An example of an “Advance-fee scam” (similar to Nigerian 419 scam)

Advance-fee scam - Nigerian 419 scam

I just received an email from “a politician and a previous member of Ghana’s executive committee on contract awards”, wanting to “relocate funds in a foreigner’s name to avoid any trace” with US $19,500,000 for me if I take part in this deal.

This is obviously a scam of the type advance-fee, but I thought it might be interesting to share on my blog this example of real email, along with the headers and pretty much everything available about it.

Information about the email:

Received from: Mr. Wilson Kasowa <admin@terminal3.com.tw>
To: undisclosed-recipients
On my email pierre@ciholas.fr.
On Saturday 13/05/2017 at 03:22am British Summer Time.

Copy of the email text (format identical to original):

Compliment,

 

My name is Mr. Wilson Kasowa, a politician and a previous member of Ghana’s executive committee on contract awards.

 

My purpose of connecting you is to crave your indulgence to assist me in securing some funds abroad for safe keeping which I incidentally kept to help me finance my senatorial elections campaign under the party umbrella of National Democratic Congress (NDC) Last year December 2016, Unfortunately for me I lost the senatorial seat during my party conducted election primary to my opposition member under the same party umbrella.

 

But with my immediate contact, I was able to deposit some kickback money emanated from award of contracts awarded to Chinese and Malaysia companies in a security vault with a commercial bank in Ghana pending when I will found a trustworthy person to move out the fund from Ghana to oversea bank account for business investment.

 

The need to contact you arose from the fact that the present elected government vow to crack down on past immediate government functionaries of National Democratic Congress (NDC) and trying to trace all the funds that was made through contract awards and other mouth watering deals during our tenure in the office from the year 2008 to 2016, if they succeed in tracing this fund to me, they will seize it and thereby incapacitating my life time opportunities.

 

I wish to relocate this fund in a foreigner’s name to avoid any trace. All I need from you is an assurance that you can handle the amount involved (US$19,500,000) comfortably and that I can also trust you.

 

Be fully rest assured that there is no risk involved. I want you to immediately inform me of your willingness in assisting and co-operating with me, so that I can send you full details of this transaction.

 

Yours faithfully,

Mr. Wilson Kasowa

Copy of the email’s headers:

Return-Path: <admin@terminal3.com.tw>
Delivered-To: pierre@ciholas.fr
Received: from localhost (HELO queue) (127.0.0.1)
by localhost with SMTP; 13 May 2017 04:21:47 +0200
Received: from output1.mail.ovh.net (164.132.34.1)
by mail.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 13 May 2017 04:21:47 +0200
Received: from vr2.mail.ovh.net (unknown [10.101.8.2])
by out1.mail.ovh.net (Postfix) with ESMTP id 515FE25A2C
for <pierre@ciholas.fr>; Sat, 13 May 2017 04:21:47 +0200 (CEST)
Received: from in3.mail.ovh.net (unknown [10.101.4.3])
by vr2.mail.ovh.net (Postfix) with ESMTP id 40F9ABB24B
for <pierre@ciholas.fr>; Sat, 13 May 2017 04:21:47 +0200 (CEST)
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=210.5.175.136; helo=sococclients.sococ.com; envelope-from=admin@terminal3.com.tw; receiver=pierre@ciholas.fr
Received: from sococclients.sococ.com (sococclients.sococ.com [210.5.175.136])
by in3.mail.ovh.net (Postfix) with ESMTP id 8BA9E1152
for <pierre@ciholas.fr>; Sat, 13 May 2017 04:21:46 +0200 (CEST)
Received: from User (unknown [41.66.255.190])
by sococclients.sococ.com (Postfix) with ESMTP id ACD3BB40CC;
Sat, 13 May 2017 10:21:06 +0800 (HKT)
Reply-To: <kasowawilson@gmail.com>
From: “Mr. Wilson Kasowa”<admin@terminal3.com.tw>
Subject: [SPAM] From Wilson, Kindly Reply Back
Date: Sat, 13 May 2017 02:20:51 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset=”Windows-1251”
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20170513022106.ACD3BB40CC@sococclients.sococ.com>
To: undisclosed-recipients:;
X-Ovh-Tracer-Id: 7906913571351182960
X-VR-SPAMSTATE: SPAM
X-VR-SPAMSCORE: 540
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrfeeljedrtdekgdeigecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemuceftddtnecuoghunhguihhstghlohhsvgguucdlgedtmdenogfhohhrsghiugguvghnjfgurhculdehtddtmd
X-Ovh-Spam-Status: SPAM
X-Ovh-Spam-Reason: vr: SPAM; dkim: disabled; spf: disabled
X-Ovh-Message-Type: SPAM
X-Spam-Tag: YES

1 comment

Leave a Reply to alloy Cancel reply

Your email address will not be published. Required fields are marked *