Spam 419/Nigeria Online fraud jwSpamSpy Contact
Email Spam Filter: |
|
|
419 Scam Example: "GREYHOUND SWEEPSTAKES SPECIAL / GREYHOUND FINANCIAL SERVICES / DAVID MANSONDO"
- About "419" scams
- Email addresses used by 419 scammers
- Phone numbers used by 419 scammers
- How to report 419 spam to us
- Domains registered by 419 scammers
- What can you do when you receive 419 spam
- "Elgordo Lottery" spam
- Company representative scam
- Ghana gold scam
- USA AID spam
- Fraud: mailorder shipping to Nigeria
- officelineworld.com - Be careful with orders from Nigeria!
"GREYHOUND SWEEPSTAKES SPECIAL / GREYHOUND FINANCIAL SERVICES / DAVID MANSONDO" are labels used by a gang in South Africa for a fake lottery fraud (advance fee fraud, "419").
|
Example of "GREYHOUND SWEEPSTAKES" scam email:
From: <greyhoundlottswp@netscape.net> To: <greyhoundlottswp@netscape.net> Sent: Wednesday, 09 February, 2005 11:35 Subject: ++Congratulation You Have Won++ FROM: THE LOTTERY COORDINATOR, INTERNATIONAL PROMOTIONS/PRIZE AWARD DEPARTMENT ATTENTION: (REFERENCE NUMBER: LXE-504K23-06 BATCH NUMBER: 987-XP36) THIRD CATEGORY WINNER After a successful completion of the third category draws of the GREYHOUND SWEEPSTAKES SPECIAL, held on 5TH JANUARY 2005, we are pleased to inform you of the official announcement today that you have emerged one of the winners of the GREYHOUND SWEEPSTAKES SPECIAL PROGRAMS, which is part of our promotional draws. Participants were selected through a computer ballot system drawn from 36,000 names/email addresses of individuals and companies from Africa, America, Asia, Australia, Canada, Europe, Middle East, and New Zealand as part of our International Promotions Program. You/Your company, attached to ticket number 234-69-2167, with serial number 425-70 drew the lucky numbers 10, 60, 71, 66, 12, 32, (20), and consequently won in the Third Category. You have therefore been awarded a lump sum pay out of US$2.600,000.00 in cash, which is the winning payout for third category winners. This is from the total prize money of US$109,010,000.00 from which eight international winners in the Third category will be shared. CONGRATULATIONS! Your fund is now deposited with GREYHOUND FINANCIAL SERVICES, insured in your name. To avoid mix up of numbers and names of any kind, we request that you keep this award strictly from public notice until the entire process of transferring your claims has been completed, and your certified banker's Cheque sent to you. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants of this program. We also wish to bring to your notice our end of year (2005 high stakes where you stand a chance of winning up to US$1.1 billion; we hope that with a part of your prize you will participate. Please contact your claims agent immediately, to begin your claims process; MR. DAVID MANSONDO. SENIOR CLAIMS EXECUTIVE, GREYHOUND FINANCE & INSURANCE LTD. PHONE:+27-73-7009720 FAX : +27-73-7006921 EMAIL: davidmansondo@netscape.net for due processing and remittance of your prize money to a designated account of your choice. Remember, you must contact your claims agent within a week of receiving this mail. NOTE: To avoid unnecessary delays and complications, please remember to quote your reference and batch numbers provided below in every one of your correspondence with your claims agent. REFERENCE NUMBER: LXE-504K23-06 BATCH NUMBER: 987-XP36 Congratulations once again from all our staff and thank you for being part of our promotions program. Sincerely, THE LOTTERY COORDINATOR, GREYHOUND SWEEPSTAKES SPECIAL. GREYHOUND BUILDING, SANDTON, JOHANNESBURG. SOUTH AFRICA. N.B. Any breach of confidentiality on the part of the winners will result to disqualification. Please do not reply to this mail. Rather, contact your claims agent whose credentials are listed above
Message haders:
Received: from mydomain.com (c2-47-1.rdg.dial.mweb.co.za [196.23.226.47]) by rly-xj02.mx.aol.com (v104.17) with ESMTP id MAILRELAYINXJ27-507420976fc3b; Tue, 08 Feb 2005 21:35:53 -0500 several fake Received: headers deleted Date: Wed, 09 Feb 2005 04:35:53 +0200 From: greyhoundlottswp@netscape.net To: greyhoundlottswp@netscape.net Subject: ++Congratulation You Have Won++ MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-AOL-IP: 196.23.226.47
