It is currently Sun Mar 07, 2021 3:19 pm    

*

Romance Scam

Please report romance scams and dating scams here. We accept reports on Russian scammers and Nigerian scammers.

Disclaimer regarding pictures posted on the board: please understand that you are NOT looking at the pictures of people who are actually scamming you. The people portrayed on these photos are innocent men and women, NOT involved in scamming in any way and have nothing to do with scammers. The scammers are using their images without their knowledge or permission to deceive their victims and steal their money.



Join our SCAM FREE DATING SITE
Readnotify - trace your emails, get IPs
RESEARCH SCAMMERS BY NAME
Forum rules:

** PLEASE READ BEFORE POSTING!

RESEARCH SCAMMERS BY EMAIL

Password phishing emails originating from West Africa

419 Scams, Lottery scams & Other African Dangers to Beware Of
User avatar
spanky
Scam Buster
Posts: 1233
Joined: Sun Jul 21, 2013 5:45 pm
Location: USA


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby spanky » Sat Sep 26, 2015 5:33 pm

From: "Apple" <noreply@apple.com>
Date: Sat, 26 Sep 2015

Dear Customer,

Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended.

Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information. 

Download the attached and open it in your browser and make your request.

Wondering why you got this email?
This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted.

Thanks,
Apple Customer Support

 
We were not foolish to fall in love with them. Our mistake was not knowing that we fell in love with fools.

Re: Password phishing emails originating from West Africa

Sponsor

verispy.com
Sponsor
 

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Fri Oct 09, 2015 6:39 pm

Email Administrator <oche2oche1@gmail.com>

Dear Customer,
Your Email account expires today and will be disabled if you don't upgrade it

1992MB
2000MB
The remaining capacity of your Mailbox is less than 15%. Your email account will be suspended or SHUTDOWN PERMANENTLY,
which means you will no longer receive or send messages until your account is upgraded.

Kindly UPGRADE YOUR ACCOUNT NOW for Unlimited MB space to your mailbox.




BEST REGARDS.
Copyright webmaster! 2015 Email Administrator. All rights reserved.
****************************** ****************************** ****************************** ****************************** ****************************** ****************************** ***************
CONFIDENTIALITY. This e-mail and any attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose, or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Webmaster. If you have received this e-mail>
****************************** ****************************** ****************************** ****************************** ****************************** ****

Subject: Email Account Termination
From: Email Administrator <oche2oche1@gmail.com>
To: undisclosed-recipients:;
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
IceFM
Moderator
Posts: 77228
Joined: Fri Nov 16, 2007 10:06 am


Bookmark and Share

info@wwweddings.com.au

Postby IceFM » Fri Oct 23, 2015 2:00 pm

Dear Customer

How are you doing today l hope all is well with you and your family. This message is coming from world Bank PLC. we will like you to your transaction by login to your website below:

fnins.net/wp-includes/gbdoc/pdf_file/Dropbox.html

login with your e-mail and password to confirm your funds.

World Bank
------------------------------------------------------------------------------------------------------
+++ The FAQ / FAQ in deutsch +++

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Tue Oct 27, 2015 12:41 pm

Zenith Bank Plc <jessicalondon@info.comenity.net>
This message contains blocked images.
Zenith BankCBN BVN REG


Dear Customer

This is to bring to your notice that your ZenithDirect account has been listed for SUSPENSION.

This is because you have not validated/registered your Biometric Verification Number with your ZenithDirect account.

Follow this reference to START VALIDATION / REGISTRATION hivetrading.com/js/dix/info.php

All information must be filled correctly

NOTE: All atm and internet banking channel will be disabled and your remote access will be blocked within 12 hours failure to comply


Thank you for banking with ZenithBank
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Wed Nov 11, 2015 9:30 pm

You are Will be Block Today
Mail Update <ralstonaj64@aol.com>

Dear User

Your billing information needs to be updated within 24Hours, If this is not done we shall suspend and Block your account Please Click Here to Update now.

Yahoo Office!2015


Received: from SERVER2003 (host183-165-static.14-188-b.business.telecomitalia.it [188.14.165.183])
From: "Mail Update" <ralstonaj64@aol.com>
Subject: You are Will be Block Today
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Wed Nov 11, 2015 9:37 pm

Your Email Will Be Blocked Today
Mail Office <trincom721@aol.com>
Dear Mail Users,

Your billing information needs to be updated within 24Hours, If this is not done we shall suspend your account and Blcoked Please Click Here to Upgrade to the new Yahoo Mail 7 now to avoid losing access to your mail box.


