email - tracing the sender

Hello Everyone

One of the staff where i work has been trying to sell something on behalf of the company. We have recieved a suspicious email requesting our bank details etc so they can make a deposit.......... naturally i will not be giving the details. I would however like to find out who exactly has sent the email.

I know the "name" of the sender, it could be fake and i have the email address aswell as the origional email that was sent to the staff member. I know you can check the header information, but havent worked it out because i am using outlook........ and when i click show header information it doesnt show an ip address. I have checked the yahoo member directory (the email address is a Yahoo one) and have checked several reverse email tracking websites that are supposed to give you details of the person who owns the email address, but i have had no luck.

Is there a way i can find out information on this person?

Gavin
LVL 2
gavinandrewmcmillanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gavinandrewmcmillanAuthor Commented:
I have found the IP address and checked it in DNSstuff.com and found that the ip address range is owned in Nigeria. this means that the email was definately a fraud as we are selling something in Australia.

Can someone advise me what the next step to take is, i have been trying to find ways to trick the person it divulging some information about themselfs so that i can take it to the authorities. Does anyone know of any particularly good ways to do this?

Gavin
gavinandrewmcmillanAuthor Commented:
Here for reference purposes i will post the ip address: 81.199.84.131 this way you can check to see if i have interpreted the information displayed on DNSstuff.com the right way.
jonesy2kCommented:
Hi Gavin,
In outlook, right click on the message and go to options. You will find the headers there, and should be able to find out the IP address from that.
Some mailers will strip headers, though, and be aware that these can be forged.
If you post the headers here, I'll have a look for you.
Jonesy
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

gavinandrewmcmillanAuthor Commented:
Hi Jonesy2k

Here is the email header, with some alterations for privacy reasons:

Return-Path: <kabikabiwosa@yahoo.com>

Received: from web31111.mail.mud.yahoo.com ([68.142.200.230])

          by imta03ps.mx.isp.com with SMTP

          id <20050705113349.DCPE2619.imta03ps.mx.isp.com@web31111.mail.mud.yahoo.com>

          for <user email address>; Tue, 5 Jul 2005 11:33:49 +0000

Received: (qmail 83323 invoked by uid 60001); 5 Jul 2005 11:33:47 -0000

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

  s=s1024; d=yahoo.com;

  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;

  b=c1S0Vy3FZoBplKX+C/QC7GEdtJyriuEe0jWJsWb581oLv9veDg425jmtFcoudVnUKq02vMusqpzlI9jAEoGuwoVGfLk9q0hGBkYedOxkAVW2k8sgaIsJvPlcxRpDVp/4TXm1rAsqFutPVMD29m8ZDU4gAFL8KYzDdD9U3rpVWmc=  ;

Message-ID: <20050705113347.83321.qmail@web31111.mail.mud.yahoo.com>

Received: from [81.199.84.131] by web31111.mail.mud.yahoo.com via HTTP; Tue, 05 Jul 2005 04:33:47 PDT

Date: Tue, 5 Jul 2005 04:33:47 -0700 (PDT)

From: kevin moxham <kabikabiwosa@yahoo.com>

Subject: PAYMENT INFORMATION!!!!!!!!!!!

To: staff <staff email address>

In-Reply-To: <20050705041904.DIOE20351.omta02sl.mx.ISP.com@user>

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="0-990506080-1120563227=:82266"

Content-Transfer-Encoding: 8bit

jonesy2kCommented:
Received: from [81.199.84.131] by web31111.mail.mud.yahoo.com via HTTP; Tue, 05 Jul 2005 04:33:47 PDT
This is the line which tells you that the he sent it from 81.199.84.131 to yahoo's mail servers.
That could be his IP address, or could be a proxy.
Hope this helps you,
Jonesy

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
r-kCommented:
Yes, it does seem to have originated in Nigeria. See:

 http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=81.199.84.131&do_search=Search

I guess the two places you can notify are abuse@yahoo.com and admin@supernet300.com, but I would not hold my breath.
This type of phishing is in the millions per day right now, but hopefully Yahoo will at least cancel that person's account.
gavinandrewmcmillanAuthor Commented:
Does anyone have any ideas on ways i can get more information about this person? os is IP address about all that i am able to get on them?
Id really like to freak them out a little with some more information that they wouldnt expect the staff member to know..........
Just to give them a scare.

