Avoid Internet Scams : How to Avoid Job Scams & Internet Dating Scams.

Avoid Internet Scams
How to Avoid Job Scams & Internet Dating Scams.

Last Updated Sep 28, 2009
Don't be SCAMMED!
Scammers hide their location

Have you received an email job offer???

Are you dating someone on the internet???

Are they really from the United States???
Is she really from Kiev or the city she claims???
Below are steps to open the email header of:

The ip address on the header can help you find their location

If you like things easy just use an

gmail

1. Click on her email and open it.

2. At the top of the page click the blue down arrow button on the right side of "Reply".

3. At the bottom of this new box click "Show original" and a new page will open.

4.On the new page look for X-Mailer: The Bat! If you see it look no further. It is a scam! X-Mailer is a mass mailing software that spammers use. Less popular are FC'2000, Becky and Communigate Pro.

5. If you do not see X-Mailer check the "Received: from" ip addresses.

click "Lookup" to find the actual location. If the IP addresses do not match her city or nearby major city then it is a scam.

if you see: Received: from [10.225.15.75] - it is not the origin

You should ask them to use Yahoo or Hotmail.
Or use an email tracker at the bottom of this page

Note: Some gmails cannot show the senders ip
Use this instead:

You will see something like this after clicking "Show original":

X-Gmail-Received: 6747e76f69bc277134418c8599197cba55879025
Delivered-To: sucker@gmail.com
Received: by 10.70.79.5 with SMTP id c5cs802wxb;
        Fri, 3 Mar 2006 21:34:04 -0800 (PST)
Received: by 10.67.31.1 with SMTP id i1mr1958457ugj;
        Fri, 03 Mar 2006 21:34:02 -0800 (PST)
Return-Path:
Received: from mx18.yandex.ru (mx18.yandex.ru [213.180.200.18])
        by mx.gmail.com with ESMTP id j2si3260258ugf.2006.03.03.21.34.00;
        Fri, 03 Mar 2006 21:34:02 -0800 (PST)
Received-SPF: pass (gmail.com: domain of Angelelena@yandex.ru designates 213.180.200.18 as permitted sender)
Received: from 3.237.dialup.mari-el.ru ([217.107.237.3]:64516 "EHLO
217.107.237.3" smtp-auth: "Angelelena" TLS-CIPHER: TLS-PEER-CN1:
) by mail.yandex.ru with ESMTP id S3375757AbWCDFdv (ORCPT
); Sat, 4 Mar 2006 08:33:51 +0300
Date: Sat, 4 Mar 2006 08:29:09 +0300
From: Elena
X-Mailer: The Bat! (v1.51) Personal
Reply-To: Elena Vasileva
X-Priority: 3 (Normal)

Yahoo

1. Click Full Headers at the lower right hand corner of the page and a new page will open.

2. On the new page look for "X-Mailer: The Bat!" . If you see it look no further. It is a scam! X-Mailer is a mass mailing software that spammers use. Less popular are FC'2000, Becky and Communigate Pro.

3. If you do not see X-Mailer check the "Received: from" or last Received:

ip addresses.

click "Lookup" to find the actual location. If the ip addresses do not match her city or nearby major city then it is a scam.

You will see something like this:

X-Apparently-To: sucker@yahoo.com via 209.191.87.82; Sun, 26 Feb 2006 07:13:10 -0800

X-Originating-IP: [81.19.66.30]

Return-Path: <elenagoo@rambler.ru>

Authentication-Results: mta197.mail.re2.yahoo.com from=rambler.ru; domainkeys=neutral (no sig)

Received: from 81.19.66.30 (EHLO mxb.rambler.ru) (81.19.66.30) by mta197.mail.re2.yahoo.com with SMTP; Sun, 26 Feb 2006 07:13:10 -0800

Received: from mailc.rambler.ru (mailc.rambler.ru [81.19.66.27]) by mxb.rambler.ru (Postfix) with ESMTP id C61F83214D for <sucker@yahoo.com> Sun, 26 Feb 2006 18:13:09 +0300 (MSK)

