An
Email with the Subject "Urquhart" was
received in one of Scamdex's honeypot email accounts on Tue, 23 Jun 2015 01:07:11 -0700
and has been classified as a Advance Fee Fraud/419 Scam Email.
The sender shows as jos <jos.chamberstg@gmail.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
death5 million deceasedcontactclaim millionresponseclienturgentmailusdchamberstg@gmail.comgerzayn@gmail.comwarmesq. will dear
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => mxw@o7e.net
[delivery-date:] => Tue, 23 Jun 2015 01:07:12 -0700
[received:] => Array
(
[0] => from smtpout040.ash2.facebook.com ([66.220.157.103]:24791 helo=smtpin.mx.facebook.com)by bigcat.newsblaze.com with esmtp (Exim 4.85)(envelope-from )id 1Z7JEL-0008Ox-Krfor mxw@o7e.net; Tue, 23 Jun 2015 01:07:11 -0700
[1] => from [209.85.216.41] ([209.85.216.41:45734] helo=mail-vn0-f41.google.com)by 10.224.57.27 (envelope-from )(ecelerity 2.2.3.50 r(45166/45167)) with ESMTPS (cipher=DHE-RSA-AES128-SHAsubject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com") id C0/68-32714-A9319855; Tue, 23 Jun 2015 01:06:50 -0700
[2] => by mail-vn0-f41.google.com with SMTP id g1so322751vnb.12 for ; Tue, 23 Jun 2015 01:06:51 -0700 (PDT)
[3] => by 10.31.189.67 with HTTP; Tue, 23 Jun 2015 01:06:51 -0700 (PDT)
)
[dkim-signature:] => Array
(
[0] => v=1; a=rsa-sha256; d=fwd.facebook.com; s=s1024-2014-q3; c=relaxed/simple;q=dns/txt; i=@fwd.facebook.com; t=1435046811;h=From:Subject:X-:Date:To:MIME-Version:Content-Type:Authentication-Results;bh=Svf1BCwheeGI0i+5U0QPdTl17+xXffBILsG59dArsjQ=;b=myHlAeuuuNXFb7wlqzIQLQbn2xaJjAB7uxgGrFPg3SvOlbm5zMDchb2N1xOoeXx9IcbfdhEF+figD0LeNbr1ndMu8YVIfylU2lvdJoPU9tAf3/fQ0DHo5gPiir5VYBNKPhwB9vCnCX6+eelm+IGdVGQ3Ulbkz4yW52O+rfduITE=;
[1] => v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=X5qDAgqwBAI6STN9OLJTFQj+aRgCg5OcRpA+VAXfO/4=; b=IvHszJrstCRFW7kkiq21cvt/y0dgN29ewGLLhHxieW0+wBPQW6Vq8p+rpvo2/Prn16 P4eb0TYmoB7n4YozBsXqg0DBUq49oWZGowH/jWe/s1tY6JB+Q6hDLU6YbQdBc9gSoYv3 ir3HGIifTZ53DnL0ZbzFoTEaPxZLWgQIa5b3hCqPLMv+u6W8bOi4/ZvpjFIiB4h4KbZm aTSUgOuz5nMVJD/ayQJDJzLl8Yr2EKWtLl3ELuyfEnMF7SuwpsWdRt1xElP+Jj5P0KW4 LKtxovKCNNl6M0vxRbemi1MTOgFQ0Jcv/ptLm/3+TfA+QlO1xcQwMIdsZ8wAdfbdkFOK Y7cA==
)
[x-original-to:] => dumbtube@facebook.com
[authentication-results:] => Array
(
[0] => smtpin.mx.facebook.com x-tls.subject="/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com"; auth=pass (cipher=DHE-RSA-AES128-SHA)
[1] => smtpin.mx.facebook.com; spf=pass smtp.mailfrom=gmail.com
[2] => smtpin.mx.facebook.com; dkim=pass header.d=gmail.com
)
[received-spf:] => pass (smtpin.mx.facebook.com: domain gmail.com designates 209.85.216.41 as permitted sender)
[mime-version:] => 1.0
[x-received:] => by 10.52.11.5 with SMTP id m5mr30702836vdb.53.1435046811505; Tue,23 Jun 2015 01:06:51 -0700 (PDT)
[sender:] => jakpenechamber@gmail.com
[date:] => Tue, 23 Jun 2015 08:06:51 +0000
[x-google-sender-auth:] => uxSDeV5SagELjvBAtyvTkKvUhlc
[message-id:] =>
[subject:] => Urquhart
[from:] => jos
[to:] => undisclosed-recipients:;
[content-type:] => multipart/alternative; boundary=20cf302d4aae6f9d0205192adf10
[bcc:] => dumbtube@facebook.com
[x-spam-status:] => No, score=-1.8
[x-spam-score:] => -17
[x-spam-bar:] => -
[x-ham-report:] => Spam detection software, running on the system "bigcat.newsblaze.com",has NOT identified this incoming email as spam. The originalmessage has been attached to this so you can view it or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: Dear family of Urquhart, I am Gerzayn Bellamy,Please kindly contact me There is an important issue i need to discuss with you concerning my deceased client late Mr.R.Urquhart, unclaimed estate valued Usd $5.5 Million before his death. [...] Content analysis details: (-1.8 points, 4.5 required) pts rule name description---- ---------------------- ---------------------------------------------------3.0 URG_BIZ BODY: Contains urgent matter 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (jos.chamberstg[at]gmail.com) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different-0.0 SPF_PASS SPF: sender matches SPF record-1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.0 HTML_MESSAGE BODY: HTML included in message-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.0 LOTS_OF_MONEY Huge... sums of money 1.0 FREEMAIL_REPLY From and body contain different freemails 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information 1.6 MONEY_FORM_SHORT Lots of money if you fill out a short form
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
I am Gerzayn Bellamy,Please kindly
contact me There is an important issue i need to discuss with you
concerning my deceased client late Mr.R.Urquhart, unclaimed estate
valued Usd $5.5 Million before his death.
ÂContact me For more
Clarification/Details contact me , Your urgent response will be highly
appreciated , For more details contact me by my private email address
info.gerzayn@gmail.com
Warm regards, Gerzayn Bellamy Esq.
Dear family of Urquhart,
I am Gerzayn Bellamy,Please kindly
contact me There is an important issue i need to discuss with you
concerning my deceased client late Mr.R.Urquhart, unclaimed estate
valued Usd $5.5 Million before his death.
ÂContact me For more
Clarification/Details contact me , Your urgent response will be highly
appreciated , For more details contact me by my private email address
info.gerzayn@gmail.com
