Another 419 scam that is so obviously wrong. At least get a speelchucker working and get the country name and the evil deceased dictator who you pretend to be stealing money from correct to have a miniscule chance of being believed.
The correct country is Libya not Lybia. Gaddafi is the correct spelling not Ghaddafi.
These do not come from Gmail but are being sent via a compromised or fraudulently set up account on Godaddy. I really give up with the amount of scams, spam, malware & fraud hosted by Godaddy who seem unable, unwilling or incapable of any proactive action to stop this.
Abuse reports rarely get any response and no apparent action by Godaddy. Many researchers put a lot of time and effort into helping protect the internet by reporting these. At least acknowledge the report & do something that makes us feel our work is not in vain.
The email looks like:
From: Mrs Sherifar Abell <[email protected]>
Date: Sun 06/08/2021 08:54
Subject: THIS IS RESPECTFULLY YOUR.
Body Content:
I am Banker Ms Sherifar Abell.I am contacting you for maximum assistant to finance this unclaimed/abandoned fund sum of (US$10.5 Million United State Dollars)which i discovered in the bank account that belongs to the embattled president of lybia Late Muammar Ghaddafi.
Now our bank has been waiting for any of the relatives to come-up for the claim but nobody has done that i personally has been unsuccessful in locating any of the relatives.
I sincerely seek your consent to present you as the next of kin to the deceased so that the bank can proceed to release this fund for you without any hindrances note i am working with the bank i am here to direct you on how we will follow the bank to enable us receive this very fund,is risky free because i have monitored the account for more than three years now so i have secured the file of the Late Deceased for our safety and Legal during this fund transfer.
We will have to provide all the relevant document that will be requested to indicate that you are the rightful beneficiary of this legacy and our bank will release the fund to you without any further delay, upon your consideration and acceptance of this offer, please send me the following information as stated below so we can proceed and get this fund transferred to your designated bank account immediately.
I will furnish you with my identities for you to know me better.
Your Full Name:
Your Contact Address:
Your direct Mobile telephone Number:
Your Date of Birth:
Your occupation:
I await your swift response through my private email: [email protected] <mailto:[email protected]>
Banker Mrs Sherifar Abell.
Email Headers:
| IP | Hostname | City | Region | Country | Organisation |
|---|---|---|---|---|---|
| 173.201.192.182 | p3plsmtp14-01-2.prod.phx3.secureserver.net | Scottsdale | Arizona | US | AS26496 GoDaddy.com, LLC |
| 173.201.192.155 | p3plgemwbe14-06.prod.phx3.secureserver.net | Scottsdale | Arizona | US | AS26496 GoDaddy.com, LLC |
Received: from p3plsmtp14-01-2.prod.phx3.secureserver.net ([173.201.192.182]:45410 helo=p3plwbeout14-01.prod.phx3.secureserver.net)
by knight.knighthosting.co.uk with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1deGO2-0002kv-Mh
for [email protected]; Sun, 06 Aug 2021 08:54:10 +0100
Received: from localhost ([173.201.192.155])
by :WBEOUT: with SMTP
id eGNXdxe624fALeGNXd0KEk; Sun, 06 Aug 2021 00:53:39 -0700
X-SID: eGNXdxe624fAL
Received: (qmail 27288 invoked by uid 99); 6 Aug 2021 07:53:39 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=”utf-8″
X-Originating-IP: 197.239.66.121
User-Agent: Workspace Webmail 6.8.7
Message-Id: <20170806005337.9451fdc4df32696ae6d0197d82710f62.079fdf48f9.wbe@email14.godaddy.com>
From: “Mrs Sherifar Abell” <[email protected]>
X-Sender: [email protected]
To:
Subject: THIS IS RESPECTFULLY YOUR.
Date: Sun, 06 Aug 2021 00:53:37 -0700
Mime-Version: 1.0
X-CMAE-Envelope: MS4wfIy8BC1zEXkYPTSqrzx/+p4OaGpbGM7oRPjsiTq2LgBGsQmoUogSZbo4AKxnULOxzBqA7Seyfq/a6eueAJTIIkXsWFbLqWEA/mQ+xvd/XamaEu40UhyNr3xGiN+ecJUVJnZX7XWchCl++ulWFOeYGkL6rFCoJpxWVxcE8PfE1OfQty0IsHmhoT2ajh3do1hBkg==
| Rule | Score | Rule Description |
|---|---|---|
| BAYES_20 | -0.00 | Bayes spam probability is 5 to 20% |
| DCC_CHECK | 1.10 | Detected as bulk mail by DCC (dcc-servers.net) |
| DKIM_ADSP_CUSTOM_MED | 0.00 | No valid author signature, adsp_override is CUSTOM_MED |
| FILL_THIS_FORM | 0.00 | |
| FREEMAIL_FROM | 0.00 | Sender email is commonly abused enduser mail provider |
| HK_SCAM_N2 | 0.00 | |
| HTML_MESSAGE | 0.00 | HTML included in message |
| KAM_LAZY_DOMAIN_SECURITY | 1.00 | |
| KAM_NIGERIAN | 2.50 | Nigerian Scam and Variants |
| LOTS_OF_MONEY | 0.00 | |
| MIME_HTML_ONLY | 0.72 | Message only has text/html MIME parts |
| MONEY_FRAUD_8 | 0.00 | Lots of money and very many fraud phrases |
| NML_ADSP_CUSTOM_MED | 0.90 | ADSP custom_med hit, and not from a mailing list |
| RCVD_IN_DNSWL_NONE | -0.00 | Sender listed at http://www.dnswl.org/, no trust |
| SUBJ_ALL_CAPS | 1.51 | Subject is all capitals |
| T_FILL_THIS_FORM_LONG | 0.01 | |
| T_HK_NAME_FM_MR_MRS | 0.01 | |
| SpamAssassin Score | 7.75 | |
| SpamAssassin Auto Learn | not learned | |