An
Email with the Subject "INVESTMENT" was
received in one of Scamdex's honeypot email accounts on Sun, 20 Feb 2011 22:43:21 -0800
and has been classified as a Employment/Job Scam Email.
The sender shows as "ivan moore" <ivanmoore2010@rediffmail.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
assistanceforeignnationaltransactionemploymresponserepresentativeserviceinvestmentfundbusinessproposalsentmail will achdear
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => cj@scamdex.com
[delivery-date:] => Sun, 20 Feb 2011 22:43:22 -0800
[received:] => Array
(
[0] => from f4mail-235-230.rediffmail.com ([202.137.235.230] helo=rediffmail.com)by chester.loopbiz.com with smtp (Exim 4.69)(envelope-from )id 1PrPUO-0005jL-GIfor cj@scamdex.com; Sun, 20 Feb 2011 22:43:21 -0800
[1] => (qmail 23202 invoked by uid 510); 21 Feb 2011 06:40:17 -0000
[2] => from unknown 41.138.182.41 by rediffmail.com via HTTP; 21 Feb 2011 06:40:02 -0000
)
[comment:] => DomainKeys? See http://antispam.yahoo.com/domainkeys
[domainkey-signature:] => a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=UqXFFlJCTbOuVHMHRDo0uZYJWtB9cC7TmeMM2NRwqHkbfCzOKl9Dt8IDuEbmRZtMGlmmgNOlOJFcWQo8S0LeIGRYWba8Ehwii8dYzkk6aOGXcUfdph/NAkXFQw+hi8AG5suQtIzq9gDJr6PwOfPfnnB+LyqhG2fFdYHQ76cv7EY= ;
[x-ctch-spam:] => Unknown
[x-ctch-vod:] => Unknown
[x-ctch-flags:] => : 0
[x-ctch-refid:] => str=0001.0A150201.4D62095A.00D5,ss=1,pt=DBB_66871,fgs=0
[date:] => 21 Feb 2011 06:40:17 -0000
[message-id:] => <20110221064017.23191.qmail@f4mail-235-230.rediffmail.com>
[mime-version:] => 1.0
[reply-to:] => ivanmoore2010@rediffmail.com
[to:] => "ivanmoore2010"
[sender:] => ivanmoore2010@rediffmail.com
[subject:] => =?utf-8?B?SU5WRVNUTUVOVCA=?=
[from:] => "ivan moore"
[content-type:] => multipart/alternative;boundary="=_f76593d4410763666569bb59cc1a5fd1"
[x-spam-status:] => No, score=2.5
[x-spam-score:] => 25
[x-spam-bar:] => ++
[x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Dear Friend, I am representing a group of investors, who are interested in overseas investment in your country, involving largevolume of funds, for which we seek your assistance as overseas representative.[...] Content analysis details: (2.5 points, 4.0 required)pts rule name description---- ---------------------- --------------------------------------------------0.0 FREEMAIL_FROM Sender email is freemail(ivanmoore2010[at]rediffmail.com)-0.0 SPF_HELO_PASS SPF: HELO matches SPF record-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relaydomain-0.0 SPF_PASS SPF: sender matches SPF record2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends indigit (ivanmoore2010[at]rediffmail.com)0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines-3.0 DEAR_FRIEND BODY: Dear Friend? That's not very dear!0.0 HTML_MESSAGE BODY: HTML included in message1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay0.0 T_REMOTE_IMAGE Message contains an external image1.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)0.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
I am representing a group of investors , who are interested in overseas investment in your country, involving large volume of funds, for which we seek your assistance as overseas representative.
The civil service regulations here, prohibit us from getting involved in private business, while under government employment, hence this proposal to you, in view of your impressive profile.
I will be attaching a copy of my international travelers' passport to give you proper knowledge of my person, as it's appropriate for a transaction of this nature upon your response.
If you feel disposed towards the solicited role, please indicate by prompt response, so that I may provide you further details of the transaction, and also let you know what will be coming to you as remuneration for your solicited role. After that we shall then come to an understanding concerning the prospective areas of investment in your domain, that will be conducive for investors of foreign descent.
I look forward to your prompt response.
Yours Truly, Ivan Moore.
Dear Friend,
I am representing a group of investors , who are interested in overseas investment in your country, involving large volume of funds, for which we seek your assistance as overseas representative.
The civil service regulations here, prohibit us from getting involved in private business, while under government employment, hence this proposal to you, in view of your impressive profile.
I will be attaching a copy of my international travelers' passport to give you proper knowledge of my person, as it's appropriate for a transaction of this nature upon your response.
If you feel disposed towards the solicited role, please indicate by prompt response, so that I may provide you further details of the transaction, and also let you know what will be coming to you as remuneration for your solicited role. After that we shall then come to an understanding concerning the prospective areas of investment in your domain, that will be conducive for investors of foreign descent.
