Well, looks like someone out there is trying the old e-mail phishing scam again. This time it looks like they are trying to pretend to be Walmart.com and attempting to scare people in making them think that they made a purchase. This is what the e-mail looks like:

From – Thu May 16 14:26:40 2013
X-UIDL: 1368709532.17838.pt01
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: Received: (fqmail 17837 invoked from network); 16 May 2013 13:05:32 -0000
Received: (qmail 15440 invoked from network); 16 May 2013 13:05:32 -0000
Received: from 36-230-174-36.dynamic-ip.hinet.net (36-230-174-36.dynamic-ip.hinet.net [36.230.174.36])
Return-path: Delivery-date: Thu, 16 May 2013 21:05:20 +0800
Received: from [16.34.49.217] (port=60661 helo=[192.168.199.151])
by 36.230.174.36 with asmtp
id 5YLB76-7112H5-If; Thu, 16 May 2013 21:05:20 +0800
X-EN-OrigIP: 36.230.174.36
X-EN-IMPSID: WLKW1l02w0lF5W901LKWYU
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=walmart.com; i=help@walmart.com; q=dns/txt; s=IP;
t=1367353171; x=1398889171;
h=date:message-id:to:from:cc:subject:
content-transfer-encoding;
z=Date:=20Tue,=2030=20Apr=202013=2013:19:24=20-0700=20(PDT
)|Message-Id:=20<201304302019.r3UKJOLd022606@ndc-fulmaila
pp3.walmart.com>|To:=20tom@tomgivens.com|From:=20″Walmart
.com”=20|CC:=20|Subject:=20Thanks=20for
=20your=20Walmart.com=20Order=202677175-375050;
bh=Y5/lWjKcTaPNp8T8dOICiPv+PwPN9urNh/jRID58VAU=;
b=btTEEO7LpaM983cciYDSzAai3ciXwZxh7/LWlEci41J17LEU/kS4D/TN
fkXgtUVI/SrLjh/7sH3+0daB9OdkRzRYpVWrQDWGnC6VTbYjY1ex4qRgr
HsvHvxo/OvUlB67Y4PlUL8ahqxh9OqELNVXebj35MuQP6gKD78lLB26Ws
M=;
Accreditor: Habeas
X-Habeas-Report: Please report use of this mark in spam to
Date: Thu, 16 May 2013 21:05:20 +0800
Message-Id: <705711808426.ICRFUIFS346176@ndc-fulmailapp4.walmart.com>
X-Authentication-Warning: ndc-fulmailapp5.walmart.com: batch set sender to orders@mail.wallmart.com using -f
From: Wallmart.com
Errors-To: eorderconfirm@mail.wallmart.com
Subject: Thanks for your Walmart.com Order 6036254-090423
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”–Boundary-49=_0B139ELD_PC76FKN4K”

Thanks for ordering from Walmart.com. We’re currently processing your order.
Items in your order selected for shipping

• You’ll receive another email, with tracking information, when your order ships.

• If you’re paying by credit card or Bill Me Later®, your account will not be charged until your order ships. If you see a pending charge on your account prior to your items shipping, this is an authorization hold to ensure the funds are available. All other forms of payment are charged at the time the order is placed.
Shipping Information
Ship to Home

Liam Wilson
2636 Burgess St
St Peters, DC 68025-3157
USA

Walmart.com Order Number: 6036254-090423
Ship to Home – Standard
Items Qty Arrival Date Price
Toshiba UN48EH8000 62″ 1080p 400Hz Class LED (3.7″ ultra-slim) 3D HDTV 1 Arrives by Tue., May 21
Eligible for Free Standard Shipping to Home. $898.00
Subtotal: $898.00
Shipping: Free
Tax: $62.86
See our Returns Policy or
contact Customer Service Walmart.com Total: $960.86
Order Summary
Order Date: 05/15/2013
Subtotal: $898.00
Shipping: Free
Tax: $62.86
Order Total: $960.86
Credit card: $960.86

Billing Information
Payment Method:
Credit card
If you have any questions, please refer to help.walmart.com or reply to this email and let us know how we can help.
Thanks,

Your Walmart.com Customer Service Team
www.walmart.com

This one is a little more apparent that it is illegitimate as they try to get you to go to a misspelled domain called “Wallmart.com” as opposed to “Walmart.com.” As usual, I’m sure someone out there may have fallen for it so be sure to just dump it in the trash.

