P
petervk
Guest
After loosing $1000 and some hair, I realized that I also became victim to the e-Bay / Western Union scam. However, in my case they added a twist I did not read about before. So here is my story:
I wanted to buy a Tablet PC on eBay but lost the auction. Shortly after that I was contacted by an eBay member (canklyde; probably stolen) offering to sell a device for a low price (yes, the $1000). Of course he suggested the typical Western Union switcheroo, but in my case with the following twist: I received an e-mail from TNT Express that the package was posted and in transit (with tracking number and everything), and actually it read as if TNT was suggesting to use Western Union and utilize them (TNT) as escrot. This guy used an official TNT Express confirmation e-mail but massaged the content. He used another false e-mail account with name "tnt transaction" to make me believe the mail indeed comes from TNT. Looking back, I did find it somewhat strange that the mail looked like a forwarded mail and some text about not contacting them directly was indeed somewhat unusual. (But then, it's not possible to contact many other companies via phone ... eBay for one!). So I thought the slightly odd formating was due to my browser settings and thus did fall into the trap.
I also had to learn that this person reused a name on his e-mail account, under which he already made some scams: Kiriacos Guvis. The address he gave me was
Ungureanu Ana Maria
3 septembriu nr. 123
Athens, TK10433
Through a search on the Internet, I found that the Kiriacos Guvisalias was used already previously for a similar scam at the Olympic Games: http://www.wcticketexchange.com/spot_a_scammer.asp
I am not knowledgeable in matters of law, but isn't there a way to hold Western Union liable for not verifying the identity of the people picking money up? Hell, when I PAYED the damn money they even photocopied my passport!!
For completeness I include below the headers of the two mail account (TNT and Kiriacos Guvis). Using the IP 80.96.229.64/80.96.229.65 from the mails I get the following information:
route: 80.96.229.0/24
descr: ONIX
origin: AS15972
mnt-by: ONIX-MNT
notify: [email protected]
changed: [email protected] 20040121
source: RIPE
person: Onix Domain Administrator
address: G-ral Magheru 5, bl. C1 tronson
address: D, mezanin II, Rm.
address: Valcea,Valcea,
address: Romania
phone: +40-250-736668
fax-no: +40-250-733303
e-mail: [email protected]
nic-hdl: ODA3-RIPE
notify: [email protected]
mnt-by: AS3233-MNT
changed: [email protected] 20040121
source: RIPE
And it's in Romania ... oh well!
Cheers,
Peter
------------------------------
Mail Headers:
Return-Path: <[email protected]>
Received: from mx4.bluewin.ch (172.21.1.114) by mssazhh-int.msg.bluewin.ch (Bluewin AG 7.0.030.2)
id 412EB75801D40C44 for xxx; Mon, 27 Sep 2004 15:47:37 +0000
Received: from webmail-outgoing.us4.outblaze.com (205.158.62.67) by mx4.bluewin.ch (Bluewin AG 7.0.030.2)
id 4157D7ED000370CC for xxx; Mon, 27 Sep 2004 15:47:37 +0000
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180])
by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 5064018022B8
for <xxx>; Mon, 27 Sep 2004 15:47:35 +0000 (GMT)
X-OB-Received: from unknown (205.158.62.49)
by wfilter.us4.outblaze.com; 27 Sep 2004 15:45:33 -0000
Received: by ws1-1.us4.outblaze.com (Postfix, from userid 1001)
id C02E34BDA8; Mon, 27 Sep 2004 15:45:32 +0000 (GMT)
Content-Type: text/html; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [80.96.229.64] by ws1-1.us4.outblaze.com with http for
[email protected]; Mon, 27 Sep 2004 10:45:31 -0500
From: "tnt transaction" <[email protected]>
To: xxx
Date: Mon, 27 Sep 2004 10:45:31 -0500
Subject: TNT
X-Originating-Ip: 80.96.229.64
X-Originating-Server: ws1-1.us4.outblaze.com
Message-Id: <[email protected]>
------------
Return-Path: <[email protected]>
Received: from mx9.bluewin.ch (172.21.1.119) by mssazhh-int.msg.bluewin.ch (Bluewin AG 7.0.030.2)
id 412EB75801D28B3E for xxx; Mon, 27 Sep 2004 14:03:59 +0000
Received: from web25403.mail.ukl.yahoo.com (217.12.10.137) by mx9.bluewin.ch (Bluewin AG 7.0.030.2)
id 4157D9A300016759 for xxx; Mon, 27 Sep 2004 14:03:59 +0000
Message-ID: <[email protected]>
Received: from [80.96.229.65] by web25403.mail.ukl.yahoo.com via HTTP; Mon, 27 Sep 2004 16:03:59 CEST
Date: Mon, 27 Sep 2004 16:03:59 +0200 (CEST)
From: Kiriacos Guvis <[email protected]>
Subject: Frage eines eBay-Mitglieds
To: xxx
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-141910374-1096293839=:1955"
Content-Transfer-Encoding: 8bit
----------------
I wanted to buy a Tablet PC on eBay but lost the auction. Shortly after that I was contacted by an eBay member (canklyde; probably stolen) offering to sell a device for a low price (yes, the $1000). Of course he suggested the typical Western Union switcheroo, but in my case with the following twist: I received an e-mail from TNT Express that the package was posted and in transit (with tracking number and everything), and actually it read as if TNT was suggesting to use Western Union and utilize them (TNT) as escrot. This guy used an official TNT Express confirmation e-mail but massaged the content. He used another false e-mail account with name "tnt transaction" to make me believe the mail indeed comes from TNT. Looking back, I did find it somewhat strange that the mail looked like a forwarded mail and some text about not contacting them directly was indeed somewhat unusual. (But then, it's not possible to contact many other companies via phone ... eBay for one!). So I thought the slightly odd formating was due to my browser settings and thus did fall into the trap.
