Just thought I'd warn ppl about these 419 scammers who have just contacted me. I'm selling an item on Videogon, and yesterday got the following email:

--- On Sat, 6/27/09, optionalcare2g9@ymail.com <optionalcare2g9@ymail.com> wrote:

From: optionalcare2g9@ymail.com <optionalcare2g9@ymail.com>
Subject: Videogon listing: xxx
To: xxx
Date: Saturday, June 27, 2009, 2:21 PM

TO: hydra

We are a swiss bases trade association and we specialize in procuring electronic gadgets on behalf of our clients worldwide.
We have an order for the xxxx and our client is willing to pay the sum of $1,250.00 for the above item.
Payment + shipment will be remitted to you as soon as you get back with the necessary details needed.

Regards,
Walter

============================

FROM: Buyersoption (a member)
RE:

You can hit the REPLY button to respond,
or copy this address: optionalcare2g9@ymail.com

View the Item listing:
http://cgi.videogon.com/cgi-bin/cl.pl?projdlpa&125026345

Member Lookup (Buyersoption):
http://cgi.videogon.com/cgi-bin/searchm.pl?Buyersoption&1&usid

Already SOLD this item?:
http://cgi.videogon.com/cgi-bin/u_sold.pl?projdlpa&125026345&s&zzclass

Check all of your activities in MyPage:
http://cgi.videogon.com/cgi-bin/mypage.pl

This email was sent by the Videogon system.
Sat Jun 27 15:21:47 2009

Well ymail is a Yahoo account, so what is an equipment retailer doing using that, and not their own domain? And why are they explaining themselves? Nevertheless I responded, suggesting Paypal. Today I got this email:
Re: Videogon listing: xxx
Saturday, June 27, 2009 11:55 PM
From:
This sender is DomainKeys verified
"walter smith" <optionalcare2g9@ymail.com>
Add sender to Contacts
To:
"_ _" <xxx>
Is so good to hear from you once again.A personal check will be mailed to you as stated in one of the options of remitting payment and you need not to bother with the shipping because we already have a shipper,so as to make the shipment of the goods ordered by our clients easier and faster.Get back to me with the precise amount and details of how it will b picked up so that payment can be remitted to you ASAP.
Hmm, there aren't any 'Smiths' in Switzerland.

Well, Videogon's emailing system obscures source IP address (first email), but Yahoo's doesn't, and he sent this second to me from (and to) a Yahoo account. Let's look at the headers:
Re: Videogon listing: xxx
Saturday, June 27, 2009 11:55 PM
From walter smith Sat Jun 27 21:55:18 2009
Return-Path: <optionalcare2g9@ymail.com>
Authentication-Results: mta169.mail.ac4.yahoo.com from=ymail.com; domainkeys=pass (ok); from=ymail.com; dkim=pass (ok)
Received: from 68.142.237.108 (HELO n1.bullet.mail.re3.yahoo.com) (68.142.237.108) by mta169.mail.ac4.yahoo.com with SMTP; Sat, 27 Jun 2009 21:55:42 -0700
Received: from [68.142.230.28] by n1.bullet.mail.re3.yahoo.com with NNFMP; 28 Jun 2009 04:55:19 -0000
Received: from [67.195.9.83] by t1.bullet.re2.yahoo.com with NNFMP; 28 Jun 2009 04:55:19 -0000
Received: from [67.195.9.102] by t3.bullet.mail.gq1.yahoo.com with NNFMP; 28 Jun 2009 04:55:18 -0000
Received: from [127.0.0.1] by omp106.mail.gq1.yahoo.com with NNFMP; 28 Jun 2009 04:55:18 -0000
Received: (qmail 11865 invoked by uid 60001); 28 Jun 2009 04:55:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ymail.com; s=s1024; t=1246164918; bh=yiGkJgh7WIEbu8CuAbwRC8FDdi00sH3uVGgIfeEYMAg=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=qdkKraO5hUpDqRdPwWjyy49BQDkXTFGY5gnLqIPS/8se88o1R7CBeh3wj693yARPfEobRLX8GRjsEXjo8qj015pcNvSC/IyAEHNyZTaG5vuckd1SdrqtDld2vL+ReIWHgTSQJ2w1HSPL8H2dSgi9Oqzjb qU2RGZP4r2w=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=ymail.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=owWQqZTXlnzAPDov08/bqkJxCMgnQ5M0NtTihg0DPwDYks4jSghp3DL3p8WHZYmZRSGCA5FSQKrxTFx AAr/Sdd0Dpi1vmSqYlmdZqpEXjQtBbu1vLQ6XLUQng2O/aPpJd4UWZO3hYj+Gla1qMfzlnKUOZ/Z3Ix+4WLaBQ=;
Message-ID: <76916.11629.qm@web111902.mail.gq1.yahoo.com>
Received: from [41.219.210.110] by web111902.mail.gq1.yahoo.com via HTTP; Sat, 27 Jun 2009 21:55:18 PDT
References: <82664.24719.qm@web53303.mail.re2.yahoo.com>
Date: Sat, 27 Jun 2009 21:55:18 -0700 (PDT)
From: This sender is DomainKeys verified
walter smith <optionalcare2g9@ymail.com>
Add sender to Contacts
Subject: Re: Videogon listing: xxx
To: _ _ <xxx@yahoo.com>
In-Reply-To: <826604.2479.qm@web53303.mail.re2.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-76346013-1246164918=:11629"
Content-Length: 6184
So now we know his IP address is 41.219.210.110 .

