21: Thu, 12 Mar 2015 xx:xx:xx -0700 (PDT)22: Received: by 10.52.143.234 with HTTP; Thu, 12 Mar 2015 xx:xx:xx -0700 (PDT)23: Reply-To: micultralases-roberts [at] yandex.com24: Date: Thu, 12 Mar 2015 xx:xx:xx +000025: Message-ID: [ID filtered]26: Subject: WE NEED ACCOMMODATION27: From: Richard Griffiths <md997290 [at] gmail.com>28: To: undisclosed-recipients:;29: Content-Type: multipart/alternative; boundary=485b397dd6357c256905111c8c3730: Old-X-EsetID: [ID filtered]31: Old-X-EsetID: [ID filtered]32: X-EsetScannerBuild: 2303233: X-ESET-AntiSpam: OK;0;calc;2015-03-12 xx:xx:xx;1503122045470025;239734: X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1426189547;VERSION=2129;MFE-VER=3635: Old-X-EsetID: [ID filtered]36: Old-X-EsetID: [ID filtered]37: Old-X-EsetID: [ID filtered]38: X-EsetID: [ID filtered]
Greetings,
My name is Dr Richard Griffiths Your city is our destination for our wedding anniversary this year .We are two Couples coming for our wedding anniversary Is it possible to book 2 rooms or AN apartment that can sleep 4 guests(2 couples) all adults. Please check your availability and get back to me
Proposed Check-in-date: 16th May 2015
Proposed Check-out-date: 30th May 2015
Total number of NIGHT: 14
Total Number of persons: 4 adults
Rooms: 2 double rooms or an apartment
Kindly tabulate the prices of your 2 DOUBLE ROOMS OR APARTMENTS that will sleep 4 persons. Please offer discounts on your prices if possible
I awaits your timely reply
Dr Richard Griffiths
BSc MB ChB MRCP PhD
Consultant in Medical Oncology
Clatterbridge Cancer
Centre NHS Foundation Trust
Clatterbridge Road,
Bebington, Wirral,
C H63 4JY
England
Mobile contact:00447421165771
Nachdem man nun die angefragten Daten nachgereicht hat, erreichen einen sowohl ein Brief mit Scheck als auch eine Mail mit folgendem Inhalt:
header:01: Return-Path: <micultralases-roberts [at] yandex.com>02: X-Original-To: <poor [at] spamvictim.tld>03: Delivered-To: poor [at] spamvictim.tld04: Received: from forward18.mail.yandex.net (unknown [95.108.253.143])05: by tgs-server.de (Postfix) with ESMTP ID: [ID filtered]06: for <poor [at] spamvictim.tld>; Mon, 16 Mar 2015 xx:xx:xx +0100 (CET)07: Received: from web9g.yandex.ru (web9g.yandex.ru [95.108.252.109])08: by forward18.mail.yandex.net (Yandex) with ESMTP ID: [ID filtered]09: for <poor [at] spamvictim.tld>; Mon, 16 Mar 2015 xx:xx:xx +0300 (MSK)10: Received: from 127.0.0.1 (localhost [127.0.0.1])11: by web9g.yandex.ru (Yandex) with ESMTP ID: [ID filtered]12: Mon, 16 Mar 2015 xx:xx:xx +0300 (MSK)13: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;14: t=1426519727; bh=13GpRsOJz1VDO3OOU5F6MU2wt6RltOdtB/xfFXnD9as=;15: h=From:To:In-Reply-To:References:Subject:Date;16: b=eimexsN9f4BmTNnBWpr/FDIeW1COdS9NpEGqe4X3c3JKH6O7zXG6Upl40sWibSx7O17: v8WI81nVbng2Cfk3vcgpT7ouG9UD3YXqb/Lbn/oaQaY/spxRIgUebwcu/LWfbklOg718: yk+EjYxZ1vrMTsxhZU0sbvFbyMtvHHzsA3dSyLAo=19: Received: by web9g.yandex.ru with HTTP;20: Mon, 16 Mar 2015 xx:xx:xx +030021: From: Richard Griffiths <micultralases-roberts [at] yandex.com>22: To: "xxx" <<poor [at] spamvictim.tld>>23: In-Reply-To: <9DE56A63ACE840B59462A827047E32BC [at] FENSTER>24: References: <CAHFr_0QUxUfrX5qAy=e7Bwpwi5PSxHjXxNUaGTNH9sXiZhmypA [at] mail.gmail.com>25: <9DE56A63ACE840B59462A827047E32BC [at] FENSTER>26: Subject: BOOKING CONFIRMATION27: MIME-Version: 1.028: Message-ID: [ID filtered]29: X-Mailer: Yamail [ http://yandex.ru ] 5.030: Date: Mon, 16 Mar 2015 xx:xx:xx +000031: Content-Transfer-Encoding: base6432: Content-Type: text/html; charset=utf-833: Old-X-EsetID: [ID filtered]34: Old-X-EsetID: [ID filtered]35: X-EsetScannerBuild: 2303236: X-ESET-AntiSpam: OK;0;whitelist;2015-03-16 xx:xx:xx;1503161635170479;3B2637: Old-X-EsetID: [ID filtered]38: Old-X-EsetID: [ID filtered]39: Old-X-EsetID: [ID filtered]40: X-EsetID: [ID filtered]
Attention: Director/Manager,
Dear Sir/Madam,
I write with great pleasure to thank you for your kind reply, and also to inform you, that the couples have met and the prices you have offered has been accepted. We beg for your assistance as it regards payment, in order to make sure that everything is arranged before our arrival, we wish to make advance payment to confirm the booking. Our sponsor will pay for all our expenses so we want everything regarding payment to be settled before we come over for our wedding anniversary. The money will be paid into your bank account through a secured certified bank cheque, you will receive the cheque in your address as soon as possible. I want to tell you that we are making arrangement with a Tour organizer agency that will book our flight and provide us with other logistic needs during our anniversary. As I mentioned above, we are getting a direct sponsorship, so payment will come to you from our sponsors. Already they have issued out a certified Bank check of 6,740.00GBP to cover all our traveling expenses which includes accommodations, transportation,flight fair and other logistics we need during our anniversary.Since you are the first booking we have confirmed we wish to issue this cheque payment to you. Therefore when you receive the cheque deposit it into your bank account to get cash credited into your account, when the cheque clears in your bank account deduct money for the cost of your services. The remaining/balance money will be for the Tour organizer agency.(The details will be provided to you on how to transfer the remaining money to them our Tour organizer agency will issue an invoice to you for the amount they are going to receive from you and our detailed itinerary .HOPE YOU UNDERSTAND.