Regards,
Yahoo Office 2015 Inc.

Received: from server (unknown [203.109.70.207])
by mtaout-mcd01.mx.aol.com (MUA/Third Party Client Interface)
From: "Mail Office" <trincom721@aol.com>
Subject: Your Email Will Be Blocked Today
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Tue Nov 24, 2015 10:48 am

E-mail Updates Required
Service Update <shagfella@aol.com> :mrgreen: :mrgreen:

Dear Valid User

Your two incoming mails were placed on pending status due to the recent upgrade to our database, In order to receive the messages Update Now to login and wait for responds from Yahoo User.

Customer Care Team

...................

Received: from EMIOLARO-PC (unknown [197.242.110.36])

^^
IP: 197.242.110.36
Country: Nigeria
City: Lagos
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Fri Nov 27, 2015 1:30 pm

Return-Path: <scottsanchez@live.com>
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
by sloti25t02 (Cyrus 3.0.0-beta1-git-fastmail-11933) with LMTPA;
Thu, 26 Nov 2015 06:01:45 -0500
X-Sieve: CMU Sieve 2.4
X-Spam-charsets: plain='US-ASCII', html='UTF-8'
X-Mail-from: scottsanchez@live.com
Received: from mx6 ([10.202.2.205])
by compute4.internal (LMTPProxy); Thu, 26 Nov 2015 06:01:45 -0500
Received: from mx6.messagingengine.com (localhost [127.0.0.1])
by mx6.nyi.internal (Postfix) with ESMTP id 4B3A2900111
Received: from mx6.nyi.internal (localhost [127.0.0.1])
by mx6.messagingengine.com (Authentication Milter) with ESMTP
id 64AD063CF10.0B95C90022D;
Authentication-Results: mx6.messagingengine.com;
dkim=none (no signatures found);
dmarc=fail (p=none) header.from=live.com;
spf=softfail smtp.mailfrom=scottsanchez@live.com smtp.helo=cobra.websitewelcome.com
Received-SPF: softfail (live.com: Sender is not authorized by default to use 'scottsanchez@live.com' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mx6.messagingengine.com; identity=mailfrom; envelope-from="scottsanchez@live.com"; helo=cobra.websitewelcome.com; client-ip=192.185.82.219
Received: from cobra.websitewelcome.com (cobra.websitewelcome.com [192.185.82.219])
Received: from [127.0.0.1] (port=25892 helo=www.westcoastlines1.com)
by cobra.websitewelcome.com with esmtpa (Exim 4.85)
(envelope-from <scottsanchez@live.com>)
From: Scott Sanchez <scottsanchez@live.com>
To: undisclosed-recipients:;
Subject: My Pictures for you.
Organization: Yes.
Message-ID: <2712395fa3b2b5736510d40e5eafdef2@westcoastlines1.com>
X-Sender: scottsanchez@live.com
User-Agent: Roundcube Webmail/1.0.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cobra.websitewelcome.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - live.com
X-BWhitelist: no
X-Source-IP: 127.0.0.1
X-Exim-ID: 1a1uHa-000SrV-DL
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (westcoastlines1.com) [127.0.0.1]:25892
X-Source-Auth: westcoas
X-Email-Count: 356
X-Source-Cap: d2VzdGNvYXM7aWFrbWVkaWE7Y29icmEud2Vic2l0ZXdlbGNvbWUuY29t

Here are my new pictures on my google drive, Click here [1] to view.
Just for you. I know you would love them.

Scott

Links:
------
[1] westcoastlines1.com/pictures/newpictures/newgoogledocs/ <== dont´touch it!
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Fri Nov 27, 2015 1:52 pm

AccessOnline Disabled
Access Bank <billing@ipnxnigeria.net> :twisted: :twisted: :twisted: :twisted:

Dear user,

Please note that your AccessOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..

Kindly re-validate your BVN number with your online account, follow our site below immediately accessbankplc.com/aboutscontact/RetailBank/

Your account will be disabled if you fail to go through this process completely.

To add security features to your account, sign in through here accessbankplc.com/home//

Thank you for choosing Access Bank, Your Bank.