Fire up VisualRoute (unfortunately no longer a Linux version, although it is Java so should be retrofittable), and this traces to Lagos, Nigeria. The idea is he would send me a worthless check, presumably drawn on a gold-plated Swiss bank but poorly printed, and hope I ship the item before it bounces. If you've never heard of this crime gang do a search on '419 scam'.

I am Prince Abuhdmahatmallammahumperdingdong from Shabooboo and I have randomly selected YOU out of the 6 billion people on the planet to will my fortune to! Just send me your bank account info and I will tranfser the funds into your account.

I'm not sure even Paypal is safe.

I've had several hundred "traveling" business people try to buy various items from me on craigslist.. and they even suggest Paypal themselves.. I asked around and was told that the buyer will claim to Paypal that they never received the item (or it was damaged) and you the seller will get %crewed when Paypal refunds their $$. I guess maybe you could then file a shipping insurance claim, but.. too much trouble.

Shane it reminds me of the Seinfeld episode, where Kramer is, "uh, H.E. Pennypacker. I'm a wealthy industrialist and philanthropist and, uh, a bicyclist. And, um, yes, I'm looking for a place where I can settle down with my, uh, peculiar habits, and, uh, the women that I frequent with." {sniffing wall}

Zim, yes I got had by this when I sold a Replay on eBay seven years ago for $1,200. He paid with Paypal, I shipped, he asked for tracking and I told him I just mailed it. Next thing I knew, my credit was reversed and I couldn't prove otherwise. He was "jewelerinpa" or somesuch. I never forgot or forgave Paypal for that, and stopped using them for 5 years until eBay made them mandatory.

quantumstate -- I'm glad you were able to sniff that one out (before committing to the transaction). That sounded like a scam from the very first response (and you were correctly suspicious from the start).

I looked up that IP address on ARIN (https://ws.arin.net/whois/index.html), and 41.xxx.xxx.xxx is the AFRINIC network (African Network Information Center), a prodigious source of Nigerian sourced scams, especially the ones that shane2943 paraphrased.

I hope you also notified Videogon of this bogus purchaser. They should have an obligation to protect their sellers & customers (especially when they block the true email address of the potential buyers).

I don't use Paypal that much (and then only with extreme caution), but I was under the impression that they had member protection from scams (at least within the last year or so).

Your and zim2dive's PayPal experience, has raised my precaution level another notch.

quantumstate -- A side note - I just looked at the "VisualRoute" web site. They mentioned that the Macintosh version was "Mac OS X 10.3+, universal binary". If it is a "universal binary", this might be possible to port to Linux.

There should also be a similar tool available for Linux, under a different name. You might want to try on the Linux Forums (www.linuxforums.org) - they seemed to be better than other Linux community forums. If I find any similar linux tool, I'll pass it on.

Hello CT_Wiebe, in fact I have gotten as far as receiving a "cheque" from these imbeciles, but it was so poorly made that when I deposited it to my bank into a purpose-built account, I warned them that it's probably counterfeit. Indeed it was, and of course I didn't ship the item.

They prey on those who have hopes. This is the most despicable kind of crime, and I am surprised that some high-net-worth individual hasn't sent a 'team' over there yet. I guess most are too cowardly.

In fact I did immediately notify Videogon of what I found. Here's their response:
Helllo,

Thank you or the information.
We will take care of this.

