Forum Discussion
Scary Email Scams...
The trick is to always look for the first "Received From" then there will be an IP in square brakets. That is the IP of the server that HELO'd your email server before it sent it. Everything else can be forged, including the servername that's supposed to be associated with the IP. Not likely the IP itself was was forged during a HELO handshake.
Edit: Looks like this:
Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sg2apc01hn0245.outbound.protection.outlook.com [104.47.125.245])
That part's missing from Gmail emails, right? I thought Gmail didn't include the sender's IP in the header.
MarkJFine wrote:The trick is to always look for the first "Received From" then there will be an IP in square brakets. That is the IP of the server that HELO'd your email server before it sent it.
maratsade wrote:That part's missing from Gmail emails, right? I thought Gmail didn't include the sender's IP in the header.
Hmmm. Haven't noticed, tbh.
They may have changed this -- I remember a long time ago reading that Google did not include the sender's IP address in the headers. I haven't really checked, as my knowledge of this is extremely basic.
After almost two weeks of inactivity, just got a third one. Here's the tally:
Date Email Server Amt BTC Account
---------------- -------------------- --------- ----------------------------------------------------------
10 Jul 2018 104.47.125.245 $1900 1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4 (3.35 collected, 17 xactions)
11 Jul 2018 40.92.70.69 $2900 1YAy8oEjEXsxos5u7y5k7siJ4tSmA71sU (0 collected, 0 xactions)
24 Jul 2018 40.92.253.58 $7000 1GLuqSSnZg8jq6AQdypjLYQoRPveX9uDxb (0 collected, 0 xactions)
They seem to be getting even bolder with their demands.