Return-Path: <cashingout@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from cashingout by server88-208-236-94.live-servers.net with local (Exim 4.86)
(envelope-from <cashingout@server88-208-236-94.live-servers.net>)
From: =?utf-8?Q?Access=20Bank?= <billing@ipnxnigeria.net>
Subject: =?utf-8?Q?AccessOnline=20Disabled?=
Message-ID: <6c30a838d89f3aa7a8fd363926ed6d72@88.208.236.94>
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server88-208-236-94.live-servers.net
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [500 499] / [47 12]
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: cashingout/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: server88-208-236-94.live-servers.net: cashingout
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/cashingout/public_html/connect/index.php
X-Source-Dir: cashingout.com:/public_html/connect
Content-Length: 3114
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Fri Dec 11, 2015 8:39 pm

Suspicious Login Alert
Zenith Bank <coachhartley@vzw.blackberry.net>

Dear Valued Customer,

Zenith Internet Banking Login Alert

There was a successful login to your Zenith Internet Banking account
Time: Friday, December 11, 2015 4:01 PM.

If you did not login to your Internet Banking account, kindly contact ZenithDirect on the Link below

ibank.zenithbank.com/internetbanking/index.jsp

stating your account details

Thank You
Zenith Bank

Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
X-Originating-IP: [88.208.236.94]
Authentication-Results: mta1525.mail.ne1.yahoo.com from=vzw.blackberry.net; domainkeys=neutral (no sig); from=vzw.blackberry.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)
Received: from niceworkover by server88-208-236-94.live-servers.net with local (Exim 4.86)
X-AntiAbuse: Sender Address Domain - server88-208-236-94.live-servers.net
X-Get-Message-Sender-Via: server88-208-236-94.live-servers.net: authenticated_id: niceworkover/only user confirmed/virtual account not confirmed
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Mon Jan 04, 2016 7:38 pm

Email Alert Notification
Yahoo Account Upgrade <info@integrationint.org>

--

Yahoo


Dear E-mail Client,

You have exhausted the 5GB Bandwidth of your email account and for this reason some of your incoming mails with files and documents above 50KB have been filtered and placed pending.

Your e-mail account's Bandwidth has been upgraded to 10GB to enable us serve you better. Kindly Click on the below link to complete the upgrade on your account in order to receive your pending mails and enjoy better quality and efficient service delivery.



Follow this link to complete the process: CLICK HERE

Code: Select all

google.com/url?q=http%3A%2F%2Ftinyurl.com%2Fpalhzeg&sa=D&sntz=1&usg=AFQjCNFcaBdEP84OwcotuCHRJR87giRkqw
<=evil linky


Once the information provided matches the records on our database, your account will function normal again.

Sincerely,

Mail Service Team.
****************************************************************************************** *****************************************************************************************
Disclaimer:

The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information.If you are not the intended recipient of this message any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited and your are requested to notify the sender & delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly forbidden.


Received: from 127.0.0.1 (EHLO si-002-i40.relay.mailchannels.net) (184.154.112.205)
X-Sender-Id: asmallorange|x-authuser|ydd.lagosregion@apostolicfaithweca.org
Received: from uscentral46.myserverhosts.com (uscentral46.myserverhosts.com [10.244.170.92])
Received: from [::1] (port=46816 helo=uscentral46.myserverhosts.com)
From: Yahoo Account Upgrade <info@integrationint.org>
To: undisclosed-recipients:;
Subject: Email Alert Notification
Reply-To: mail@upgrade.com
Mail-Reply-To: mail@upgrade.com
Message-ID: <5b02cc2296875ec5118a0372a4a37836@apostolicfaithweca.org>
X-Sender: info@integrationint.org
User-Agent: Roundcube Webmail/1.0.6
X-AuthUser: ydd.lagosregion@apostolicfaithweca.org :mrgreen: :mrgreen:
Content-Length: 11513
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Sun Jan 17, 2016 5:04 pm

ZenithOnline Disabled
Zenith Bank <kelechio@philipsoutsourcing.net>


Dear user,

Please note that your ZenithOnline ACCOUNT has been DISABLED to transact with your card internationally at the ATM, POS or online..

Kindly re-validate your BVN number with your online account, follow our site below immediately ibank.zenithbank.com/internetbanking/

Your account will be disabled if you fail to go through this process completely.