Been awhile since I got one one these in the e-mail. This scam seems like they are trying to disguise themselves like the company Yahoo! I did find it a little humorous that they say it’s like for the New Years when it’s already April. I know a lot of people usually fall for things like this when the messages use big company names, so here is what the mail looks like:

From – Tue Apr 02 22:01:19 2013
X-Account-Key: account3
X-UIDL: 1364964786.25669.pt01
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
X-Mozilla-Keys:
Return-Path:
Received: from daneurope.org (89-96-185-116.ip13.fastwebnet.it [89.96.185.116])
by mx10.futurequest.net ([10.2.1.182])
with ESMTP via TCP; 03 Apr 2013 04:53:05 -0000
X-MDAV-Result: clean
X-MDAV-Processed: daneurope.org, Wed, 03 Apr 2013 06:49:31 +0200
Received: from User by daneurope.org (MDaemon PRO v13.0.3)
with ESMTP id md50002832916.msg
X-Spam-Processed: daneurope.org, Wed, 03 Apr 2013 06:48:47 +0200
(not processed: message from trusted or authenticated source)
X-MDPtrLookup-Result: hardfail ip=221.234.24.46 (no PTR records found) (daneurope.org)
X-MDHeloLookup-Result: hardfail smtp.helo=User (does not exist) (daneurope.org)
X-Authenticated-Sender: roberto@daneurope.org
X-MDRemoteIP: 221.234.24.46
X-Return-Path: info@yahoo.com
X-Envelope-From: info@yahoo.com
Reply-To:
From: “Yahoo!”
Subject: CONGRATULATIONS !!! YOU WON $1, 000.000.00USD
Date: Wed, 3 Apr 2013 11:48:01 +0700
MIME-Version: 1.0
Content-Type: multipart/related;
boundary=”—-=_NextPart_000_0047_01C2A9A6.62DB2BB8″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

YAHOO LOTTERY RESULTS 2013
YAHOO INTERNET LOTTERY
CONGRATULATIONS!!!

Yahoo!! International Lottery Organization
Bangkok Branch Office
Address: 3 Sukhumvit Lane
Bangkok 10400 Thailand

Yahoo! Mail announces you as one of the 25 lucky winners of the ongoing 10
Years Yahoo lottery Award of the New Year Held this month.

All 25 winning email addresses were randomly selected from a batch of 50,000,000 international emails each from Canada, Australia, United States, Asia, Europe, Middle East, Africa and Oceania as part of our international promotions program which is conducted annually, consequently, you have been approved for a total pay out of ONE MILLION UNITED STATE DOLLARS ( $1, 000. 000.00USD).

This Lottery was promoted and sponsored by a conglomerate of some multinational companies as part of their social responsibility to the citizens in the communities where they have operational base.

Further more your details (e-mail address) falls within our Bangkok representative office in Bangkok Thailand, as indicated in your play coupon and your prize of ( $1, 000.000.00USD) will be released to you from this regional branch office in Bangkok Thailand.

Your fund is now deposited with our Bank:Kasikorn Bank Pcl. Bangkok Thailand and insured in your name. Due to mix up of some numbers and names, we ask that you keep this award from public notice until your claim has been processed, and your winning Cheque have being sent to you or remitted to your account, as this is part of our security protocol, to avoid double claiming and unwarranted taking of advantage of this program by participants, as has happened in the past.

HOW TO CLAIM YOUR PRIZE
These are your identification numbers.
Ticket number…………………467-76843196-07
Serial number…………………..312091-4
Lucky number……………….34-14-13-89-77-58
Ref number……………….G.YILD/9733212206/76

To begin your lottery claims, Please contact our Yahoo Lottery Co-ordinator as follows,
Name: Mr. Mark Chang
Email: redeem_info@yahoo.co.jp

You are to send the completed verification form below to the co-ordinator whose email address is given above so that you will be advised on what to do to getyour prize money. Congratulations once more!!
1. FULL NAME:…………………………..
2. COUNTRY OF ORIGIN:…………
3. PRESENT ADDRESS:…………..
4. DATE OF BIRTH:…………………
5.OCCUPATION;……………………..
6.TELEPHONE NUMBER:………
7. SEX:…………………………………..
8. FAX NUMBER:………………….
9. MARITAL STATUS:………….
10. WINNING NUMBER, BATCH NUMBER AND LOTTO NUMBER:…….

