View Full Version : Be wary of requests for pricing from unknown senders

Mayo Pardo
05-31-2016, 4:23 PM
Lately I've been seeing an increase of spam and emails with viruses in attached files.
Some of the subject or content is worded as if there was a prior conversation between myself and the sender, and it requests I click on the attached file (which of course I never do).

Or it mentions my recent purchase, and to click the attached file for invoice details. (There was no purchase).

Today I received two that were requests for pricing. The sentence structure and grammar is the red flag, and investigating the IP of the sender verified it was bogus. Here is the content of the 2nd one:

Dear Customer,

This is Mr Larry Wood i send this inquiry to your company in regards to order some ( Tent Signs ) and i will be more happy if you can email me with the size and Prices that you have for sale as well...Please let me know if you do accept credit card as a form of payment, and that will be pick up at your location..Hope to read back from you soon.

With kind regards
Mr Larry Wood

Rather than just delete them, I decided to look at the email header info to see where they were really coming from - which is never where it looks like it came from if you only look at the return address or sender address.
I have found them originating from Iraq, Kazakhstan, and Ghana.

The program I use which analyzes the email header info is called IPNetInfo. It's free, and works very fast. You can download it online.
To use it you would need to know how to look at and copy email header info. In Microsoft Outlook, it's pretty easy. Right click the email, select "options", and at the bottom section of the window that opens you will have the header info. You can either paste all of it into IPNetInfo or you can look for the last IP listed - which will actually be the first one appearing because of the order in which they are displayed.

After you find out the origin of the email you can chose to complain to the "abuse@(host site)" for that IP address or just delete it.

Kev Williams
05-31-2016, 7:25 PM
I can figure out the spam ones easy enough, either by the tone of the email, or if the link address shown in the status bar is a jumbled mess.

I'll tell ya the emails I really hate are the REAL emails that LOOK like spam!

Would YOU open an email from: Master DayEnd User only for Sy --? With an invoice attached no less?

Some of you may recognize it as coming from Johnson's Plastics! Fortunately that shows up in the real email address, but where did they come up with that name? I typically just shift-delete emails that look like that without even checking, for fear of getting one of those "YOUR COMPUTER IS LOCKED" things (which scares me more than any virus)...

Keith Downing
06-01-2016, 10:55 PM
It's sad, but these days you should pretty much be wary of EVERYTHING you receive unless you were expecting it. Whether or not you recognize the sender.

What a lot of people don't realize is that the text up there (sender, subject) isn't any different than the text in the email. It can say whatever the sender wants it to.

Anyways, good looking out. Glad you didn't get suckered.

David Somers
06-02-2016, 5:56 PM
And be wary as well because someday these folks will figure out that perhaps, just perhaps, their poor grammar and spelling cues in most people that something is wrong and if they used normal english grammar and spelling they would net a lot more hits. However, I know who I correspond with and if they are not known to me I wont open their emails.
Thanks for the alert Mayo!!!!


Bert Kemp
06-02-2016, 6:36 PM
Yea but like Kev said its hard to tell the real ones. I got one last week from "customersupport" subject line "new information available" I almost hit delete but I hovered my cursor over it and found it was from the lab that did my blood work. Why can't they put that in the email address? Then you get the phishing ones that look like the real thing, from ebay and walmart gessh you can't tell anymore.:eek:

Dan Hintz
06-03-2016, 5:32 AM
I found that blocking the IP addresses of countries you have no chance of getting a real order from (such as the ones you listed) reduces my spam considerably. They can't even see your website from where they are sitting, and email from them is rejected out of hand by your server before it ever hits your desktop.

Bill Cunningham
06-04-2016, 2:04 PM
The two big red flags in that email are: he identified him self as "Mr. (Whatever)" no one does that. Also the query about the types of credit cards you accept. Either of those flags gets the email deleted. Plus I never ship anything out of N.America. Americans use PayPal and I charge them 3.5% processing fee. Canadians can use e-transfer from any bank for no extra charge