To add security features to your account, sign in through here ibank.zenithbank.com/home/

Thank you for choosing Zenith Bank, Your Bank.


Return-Path: <niceworkover@server88-208-236-94.live-servers.net>
Received: from 127.0.0.1 (EHLO server88-208-236-94.live-servers.net) (88.208.236.94)confirmed/virtual account not confirmed
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Yahoo <sani.f@aun.edu.ng>

Postby FrumpyBB » Tue Jan 19, 2016 11:49 pm

This password phishing scammer "Sani F." abuses facilities of the American University of Nigeria ("aun.edu.ng").The University is located in the city of Yola, capital of Adamawa, one of Nigeria's 36 states.

........................
Email termination
Yahoo <sani.f@aun.edu.ng>
To: undisclosed-recipients:;

Dear User,

You are required to authenticate your account below to continue sending and receiving messages.

We strongly advice you follow this link to protect your mail and avoid termination.
Regards copyright © 2015 All rights reserved.
------------------------------ ------------------------------ -------------------
Yahoo!
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

User avatar
coolbreeze1975
R.I.P.
Posts: 13746
Joined: Thu Nov 10, 2011 4:38 pm
Location: Somewhere over the rainbow with a Martini, stirred, not shaken


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby coolbreeze1975 » Fri Feb 05, 2016 10:09 pm

email addy = chase.alert@comcast.net

IP NOT IN RS DB – I will post to MF

IP: 96.114.154.236
ISP: Comcast Cable
Continent: North America
Country: United States

header =

Return-Path: <chase.alert@comcast.net>
Received: from resqmta-po-02v.sys.comcast.net (resqmta-po-02v.sys.comcast.net [96.114.154.161])

email



Dear Chase Online(SM) Customer,
Your account has been locked temporarily in order to protect it. We observed multiple login attempt error while login in to your online banking account. We have believed that someone other than you is trying to access your account.
To get started, please click the link below:
Sign in to Online Banking
This instruction has been sent to all bank customers and is obligatory to follow.
Thank you,
Customers Support Service.
:cool: CB1975

“Health is like money, we never have a true idea of its value until we lose it.”
~Josh Billings

User avatar
FrumpyBB
Site Admin
Posts: 63714
Joined: Sun Apr 06, 2008 7:35 pm
Location: Central Europe


Bookmark and Share

Re: Password phishing emails originating from West Africa

Postby FrumpyBB » Sun Feb 07, 2016 8:44 pm

UBA Online Deactivation
UBACFC <sunmap@gridconsulting.net>
ubagroup.com
Dear Valued Customer,


Based on CBN Directive from 1st January 2016, We have moved our Udirect online banking site to a more safe and secured server.

Please Click here to upgrade to the new server and secure your account from fraud
blackbearridgeresort.info/Sources/call/infos.php <<DONTCHA CLICK THIS!



To continue on the current site, add security features to your account, sign in through here ibank.ubagroup.com/corp/AuthenticationController <<DONTCHA CLICK THIS! EVEN THO THIS LINK LOOKS REAL.

NOTE: Follow the security process above carefully and completely to avoid deactivation of your online account with us..

Your Online Banking security is very important to us..


Thank you.



Return-Path: <finish@8288736.securefastserver.com>
X-Originating-IP: [204.44.119.21]
Authentication-Results: mta1293.mail.bf1.yahoo.com from=gridconsulting.net; domainkeys=neutral (no sig); from=gridconsulting.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO 8288736.securefastserver.com) (204.44.119.21)
Received: from finish by 8288736.securefastserver.com with local (Exim 4.86)
(envelope-from <finish@8288736.securefastserver.com>)
From: =?utf-8?Q?UBACFC?= <sunmap@gridconsulting.net>
Subject: =?utf-8?Q?UBA=20Online=20Deactivation?=
X-AntiAbuse: Original Domain - yahoo.com
X-Source-Args: /usr/bin/php /home/finish/public_html/mailer/index.php
X-Source-Dir: finish.com:/public_html/mailer
Please try your best to block ALL your scammer´s still incoming messages and calls!

What is all this? => The FAQ

The scammers vs. Why is "he" still doing it?

Why is alerting the man in the pictures DANGEROUS?

Please click why confronting my scammer is terribly wrong :)

Return to “Other types of African scams”

Who is online

Users browsing this forum: No registered users and 2 guests

cron