Gavin
r-kCommented:
Well, you can guess (hope?) that kabikabiwosa@yahoo.com is that person's correct email address.
I read somewhere that Yahoo is making it very difficult to forge the return address as long
as the mail originates within their system, which this one apparently did.

What you can do with that is up to you. I suppose you can send them an official looking e-mail and
hope it doesn't bounce...
jonesy2kCommented:
As r-k said, their ISP can be contacted at admin@supernet300.com
They may be able to give you more info if you give them the time/ip address....
Jonesy
Roachy1979Commented:
My advice would be to go to the appropriate authority for the nature of the scam listed on the attached site:

http://www.quatloos.com/lawenfor/lawenfor.htm

Report the individual and provide all information that you can.

Hope this helps
chandrasureshCommented:
For all we know, the email address from which it originated may be spoofed. With SMTP, you can send from whomsoever's email id. So, it is not a matter looking in the email address. I can send a mail from your email id too. Checking the IP would help.
r-kCommented:
"I can send a mail from your email id too"

Yes, but I don't think you can do it via Yahoo's web server.
Vadim RappCommented:
My advice to you is: don't bother. Here's why.

1. if I understand correctly, your company is selling products, and someone sent you email asking your bank account number where they would wire the money for the purchase. I don't see what's wrong with that. Even if the email came from Nigeria, so what? you can suspect that this is fraud, and surely you are right, but for the investigation by authorities, there must be some very material loss. There are no legal grounds to open a case.

2. Nigerian scam letters come in thousands every day, in nation scope. Nothing unique here. Even if you forward it to the proper address, it's very unlikely that you would ever hear from anyone. I reported dozens of those emails through the years, without any visible result or response ever.

3. The only real way for you to run your own investigation would be trying to pretend that you fall for it, contact them, and somehow play them. Then, eventually, you _might_ find something out. But then what? do you think that even if you find out their real identities etc., and bring it to the FBI or Nigerian Embassy, they would even turn their heads in your direction? don't be naive. Again, several times I sent those Nigerian scams to Nigerian Embassy, out of curiocity. Never got any response. Though in fact, even contacting the scammers is not that easy. I tried that as well - once or twice responded with "yes, I'm very interested, llet's talk" - nope, no response.

There's too much scam coming in daily email to act on it. If you want to fight, pick a random spam like "you won $5,000 laptop" and try to enforce it; there will be much better chance, and even the reward in case you prevail. With Nigeria, no such chance. It has been running for decades, and most likely will be.




TolomirAdministratorCommented:
If you want to know what to do, take a look @ http://www.419eater.com

If you want to find out more about your "businesspartner" take a look at  http://www.419eater.com/html/trophy_room.htm

This is all fake. Check http://forms.theregister.co.uk/search/?q=419&x=0&y=0 to find out you are not the only one to get those emails.

Tolomir
LRI41Commented:
Is there any software to trace an email? Or is it possible to do it manually?

Check out Sam Spade at:

http://samspade.org/

###################################################

Using Finger to lookup the name of the owner of an email address


You can optionally use the following Finger gateway without downloading any software. Simply type the email address you want lookup information about and click "Lookup":

http://www.chami.com/tips/internet/111896I.html

##################################################

Email address Verifier – Software

http://www.experts-exchange.com/Applications/Email/Q_21376601.html
ecc204Commented:
The first thing you need to do is to talk to your company counsel.  I am sure she or he will tell you that the very first thing you need to do is to send a certified letter to the CEO of yahoo asking them to preserve all evidence in any way or form relating to this email, emails with similar patterns, and other complaints about the same issue.  If you don't, they may discard the stuff in due course of business.  After that there are many ways to locate the person responsible.  That may entail tracing this particular email, examining a host of emails with similar origination pattern, identifying other victims, interviewing them (because some may have been contacted by means other than an email or may have been on one of end of a traceable transaction), and finally some leg work in the streets of Nigeria.  As you might guess, this is a very expensive undertaking.  So, you ought to ask yourself whether the damages caused are worth it.  Second, would the perpetrator have sufficient funds to allow recovery of your damages and expenses.   If not, you should still report this matter to yahoo, your state's attorney general office, your local police, and, depending on the nature of the alleged crime, to the FBI.  Make the record, because you may not know now what else the perpetrator may have done.  Before doing anything, however, first talk and seek advice of your company counsel.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.