Videogon staff

Well, what they've actually done, is another question. But at least I tried.

As to VisualRoute, I suspicion that the Mac version won't run particularly well on Linux systems, and the restrictions are to ensure their pay model. I don't know how the software is designed, but it appears to have a Winduhs or OS-X wrapper around a Java core. That Java core, if not fundamentally hooked to the wrappers, may well run just fine on Linux Java systems. I don't have time to investigate, as I am presently researching the setting up of a torrent daemon in a virtualbox jail, to prevent intrusions.

I don't know if it compares but on Linux xtraceroute has been around forever:

http://www.dtek.chalmers.se/~d3august/xt/

Quantumstate, you are quite exaggerating when you say " This is the most despicable kind of crime"!
Ther are much worse crimes!! (in increasing order: robbery, murder, mass-murder, starting a war, being a politician, being a bankster, ...)
Those Nigerians only try to claw back some of that wealth that western colonial powers (and currently western corporations) have stolen from them...

Yeah, that Nigerian scam is as old as quantumstate and CT_Wiebe combined! :p

If you're gonna sell something and use PayPal to collect payment, be sure to have it insured and require signature on delivery (finding out before-hand how much that would cost and charging the customer for it, of course). That way you can dispute any claims that it didn't get there or it was damaged.

Also, here's my new video (http://www.youtube.com/watch?v=Bi9qKNMpKcY). I used cinelerra for all of the awesome video transitions. :D

tux99 -- Traceroute, in its various flavors has been around longer than Windows.

However, you are being too generous concerning these scams - it is robbery. You are also being unfair to the Nigerian population. Due to the Nigerian government's attitudes and corruption, these organizations are allowed to operate from that country (and perpetrated by non-Nigerians). Therefore, they are free to conduct internet robbery, including identity theft (as alluded to by shane2943).

TomKooze -- Wow - thanks for the compliment. However, that would make those scams older than computers:rolleyes:. I can't speak for quantumstate, but I am North of 70.

TomKooze -- Wow - thanks for the compliment. However, that would make those scams older than computers:rolleyes:. I can't speak for quantumstate, but I am North of 70.
LOL, you know that I'm just funnin' with you. Actually, I think quantumstate is around 102...:D

Seriously, though, these types of scams have been around forever, and you've got to know what to look out for. QS has a good nose for it as he presented in OP. There are methods for checking validity, and we should always be skeptical of people that we don't know personally.

CT_Wiebe, I wasn't talking about traceroute but about Xtraceroute as a Linux alternative to VisualRoute with the route being displayed on a globe graphically.


However, you are being too generous concerning these scams - it is robbery.

Certainly not robbery, if anything it's theft or rather fraud:
"Robbery is the crime of seizing property through violence or intimidation. At common law, robbery is defined as taking the property of another, with the intent to permanently deprive the person of that property, by means of force or fear.[1] Precise definitions of the offence may vary between jurisdictions. Robbery differs from simple theft by necessarily involving force or a threat of force."
http://en.wikipedia.org/wiki/Robbery

I'm glad you would go so easy on these scammers tux, if they took your $1,200. Or then again, maybe you're just being contrary with me... :[

Meh, newest release of xtraceroute is six years old. This won't be accurate with newer switches & routers.

Well CT, then in a couple of days our combined ages will be 125, that is if my liver holds out that long. Hurts like a body headache.
... although, fifty is the New Thirty, you know.

I'm glad you would go so easy on these scammers tux, if they took your $1,200. Or then again, maybe you're just being contrary with me... :[


I was just being objective by putting things into perspective, it certainly wasn't anything personal and as far as I understood you didn't fall for the con, so you haven't lost anything.
My apologies if I somehow offended you.

QS -- = 127.625 :D. Knock on wood, I'm just slowing down, and my back hurts if I over-exert myself.

Tux -- Thanks for the legalese. I guess "robbery" is theft with "special circumstances" - :p.

We now return you to your regular programming. . . . .

I just wonder if a virus could be sent to the person/s via e-mail to mess up their computer for a while? :D Maybe a bomb in the package also??? :eek: Not that I would condone that type of vengeance myself.

Sure. There are virii that will infect by the simple opening of an email or webpage, if they're running Winduhs. (which they surely are) But they are like cockroaches and will just reinstall their OS. They have nothing of value to take, so there's no use in that. But for someone really up on their skillz it might be interesting.