FEATURE ARTICLE

Nasty Facebook Scam Out There -- BEWARE!!!!

Nasty Facebook Scam Out There -- BEWARE!!!!
 
Powell Gammill 
Date: 11-13-2009
Subject: Internet

I got an email ostensibly from a friend last night (11-12-2009) at 11:20PM MST:
 
Hello,
I am terribly sorry to bother you with this mail, I am currently in the UK i had to attend an unexpected program here, I'm presently in London and am having some problems. I was mugged on my way to the hotel coming from the session i was attending and there by loosing my funds and valuables. Presently my passport and my things are being held down by the hotel management pending when i make payment. I will like you to assist me with a loan of $3,325 to sort-out my hotel bills and to get myself back home. I will appreciate whatever you can afford to assist me with, I'll refund the money as soon as i return, let me know if you can be of any help ?. I can receive through a western union or money gram nearest to me. My address details are:

Tom Westbrook
Address: 30 Leicester Square
City: London WC2H 7LA,
United Kingdom  
 
I called a mutual friend to find out if he had heard anything about it and to reach Tom's wife.  I wanted to know if this was legit.
 
Tom called back to say someone had breached his Facebook account which gathered all his yahoo.com addresses and then sent this email out to all of his contacts. He was trying to figure out how to contact everyone and let them know it was bogus.
 
Freedom's Phoenix is one way, and it alerts all of our readers to remain vigilant on anything they get from a desperate friend who needs their help.  Always confirm before sending the money.  Always.
 
PS:  There have been rumblings the past two weeks that these account breeches on Facebook have been rampant, so be on the lookout for similar pleas for money from your "friends."
 
Note:  The email did not use my name above in the email.  Instead "hello," which makes bulk mailing easier. 

But it did come to my private address. 
 
Small case i's bothered me as well. As did the tone somewhat...polite English more than American. 
 
Yes, there were misspellings and grammatically incorrect structures that could point to an English as a second language composer, but I do the same on quick messages, so ....
 
The return email address had an extra "j" in it compared to the one I have for Tom.  tom_jj_westbrook@yahoo.com
 
The amount of money bothered me as well.  It is a lot.  How many days was he there for heaven's sake?  In a five star hotel with those prices?  He needed a one-way ticket back?  Unlikely.  He had that kind of money on him when he got mugged?  Now I have divided my money up before at a hotel and uncomfortably left a large amount behind and carried more than I wanted with me.  But carry all of it around with me?

So these are some of the tell tales to raise your suspicion depending upon your friend.  I am looking at the header info now, and it was suggested to Google the address and see if it is really a hotel.  Both good ideas.
 
Google the address and this pops up:
 
Poor Tom.  He is apparently having to live out of a radio station.
 
Email header is From:

from mx-n07.wc1.dfw1.stabletransit.com ([74.205.61.228])   

IP Information for 74.205.61.228
IP Location: United States United States Las Vegas Cafm Solutions Inc
Resolve Host: fw-n01.dfw1.stabletransit.com
IP Address: 74.205.61.228
Blacklist Status: Clear
OrgName:    Rackspace.com, Ltd.  OrgID:      RSPC Address:    9725 Datapoint Drive
Address:    Suite 100
City:       San Antonio
StateProv:  TX
PostalCode: 78229
Country:    US

NetRange:   74.205.0.0 - 74.205.127.255 
CIDR:       74.205.0.0/17 
NetName:    RSCP-NET-4
NetHandle:  NET-74-205-0-0-1
Parent:     NET-74-0-0-0-0
NetType:    Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:    
RegDate:    2006-11-20
Updated:    2007-03-13

RAbuseHandle: ABUSE45-ARIN
RAbuseName:   Abuse Desk 
RAbusePhone:  +1-210-892-4000
RAbuseEmail:   

RTechHandle: IPADM17-ARIN
RTechName:   IPADMIN 
RTechPhone:  +1-210-892-4000
RTechEmail:   

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName:   Abuse Desk 
OrgAbusePhone:  +1-210-892-4000
OrgAbuseEmail:  

OrgTechHandle: IPADM17-ARIN
OrgTechName:   IPADMIN 
OrgTechPhone:  +1-210-892-4000
OrgTechEmail:  

OrgTechHandle: ZR9-ARIN
OrgTechName:   Rackspace, com 
OrgTechPhone:  +1-210-892-4000
OrgTechEmail:  

CustName:   CAFM Solutions, Inc.
Address:    2550 E Desert Inn Road
City:       Las Vegas
StateProv:  NV
PostalCode: 89121
Country:    US
RegDate:    2007-07-13
Updated:    2007-07-13

NetRange:   74.205.61.224 - 74.205.61.255 
CIDR:       74.205.61.224/27 
NetName:    RSPC-97503-1184352925
NetHandle:  NET-74-205-61-224-1
Parent:     NET-74-205-0-0-1
NetType:    Reassigned
Comment:    
RegDate:    2007-07-13
Updated:    2007-07-13

Looks like Las Vegas origin of the scam.  Which means either they use a San Antonio, TX Rackspace.com ISP (which does list two London data centers) from the UK...unlikely, or it is a hoax -- there is no one to pickup the money n the UK end, or it is a two person setup --- one to send the email and the other to pick up the cash.