Received: from user.mshome.net (87.237.dialup.mari-el.ru [217.107.237.87]) (authenticated bits=0) by mailc.rambler.ru (8.12.10/8.12.10) with ESMTP id k1QF8H2M033293 for <sucker@yahoo.com> Sun, 26 Feb 2006 18:13:09 +0300 (MSK)

Date: Sun, 26 Feb 2006 17:57:39 +0300

From: "Elena" <Elenagoo@rambler.ru> View Contact Details Add Mobile Alert

X-Mailer: The Bat! (v1.51) Personal

Reply-to: Elena <Elenagoo@rambler.ru>

X-Priority: 3 (Normal)

Message-ID: <16011046804.20060226175739@rambler.ru>

To: "SUCKER" <sucker@yahoo.com>

Subject: Hello !!!

In-Reply-To: <20060224043757.14201.qmail@web37505.mail.mud.yahoo.com>

References: <20060224043757.14201.qmail@web37505.mail.mud.yahoo.com>

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

X-Auth-User: Elenagoo, whoson: (null)

Content-Length: 586

hotmail

1. Click "Inbox"

2. Right click on her email and you will get a box.

3. Left click "View message source" and a new page will open.

4. On the new page look for "X-Mailer: The Bat!". If you see it look no further. It is a scam! X-Mailer is the most common mass mailing software that spammers use. Less popular are FC'2000, Becky and CommuniGate Pro.

5. You can also check the "Received: from" or "X-Originating-IP" and ip addresses.

click "Lookup" to find the actual location. If the ip addresses do not match her city or nearby major city then it is a scam.

You will see something like this:

Received: from smtp1.yandex.ru ([213.180.200.14]) by bay0-mc6-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Fri, 3 Mar 2006 01:52:18 -0800
Received: from [82.198.27.177] ([82.198.27.177]:38404 "EHLO SERVAK" smtp-auth:"Elenabeautysun2005" TLS-CIPHER: <none> TLS-PEER-CN1: <none>)by mail.yandex.ru with ESMTP id S2078031AbWCCJwH (ORCPT<rfc822; SUCKER@hotmail.com>); Fri, 3 Mar 2006 12:52:07 +0300
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
X-Mailer: The Bat! (v1.51) Personal
References: <BAY22-F90C3E924EF36E46B15949A7F50@phx.gbl>
Return-Path: Elenabeautysun2005@yandex.ru
X-OriginalArrivalTime: 03 Mar 2006 09:52:18.0724 (UTC) FILETIME=[28D6EE40:01C63EA8]

Results of an IP Address

By opening an email header you can see where her email is coming from. The ip address listed may not be her actual city but a nearby city where her ISP is located. Also, some scammers use a proxy, i.e. another server. Thus, you can never know their original location unless you use an email tracker on the bottom of this page. However the proxy they use will not be in the city she lives in. Even if they could get a proxy in their scam city the ip will never be under the "Received: from" . If the scammers were geniuses and found a way we should remember: never send money. A good Russian woman will never ask for money, remember that.

If the ip address begins with "10" then it is not their location.

The following came from 10.229.15.75 and is not their location

4676 Admiralty Way, Suite 330,
Marina del Rey CA

If the "Received: from" ip address you entered gives you "Marina del Ray" then we know is it is not their location.

On the same page below Marina del Ray :
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG

IANA = "Internet Assigned Numbers Authority"
IANA has nothing to do with the email you received. IANA uses extra set of ip addresses that begin with 10,127, 169, 172 or 192. They are used in private networks for computers, modems and routers and should never appear on the internet email headers unless it is gmail. In other words if you get Marina del Ray, IANA or an ip address with the above prefix, it means someone is hiding their ip address or not revealing it like gmail does. It could also be from another country like Amsterdam. Again, if it is gmail and the ip begins with a 10 we cannot find their location unless you use an email tracker. Also look at "Received: by" to find their location. If it still begins with 10 or you still get Marina del Ray then we will have to dig deeper using all the Whois from different parts of the world. If you get Marina del Ray or no answer then proceed to the next whois. If you finally get a country then maybe it is from there.
For example if I use

10.229.15.75 
in the RIPE NCC's Whois I get "Amsterdam" but nothing in the other whois'.