Remember, all prize money must be claimed not later than one month time. Any claim not made by this date (within one month) will be returned to HER MAJESTYS DEPARTMENT OF THE TREASURY. And also be informed that 10% of your lottery winning belongs to (THE PROMOTIONS COMPANY). Because they are the company that bought your ticket and played the lottery in your name.

Note also that this 10% will be remitted after you have received your winnings prize, because the money is insured in your name already.

NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference and batch numbers in all correspondences with us, Furthermore, should there be any change of address, please do inform our Co-ordinator as soon as possible. Yahoo lottery is a free service that does not require you to be a Yahoo! Registered user.

An original copy of your lucky winning ticket and your deposit certificate will be sent to you by Administrative Remittance Operation Manager of Kasikorn Bank Pcl. Bangkok Thailand.

CONGRATULATIONS!!!
Once again from all members of our staff and thank you for being a part of our International Promotions program. We wish you continued good fortunes.

Yours Sincerely
Vice President
Yahoo! Lotto Org.
Online Coordinator.
Copyright! 2002-2013 The Yahoo-Thailland Internet Promotions.
All rights reserved. Terms of Service – Guidelines.

While these spam messages of people saying they have thousands of dollars in funds and need your help to release them isn’t anything new, I thought this one was kind of funny. Essentially, it seemed like it was targeting people who have already been scammed to then trust this other fictional person to help them get their money back. As usual, it seems like they use a standardized template with the name and address being changed a little each time.

Return-Path:

Received: from mail.lpsglobal.com ([111.90.137.63])
Received: from User ([8.7.98.193]) by lpsglobal.com with MailEnable ESMTP; Fri, 8 Mar 2013 21:22:50 +0800
Reply-To:
From: “Susan Derrick”
Subject: Contact : Agent Robert Phillip Immediately
Date: Fri, 8 Mar 2013 08:23:27 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-MXScan-Scan: Scanned by MxScan 1.8.300.0 for LPS-TOMAHAWK
X-MXScan-Msgid: 34DB2BC58714465DA11FB37E13031A2D_
X-MXScan-License: {Unregistered Version} Only for personal and non-commercial use. Commercial use is PROHIBITED and requires a license.
X-MXScan-Country-Sequence: UNITED STATES->Destination
X-MXScan-AntiVirus: ClamAV SOSDG [Clean]
X-MXScan-AntiSpam: KEYWORD [NA_DOLLARS(1)], RDNSBL [Pass], URLBL [Pass], SPAMASSASSIN [0], DCC_CHECK [Body=38 Fuz1=38 Fuz2=many (6)]
X-MXScan-SpamScore: 7
X-MXScan-ProcessingTime: 0.406 sec(s)
X-ME-Bayesian: 0.000000

Attn: My Dear,

I am Mrs Mary Susan Derrick, I am a US citizen, 48 years Old. I reside here in New Braunfels Texas. My residential address is as follows. 108 Crockett Court. Apt 303, New Braunfels Texas, United States, am thinking of relocating since I am now rich. I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $50,000 while in the US, trying to get my payment all to no avail.

So I decided to travel to WASHINGTON D.C with all my compensation documents, And I was directed by the ( F B I) Director to contact Agent Mr.Robert Phillip who his a representative of the ( F B I ) and a member of the COMPENSATION AWARD COMMITTEE in Nigeria.and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake.

He took me to the paying bank for the claim of my Compensation payment. Right now I am the most happiest woman on earth because I have received my compensation funds of $15,Million Us Dollars Moreover, Mr.Robert Phillip, showed me the full information of those that are yet to receive their payments, and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you. I will advise you to contact Mr.Robert Phillip

You have to contact him directly on this information below.

COMPENSATION AWARD HOUSE
Name : Mr.Robert Phillip
Email : Robert.phillip@consultant.com

You really have to stop dealing with those people that are contacting you and telling you that your funds is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing.

The only money I paid after I met Mr.Robert Phillip was just $400 for the paper works, take note of that.

Once again stop contacting those people, I will advise you to contact Mr.Robert Phillip so that he can help you to Deliver your fund instead of dealing with those liars that will be turning you around asking for different kind of money to complete your transaction.

Thank You and Be Blessed.

Mrs. Mary Susan Derrick
108 Crockett Court.
Apt 303, New Braunfels Texas,
United States Of America

Just dump it in the trash basically unless you want to play along and see how far they actually go to try and convince you that they are legitimate.