WHOIS details of sending network (IP 196.23.226.47):
OrgName: The Internet Solution
OrgID: IS
Address: The Campus, 57 Sloane Street
Address: Bryanston
City: Johannesburg
StateProv: Gauteng
PostalCode: 2021
Country: ZA
NetRange: 196.23.0.0 - 196.23.255.255
CIDR: 196.23.0.0/16
NetName: NET-ISNET-02
NetHandle: NET-196-23-0-0-1
Parent: NET-196-0-0-0-0
NetType: Direct Allocation
NameServer: JUPITER.IS.CO.ZA
NameServer: TITAN.IS.CO.ZA
NameServer: DEMETER.IS.CO.ZA
Comment:
RegDate: 1995-03-22
Updated: 2004-07-20
TechHandle: ZT12-ARIN
TechName: The Internet Solution
TechPhone: +27 11 575 1000
TechEmail: netadmin@is.co.za
OrgAbuseHandle: ABUSE239-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +27 11 575 0055
OrgAbuseEmail: abuse@is.co.za
OrgTechHandle: ZT12-ARIN
OrgTechName: The Internet Solution
OrgTechPhone: +27 11 575 1000
OrgTechEmail: netadmin@is.co.za
Reply from "DAVID MANSONDO":
Dear Winner
Find attached to this mail a verification/Prize claim Form, which you have to fill and return by email attachment as well to this mail box for immediate verification and Validation of your claim. After the verifcation, payment approval will be granted on your behalf for your prize claim of $2.6m (Two million, Six Hundred thousand United States Dollars)
NOTE: You are not required to fill in the "account coordinate" column in the verification/Prize claim form if you desire any other means of payment.
After the payment approval, our paying bank will get in contact with you on how your funds will be transferred to you. Accompany the filled form with a valid identification, driver's license or international passport. Ensure you call me after filling this form for the acknowledgement of the receipt of your form in our office and to give you further brief about the status of your lotto funds.
Please write attention DAVID MANSONDO on the filled form when you are returning it, and use this address for all further correspondence.
Congratulations once again.
Please Call me the moment you received this form .
Mr. DAVID MANSONDO
TEL:+27-73-7009720
FAX:+27-73-7006921
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Message headers for reply:
Since both the sender and recipient use an AOL-related mail service, only the IP address of the sending AOL mailer is preserved, so we don't really know the source for this one.Return-Path: <davidmansondo@netscape.net> Received: from rly-xm03.mx.aol.com (rly-xm03.mail.aol.com [172.20.83.104]) by air-xm03.mail.aol.com (v104.17) with ESMTP id MAILINXM31-5fc4209aeb74f; Wed, 09 Feb 2005 01:33:39 -0500 Received: from imo-d01.mx.aol.com (imo-d01.mx.aol.com [205.188.157.33]) by rly-xm03.mx.aol.com (v104.17) with ESMTP id MAILRELAYINXM32-5fc4209aeb74f; Wed, 09 Feb 2005 01:33:27 -0500 Received: from davidmansondo@netscape.net by imo-d01.mx.aol.com (mail_out_v37_r3.8.) id p.13b.ed841b1 (22681) for <emailaddress>; Wed, 9 Feb 2005 01:33:06 -0500 (EST) Received: from netscape.net (mow-d22.webmail.aol.com [205.188.139.163]) by air-in04.mx.aol.com (v104.17) with ESMTP id MAILININ42-58994209aea12cd; Wed, 09 Feb 2005 01:33:06 -0500 Date: Wed, 09 Feb 2005 01:33:05 -0500 From: davidmansondo@netscape.net To: emailaddress Subject: Verification Form MIME-Version: 1.0 Message-ID: <4B95B1B4.73923EC5.1D5BFDE7@netscape.net> X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 205.188.157.33
A little later we received another one, this with full headers:
Dear Winner
Find attached to this mail a verification/Prize claim Form, which you have to fill and return by email attachment as well to this mail box for immediate verification and Validation of your claim. After the verifcation, payment approval will be granted on your behalf for your prize claim of $2.6m (Two million, Six Hundred thousand United States Dollars)
NOTE: You are not required to fill in the "account coordinate" column in the verification/Prize claim form if you desire any other means of payment.