It could be from Amsterdam but we cannot be certain. If it is gmail we must use an email tracker when we get an ip address that begins with "10"


Anyone can hide their ip address with some type of software .
However, if you cannot see an ip or if it does not match a major city near them 
than you know they are scammers.

WHOIS

Use this one first since most scams are from here:
Europe, the Middle East, Central Asia, and African countries located north of the equator
Click here for the RIPE NCC's Whois.

Central and Southern African Region Click here for AfriNIC's Whois.

Asia/Pacific Region
Click here for APNIC's Whois.

Canada, the United States, and several islands in the Caribbean Sea and North Atlantic Ocean
Click here for ARIN's Whois.

Latin America and some Caribbean Islands
Click here for LACNIC's Whois.

If you get some crappy weird stuff after the "Received: from" then it is a scam.
They inserted instructions to their mass mailer application.

Example:

Received: from %RNDUCCHAR1524 (j236.128.26.76.%RNDLCCHAR15357.ti.yahoo.com 96.208.178.254)
     by mail08.t.yahoo.com (47.1.777akv719/%RNDDIGIT12.4.50) with SMTP id fwf54N4Wnto%RNDDIGIT15;
     Wed, 06 Oct 2004 09:22:39 +0500

Email Trackers

Put Scammers Out of Business!!!
A scammer cannot hide with an email tracker.

Whoreadme can find their location even if they use a proxy. It's all free and just as good as ReadNotify and easier than Bigstring. Sign up at their website and add any email you want to use. Then send an email and wait. When the scammer opens it you will receive a notice in your original email with the scammers original physical location and the time it was opened. Another way is by going to Whoreadme's website and if you click "more information" it will also show you the actual location of the scammer. They say later you will only need to add a suffix domain like ReadNotify. Like other email trackers, you can use any email.
Click here:

ReadNotify is easier to use. However it is not accurate as Bigstring. One email said it was 43% sure it was from California. When we sent the same email with Bigstring it narrowed it down to Nigeria. Many scammers come from Nigeria. It does have a free trial and can cost only $4 per month. I recommend it for personal use rather than finding a scammer. First register then all you have to do is add ".readnotify.com" at the end of the email you want to track then click send. When the scammer opens it you will receive a notice in your original email with the scammers location. It has more details than Whoreadme. I personally had some trouble registering. After the 3rd try it registered. You can send it from any email software including gmail, yahoo, hotmail, etc..
Click here:

Bigstring can find their location even if they use a proxy. Unlike the previous trackers it will not send you a notice to your original email when the scammer opens it. You have to go to their website. It's an email provider that can track an email you send and tell you where the other person is. It is better in finding a scammer than ReadNotify. We also like the nice blue dog that floats across your screen. First you add your own email, compose then send it. It hides the bigstring domain if you set your added email as default. Click "Preferences" then "Masquerade" then add your email. Click "Sent" in the left hand column then highlight the email you want to read. Then waive your cursor underneath the word "Views" and it will show the ip address of the one who opened it. It will also show how many times they viewed it and the time it was opened. It works.
Click here:

Note:
If it seems they never opened your email then it means
they did not click "Display Images Below" (gmail) or "Show content" (hotmail).
It must be clicked to get a response to your email.
You might send it again with an attachment or photo so they will open it.
If they do not open it they are scammers.

Free Email Tracking Service - WhoReadMe.com

Site of the Week

Get your fiancee a Visa!

Fiancee Visa Service

questions or comments:

bluewebnews@gmail.com

Visitors

Alienware

Ask our Mother for help.

Our Lady of Kazan

If this website helped you