Kindly provide the following information for the cheque payment to be issued to you
(1) YOUR FULL NAME (As it should appear on the cheque):
(2) YOUR POSTAL ADDRESS (where to send the cheque):
(3) CONTACT TELEPHONE NUMBERS:
NOTE: WE WILL BE RESPONSIBLE FOR ANY TAX AND FEES THIS WILL ATTRACT.
Our team will highly appreciate your prompt reply, while we look forward for a memorable stay in your place.
Best regards,
Dr Richard Griffiths
Nach Einlösen des Schecks soll man also den überzahlten Betrag auf ein noch zu benennendes Konto des Reiseveranstalters zahlen. Es muss wohl nicht betont werden, dass der Scheck nach 14 Tagen platzt und man auf den Gast seeeeehr lange warten kann.
header:01: Return-Path: <micultralases-roberts [at] yandex.com>02: X-Original-To: <poor [at] spamvictim.tld>03: Delivered-To: poor [at] spamvictim.tld04: Received: from forward18.mail.yandex.net (unknown [95.108.253.143])05: by tgs-server.de (Postfix) with ESMTP ID: [ID filtered]06: for <poor [at] spamvictim.tld>; Mon, 23 Mar 2015 xx:xx:xx +0100 (CET)07: Received: from web5g.yandex.ru (web5g.yandex.ru [95.108.252.105])08: by forward18.mail.yandex.net (Yandex) with ESMTP ID: [ID filtered]09: for <poor [at] spamvictim.tld>; Mon, 23 Mar 2015 xx:xx:xx +0300 (MSK)10: Received: from 127.0.0.1 (localhost [127.0.0.1])11: by web5g.yandex.ru (Yandex) with ESMTP ID: [ID filtered]12: Mon, 23 Mar 2015 xx:xx:xx +0300 (MSK)13: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;14: t=1427102124; bh=jSGHeWCVzhVzoid9RfFWGDIo7kQzwMlot06YmKCbWGg=;15: h=From:To:In-Reply-To:References:Subject:Date;16: b=UfvymCCVpMxWG19PLojcCdKyTEICRzGd+YnnGXImKNTpHkZFiPQvEW+n93mZUxpKn17: imdpKNnsu2qq7CB/xP/3nLRW+2yDdkajY3j5g8bHCIWsK0kUCLohJbXkxohW1vEmH518: IamVBgcpI75DSDdyxEkuHW9TEfhzoVXWNpR/rSNk=19: Received: by web5g.yandex.ru with HTTP;20: Mon, 23 Mar 2015 xx:xx:xx +030021: From: Richard Griffiths <micultralases-roberts [at] yandex.com>22: To: "xxxx" <poor [at] spamvictim.tld>23: In-Reply-To: <0E860C9AC731491FB4B0801F631679FC [at] FENSTER>24: References: <CAHFr_0QUxUfrX5qAy=e7Bwpwi5PSxHjXxNUaGTNH9sXiZhmypA [at] mail.gmail.com>25: <9DE56A63ACE840B59462A827047E32BC [at] FENSTER> <390571426519726 [at] web9g.yandex.ru>26: <0E860C9AC731491FB4B0801F631679FC [at] FENSTER>27: Subject: CHEQUE PAYMENT NOTIFICATION!!28: MIME-Version: 1.029: Message-ID: [ID filtered]30: X-Mailer: Yamail [ http://yandex.ru ] 5.031: Date: Mon, 23 Mar 2015 xx:xx:xx +000032: Content-Transfer-Encoding: base6433: Content-Type: text/html; charset=utf-834: Old-X-EsetID: [ID filtered]35: Old-X-EsetID: [ID filtered]36: X-EsetScannerBuild: 2303237: X-ESET-AntiSpam: OK;0;whitelist;2015-03-23 xx:xx:xx;1503231017291307;CA9838: X-EsetID: [ID filtered]
Greetings,
How are you today? I hope This mail meets you well? I am glad to inform you that a cheque payment has been dispatched to your address by our sponsor , According to UK postal delivery , The cheque payment will be arriving at your address any moment from now.Let me know immediately you receive the cheque. Thanks and I await your email.
Best regards,
Dr Richard Griffiths
Warten wir mal ab, welcher Empfänger das Geld haben will.
Lesezeichen