After the payment approval, our paying bank will get in contact with you on how your funds will be transferred to you. Accompany the filled form with a valid identification, driver's license or international passport. Ensure you call me after filling this form for the acknowledgement of the receipt of your form in our office and to give you further brief about the status of your lotto funds.
Please write attention DAVID MANSONDO on the filled form when you are returning it, and use this address for all further correspondence.
Congratulations once again.
It is very important that you Call me the moment you received this form for more information ok.
MR. DAVID MANSONDO:
TEL:011-27-73-7009720
FAX:+27-73-7006921
Message headers:
Received: from davidmansondo@netscape.net
by imo-d02.mx.aol.com (mail_out_v37_r3.8.) id f.1af.d5fed11 (16237)
for <emailaddress>; Thu, 17 Feb 2005 05:39:43 -0500 (EST)
Received: from netscape.net (mow-m05.webmail.aol.com [64.12.184.133])
by air-in03.mx.aol.com (v104.18) with ESMTP id MAILININ31-3f6d4214746e1db;
Thu, 17 Feb 2005 05:39:43 -0500
Date: Thu, 17 Feb 2005 05:39:42 -0500
From: davidmansondo@netscape.net
To: emailaddress ("firstname lastname")
Subject: Verification Form
MIME-Version: 1.0
Message-ID: <3439E4D9.5414D04F.1D5BFDE7@netscape.net>
X-Mailer: Atlas Mailer 2.0
X-AOL-IP: 196.25.255.226
X-AOL-Language: english
WHOIS details for sending IP (196.25.255.226):
OrgName: Telkom SA Ltd.
OrgID: SAIX
Address: Soekor Building
Address: 151 Frans Conradie Ave
City: Parow
StateProv: Western Cape
PostalCode: 7500
Country: ZA
NetRange: 196.25.0.0 - 196.25.255.255
CIDR: 196.25.0.0/16
NetName: SAIX
NetHandle: NET-196-25-0-0-1
Parent: NET-196-0-0-0-0
NetType: Direct Allocation
NameServer: IGUBU.SAIX.NET
NameServer: SANGOMA.SAIX.NET
Comment: Please contact abuse@saix.net for abuse queries
RegDate: 1995-10-24
Updated: 2003-08-27
AbuseHandle: TIA-ARIN
AbuseName: Telkom IPNet Abuse
AbusePhone: +27 12 6807561
AbuseEmail: abuse@saix.net
NOCHandle: TIN2-ARIN
NOCName: Telkom IPNet NNOC
NOCPhone: +27 12 6800224
NOCEmail: nnoc@saix.net
TechHandle: JDU24-ARIN
TechName: Du Preez, Johan
TechPhone: 012 6800067
TechEmail: johan@saix.net
OrgAbuseHandle: TIA-ARIN
OrgAbuseName: Telkom IPNet Abuse
OrgAbusePhone: +27 12 6807561
OrgAbuseEmail: abuse@saix.net
OrgTechHandle: TIN2-ARIN
OrgTechName: Telkom IPNet NNOC
OrgTechPhone: +27 12 6800224
OrgTechEmail: nnoc@saix.net
Once the forms are filled, "David Mansondo" passes the victim to the next stage, the fake lawyer who will ask for cash:
Dear Winner
I want you to know that We are in receipt of your particulars and have submitted it to the South Africa gaming commission. Please be informed that you have two options Like I stated to redeem your winnings and pick up your certified banker’s cheque.