I always find it interesting that depending on the time of the year there seems to be more of a certain type of theme in regards to scam e-mails. For example, I noticed that during the Christmas season I tend to get more scam e-mails that relate to things such as a person pretending to be an orphan that wants to wire money to you. For example, I got this today:

From – Sun Nov 10 00:39:58 2012
Return-Path:
Received: from mailserver.abv-group.ru (mailserver.abv-group.ru [178.251.137.12])
by mx14.futurequest.net ([10.2.1.187])
Received: from User ([75.148.96.153]) by mailserver.abv-group.ru with Microsoft SMTPSVC(6.0.3790.4675);
From: “Jack Ruben”
Subject: Hi
Date: Sun, 10 Nov 2012 01:36:40 -0700
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: jackruben91@orange.fr
Message-ID:

Dearest,

I know my mail may be as surprise to you as a total stranger, but this is my quest to look for an honest person for assistance relating to my present difficulty. My mail may be brief to you but I promise to send you full details when I read back from you.

I am an orphan, I lost my parents and family members in a civil war in my country Syria and I escaped from my country through the help of the UN humanitarian organization. I have with me a document of deposit my late father made in a Paris bank which I need your help to release to your country for investment purpose while I relocate there to start a new life.
If you will help me, I will send you details about how to transfer the money legally to you and I promise to offer you 20% compensation when my fund released to you.

If you are interested, write me for more details and deposit proof please keep this confidential.

For more security, please copy and reply to my private email: jackruben92@gmail.com

Jack.

10-11-2012

What this really makes me wonder is if scammers have like some kind of database in terms of market research such as if people are more susceptible to certain information during particular times of the year to increase the odds that someone will fall for it. For example, like with this Christmas is coming up and so maybe everyone is more inclined to think of things like an orphanage to help kids.

Kind of a waste of talent in many ways if so huh? One could easily be applying those research and marketing skills with more ethical activities.

For the past few days I have been receiving this e-mail that looked shady. Essentially, it seems like there is a company that is targeting people who use Intuit products where they then attempt to get people’s user data. This is the e-mail I got:

X-Account-Key: account2
X-UIDL: 1349447270.25898.pt05
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:
Received: from sagembox ([41.142.189.164])
with ESMTP via TCP; 05 Oct 2012 14:27:48 -0000
Received: from [233.235.243.121] (port=57610 helo=[192.168.2.50])
by 41.142.189.164 with asmtp
id 1rqLaL-000EM-00
for alan@al6400.net; Fri, 5 Oct 2012 15:27:47 +0100
Message-ID: <506EEE42.1090806@kurdogluholding.com.tr>
Date: Fri, 5 Oct 2012 15:27:47 +0100
From: “Intuit GoPayment”
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
Subject: Welcome – you’re accepted for GoPayment Merchant
Content-Type: multipart/alternative;
boundary=”————090604060909050803080202″
X-Spam: Not detected
X-Mras: Ok

This is a multi-part message in MIME format.
————–090604060909050803080202
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

New Respective Client!

Your Intuit Merchant request for ONDEMAND , DEVELOPMENTS has been approved.
Service Information
Account #:XXXXXXXXXXXXXX69
Email Address:XXXXXXXXX

WARNING :
Additional fees for this kind of activity may happen.

Next step: Access to confirm your UserID

This is really important lets you:

Manage your payment service in the Merchant Service Center
Review charges Log In to other Intuit products you may use, like TurboTax, Quicken, and Intuit Payroll
The good news is we see you have an existing Intuit accountfor your email address,You can use this ID for your payment service also, or enter a new one. Verify Access ID

Get started:

Step 1: If you still did not, download the Intuit GoPayment software.

Step 2: Launch the Intuit application and sign in with the AccesID (your email address) and Password you setup. Easy Operate Your GoPayment AccountThe GoPayment Merchant Service by Intuit Center is the web site where you can learn more about GoPayment features, customize your sales receipt and add GoPayment users. You can also review transactions, deposits and fees. Visit this link and access with your GoPayment AccesID (your email address) and Password.

For additional information on how to begin using Intuit GoPayment Merchant, including tutorials, FAQs and other resources, visit the Service Center at this web site.

Please DO NOT reply to this message. automative notification system cannot accept incoming messages.

Merchant Terms & Agreements© 2012 Intuit, Inc. All rights reserved.

As it turns out all of the links eventually go to a site called http://quantummantenimiento.com and not the Intuit site. Basically, stay away or just delete the e-mail as if you run a business giving out account passwords and user ids that have access to all your financial data won’t be too pleasant.