Inbox - HI scam attempt originating from Singapore & writer say he is in London

From: "Mr. Zhao Yao" <mrzhaoyao@pacific.net.sg>
Sent: Thursday, December 17, 2009 8:49 AM
Subject: HI (right click mouse > archive > Properties)

Dear Sir,

I work with HSBC London, I need your co-operation to help me received the sum of $10 million dollars which is unclaimed. All details of this business will be given to you in my next mail.

Should you be interested, please get back to me immediately so as to proceed with the transfer arrangement ASAP.

Regards,
Glen Heitinger

Properties
Return-Path: <mrzhaoyao@pacific.net.sg>
Received: from smtpgate1.pacific.net.sg (smtpgate1.pacific.net.sg
[192.169.41.31*]) search this IP
by mailer.ran.es (8.14.2/8.13.8) with SMTP id nBGGWG6J015731
for ; Wed, 16 Dec 2009 17:32:38 +0100
Message-Id: <200912161632.nBGGWG6J015731@mailer.ran.es>
Received: (qmail 20173 invoked from network); 16 Dec 2009 16:32:14 -0000
Received: from unknown (HELO User) (clarmgt@pacific.net.sg@72.54.92.178)
by smtpgate1.pacific.net.sg with ESMTPA; 16 Dec 2009 16:32:13 -0000
Reply-To: <mrzhaoyao@sbcglobal.net>
From: "Mr. Zhao Yao"<mrzhaoyao@pacific.net.sg>
Subject: HI
Date: Wed, 16 Dec 2009 23:49:26 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-UIDL: c49!!IJ(!![g[!!"!0!!
Old-X-EsetId: E74D982990713469F84B987C992170
X-EsetId: E74D982990713469F84B987C992170
X-EsetScannerBuild: 6221

*
IP Address: 192.169.41.31
Hostname: smtpgate1.pacific.net.sg
IP Country: Singapore
IP Country Code: SGP
IP Continent: Asia
IP Region:
Guessed City:
IP Latitude: 1.3667
IP Longitude: 103.8
Organization: TECHNE
ISP Provider: TECHNE

Inbox - would not trust this loan offer

Date: Mon, 14 Dec 2009 23:12:37 -0200 (BRST)
From: "APPLY FOR A SOFT LOAN FOR YOUR HOLIDAYS!!!" <scottyloan@info.com>
To: undisclosed-recipients:;
ReplyTo: scotty.loan1@gmail.com
Subject: Missing (so cannot do this test explained here http://www.fraudwatchers.org/forums/showthread.php?t=6540 which would have shown me where the e-mail came from. It could be Mafia laundering their dirty money. Also the rate of interest could be very high

Good Day, Too informal to be serious! Sounds like a Nigerian introduction

I am a lender that can help you with a loan for your christmas
holidays.Have you been in search for a loan from a reliable lender on the
internet or do you need a loan to ease your financial stress? this is the
greatest opportunity you have been waiting to have.

If you need a loan do not hesitate to contact me now.
scotty.loan03@gmail.com

Reload this Page How to find headers from your emails

http://www.fraudwatchers.org/forums/showthread.php?t=6540

Used in the previous post to find that it was a Russian Scam attempt

Inbox - VISA Email Alert Received (on xxxxxx@mail.com)

PUT YOUR MOUSE OVER FROM RIGHT CLICK AND GIVES

properties
message_8MIL6J8OIIid@webmail02.register.com
FOR ME IT IS A SCAM ATTEMPT
the e-mail

Dear VISA card holder,
A recent review of your transaction history determined that your card was used at an ATM located in Netherlands, but for security reasons the requested transaction was refused.Please carefully review electronic report for your VISA card at:

http://transactions.visa.com/cards/alerts/transactions.php?ref=4242061083548354153566923541238566587404080483519557353754326595927&email=your e-mail address


The web page it takes you to

• Email Alert Recieved (on xxxxxx@mail.com)
• Card Transactions

VISA Cards Support
Ref: H0K8LCOO1BVG01H2KUQ8L8JJFP6ZS394YOB46LFKQ

• Card 4XXX XXXX XXXX XXXX (to protect your private information, part of the card number is hidden with X's)

Download Card Transactions

Instructions:

- download and carefully review electronic report for your VISA card.

Card	Card Statement
4XXX XXXX XXXX XXXX

If you’ve lost your Visa card, you can contact us or your bank - we can help you, wherever you are.

Further information

You can tell us your lost or stolen card details, and we’ll arrange for your card to be cancelled.

The option for card replacement and emergency cash displacement will depend on which bank or organisation issued your card.

To assist our customer service, please have the following information on hand:
Do not part with this information under any circumstances

• The name of the bank or organisation that issued your card
• The country where it was issued to you
• The type of Visa card
• The 16-digit number on the card – it is vital that you have a record of this number, kept separate from your card

I right clicked the Subject and it showed me the server - the details below - A Russian Scammer?
IP Address: 77.51.221.79 WhoIs Lookup IP BlackList Lookup
Hostname: 77.51.221.79 Reverse DNS

[See complete information about your system with our IP Information tool!]

IP Address Conversion - IP Convert for 77.51.221.79 to Hex & to Dec

IP to Dec [IP Address to decimal]: 1295244623
IP to Hex [IP Address to hexadecimal]: 4d33dd4f
IP to Bin [IP to binary]: 1001101001100111101110101001111

IP Address Lookup results for Europe

IP Address Continent: Europe
IP Continent Code: (EU)
IP Continent Population: 731,000,000
IP Continent Area: 10,180,000 km²
IP Continent Total Population: 11%
IP Continent Density People: 69.7 per km²

IP Location Lookup results for Russian Federation

IP Country Name: Russian Federation
IP Country Capital: Moscow
IP Language: Russian
IP Currency: Ruble (RUB)
IP Country Latitude: (60)
IP Country Longitude: (47)
IP Country Code: RUS (RU)

IP Location Lookup results for 77.51.221.79 in Moscow City

IP Address Region: Moscow City
IP Address City: Moscow
IP Address Latitude: (55.7522)
IP Address Longtitude: (37.6156)

Additional IP Location information for 77.51.221.79

IP Address Organization: Joint-Stock Central Telecommunication Company (JSC
IP Address ISP: Joint-Stock Central Telecommunication Company (JSC