1. Your will be required to come down to the offices of the south Africa gaming commission here in Johannesburg to personally endorse the funds release documents,of which you are unable to so we are left with the second option below.
2.since you are not able to fly down,we will mandate an in-house attorney who is a gaming commission accredited attorney to carry out endorsement formalities on your behalf since it is by law mandatory that a registered and accredited attorney concludes all formalities regarding the winnings at the offices of the gaming commission and the south Africa revenue service.
Be informed that you will be required also to pay the south Africa gaming commission non resident/non citizen service charges, as there are charges that you will be required to pay as a non resident/non citizen.if you decide on option two, find below, the contact details of the attorney, to enable you make contact with him towards this end.
MR SIMON CARABO
CARABO & CARABO ASSOCIATES
109 JAN SMUTS ROAD, RANDBURG
JOHANNESBURG SOUTH AFRICA.
TEL: 27-73-7523444.
FAX: 27-11-5075465.
Email: caraboassociates@lawyer.com
You are advised to take urgent steps to process your winnings by taking into account timeframe stipulated for the redemption if winnings .
Its very important you call me for further details regarding this.
MR. DAVID MANSONDO
Tel: +27-73-7009720
Fax: +27-73-7006921
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
Here is an email from the fake lawyer, "MR CARABO":
Dear Winner,
Please find attached details of what is required of you to claim your prize winning as stipulated.
Call me as soon as you receive this message to acknowledge receipt,and for further clarifications.
Regards,
Barrister Simon Carabo.
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://www.mail.com/?sr=signup
The attached JPG files showed documents requesting payment of $999 for "Registration and Notarisation of your Power of Attorney at the Federal High Court and the Legal and Verification Department of the South African Gaming Commission". Payment was requested by Moneygram to the following recipient:
ILITONGO REEB 212 JAN SMUTS ROAD RANDBURG JOHANNESBURG 2001 SOUTH AFRICA.
Message headers:
Received: from [165.165.134.198] by ws1-1.us4.outblaze.com with http for caraboassociates@lawyer.com; Fri, 18 Feb 2005 09:04:47 -0500 From: "carabo carabo" <caraboassociates@lawyer.com>
WHOIS details for sending network (IP 165.165.134.198):
OrgName: Telkom
OrgID: TELKOM
Address: Soekor Building
Address: 151 Frans Conradie Ave
City: Parow
StateProv: Western Cape
PostalCode: 7500
Country: ZA
NetRange: 165.165.0.0 - 165.165.255.255
CIDR: 165.165.0.0/16
NetName: IPNET-ADSL
NetHandle: NET-165-165-0-0-1
Parent: NET-165-0-0-0-0
NetType: Direct Assignment
NameServer: IGUBU.SAIX.NET
NameServer: SANGOMA.SAIX.NET
NameServer: NS1.TELKOM.CO.ZA
Comment: Please contact abuse@saix.net for abuse queries
RegDate: 1993-06-30
Updated: 2003-08-27
AbuseHandle: TIA-ARIN
AbuseName: Telkom IPNet Abuse
AbusePhone: +27 12 6807561
AbuseEmail: abuse@saix.net
NOCHandle: TIN2-ARIN
NOCName: Telkom IPNet NNOC
NOCPhone: +27 12 6800224
NOCEmail: nnoc@saix.net
TechHandle: JDU24-ARIN
TechName: Du Preez, Johan
TechPhone: 012 6800067
TechEmail: johan@saix.net
OrgAbuseHandle: TIA-ARIN
OrgAbuseName: Telkom IPNet Abuse
OrgAbusePhone: +27 12 6807561
OrgAbuseEmail: abuse@saix.net
OrgTechHandle: TIN2-ARIN
OrgTechName: Telkom IPNet NNOC
OrgTechPhone: +27 12 6800224
OrgTechEmail: nnoc@saix.net
|