I also had to learn that this person reused a name on his e-mail account, under which he already made some scams: Kiriacos Guvis. The address he gave me was
Ungureanu Ana Maria
3 septembriu nr. 123
Athens, TK10433
Through a search on the Internet, I found that the Kiriacos Guvisalias was used already previously for a similar scam at the Olympic Games: http://www.wcticketexchange.com/spot_a_scammer.asp
I am not knowledgeable in matters of law, but isn't there a way to hold Western Union liable for not verifying the identity of the people picking money up? Hell, when I PAYED the damn money they even photocopied my passport!!
For completeness I include below the headers of the two mail account (TNT and Kiriacos Guvis). Using the IP 80.96.229.64/80.96.229.65 from the mails I get the following information:
route: 80.96.229.0/24
descr: ONIX
origin: AS15972
mnt-by: ONIX-MNT
notify: [email protected]
changed: [email protected] 20040121
source: RIPE
person: Onix Domain Administrator
address: G-ral Magheru 5, bl. C1 tronson
address: D, mezanin II, Rm.
address: Valcea,Valcea,
address: Romania
phone: +40-250-736668
fax-no: +40-250-733303
e-mail: [email protected]
nic-hdl: ODA3-RIPE
notify: [email protected]
mnt-by: AS3233-MNT
changed: [email protected] 20040121
source: RIPE
And it's in Romania ... oh well!
Cheers,
Peter
------------------------------
Mail Headers:
Return-Path: <[email protected]>
Received: from mx4.bluewin.ch (172.21.1.114) by mssazhh-int.msg.bluewin.ch (Bluewin AG 7.0.030.2)
id 412EB75801D40C44 for xxx; Mon, 27 Sep 2004 15:47:37 +0000
Received: from webmail-outgoing.us4.outblaze.com (205.158.62.67) by mx4.bluewin.ch (Bluewin AG 7.0.030.2)
id 4157D7ED000370CC for xxx; Mon, 27 Sep 2004 15:47:37 +0000
Received: from wfilter.us4.outblaze.com (wfilter.us4.outblaze.com [205.158.62.180])
by webmail-outgoing.us4.outblaze.com (Postfix) with QMQP id 5064018022B8
for <xxx>; Mon, 27 Sep 2004 15:47:35 +0000 (GMT)
X-OB-Received: from unknown (205.158.62.49)
by wfilter.us4.outblaze.com; 27 Sep 2004 15:45:33 -0000
Received: by ws1-1.us4.outblaze.com (Postfix, from userid 1001)
id C02E34BDA8; Mon, 27 Sep 2004 15:45:32 +0000 (GMT)
Content-Type: text/html; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.41 (Entity 5.404)
Received: from [80.96.229.64] by ws1-1.us4.outblaze.com with http for
[email protected]; Mon, 27 Sep 2004 10:45:31 -0500
From: "tnt transaction" <[email protected]>
To: xxx
Date: Mon, 27 Sep 2004 10:45:31 -0500
Subject: TNT
X-Originating-Ip: 80.96.229.64
X-Originating-Server: ws1-1.us4.outblaze.com
Message-Id: <[email protected]>
------------
Return-Path: <[email protected]>
Received: from mx9.bluewin.ch (172.21.1.119) by mssazhh-int.msg.bluewin.ch (Bluewin AG 7.0.030.2)
id 412EB75801D28B3E for xxx; Mon, 27 Sep 2004 14:03:59 +0000
Received: from web25403.mail.ukl.yahoo.com (217.12.10.137) by mx9.bluewin.ch (Bluewin AG 7.0.030.2)
id 4157D9A300016759 for xxx; Mon, 27 Sep 2004 14:03:59 +0000
Message-ID: <[email protected]>
Received: from [80.96.229.65] by web25403.mail.ukl.yahoo.com via HTTP; Mon, 27 Sep 2004 16:03:59 CEST
Date: Mon, 27 Sep 2004 16:03:59 +0200 (CEST)
From: Kiriacos Guvis <[email protected]>
Subject: Frage eines eBay-Mitglieds
To: xxx
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-141910374-1096293839=:1955"
Content-Transfer-Encoding: 8bit
----------------