Scammers pretending to be US Soldiers

I just got done reading an article about the increase of scams in which the scammers are pretending to be a US Soldier. Why do these scams continue to work so well? These scams play on the victims emotions.

As far as we look back at history, we can find stories of letters being sent from soldiers going to fight for their country or a cause back to someone that they care for. With the age of the internet, these letters are sent via email instead of traditional methods. Through these letters people feel connected and share stories, and the start to build trust and sometimes even deeper feelings for the other person. Now, add to this that many people want to do the right thing to help out a soldier who is fighting for our country and you add even more emotion to this stories and THAT is why they work so well.

This article does state that

The Army has received complaints from the United States, Canada, Australia, Japan, Great Britain and elsewhere, with victims reporting losses from a few thousand dollars to $28,000 in one case, Grey said. The stolen identities have primarily come from soldiers and Marines, who have been deployed in the greatest numbers.

In response, the U.S. government has issued warnings, with its embassy in London going so far as to post online examples of fraudulent military papers used in scams.

The US Army released a warning about these internet scams which includes some red flags and warning signs to look for.  At Scam Victims United, we would recommend that you do not send money to anyone that you do not know personally.  If the first time that you came in contact with this person is via the internet, even if you have been speaking for months, remember that you do not really KNOW this person . . . you have no way of knowing who is really on the other end of the computer screen.

Facebook “Dislike Button” Scam

If you are on Facebook you have seen the “Like” button underneath users’s post, which is a cute way to let people know that you agree with or “like” what they said, without having to post a comment. For years, people have been saying that they should also have a “Dislike” button, so many Facebook users eagerly download a recent program that said it loaded the new “Dislike” button to your profile.

This program will ask you to download an application, which then brings up several surveys asking for personal information, and in the end you do get a “Dislike” button but you are also automatically signed up for a $5 per month cell phone charge.

Here is a link to a video report on this scam

Hiding behind the email

You just got an email and it looks like it is really from a local business or organization that you know. Is it possible that it could be from a scammer? The answer is yes. Scammers use a technique called spoofing to do this.

What is spoofing? Well, if you want to go and read the technical definition of it, you can go here, but for those of you who are like me and some of the technical talk starts to sound like “blah, blah, blah” here are the spoofing basics.

Spoofing is when the person who sent the email makes it appear like the email cam from a different email address. One of the clues would be if the From line in the email has a different address than the Reply To line of the email.

Why would anyone want to do this? Well, the scammers take on many different profiles, and since they are trying to gain your trust, and your money, they have to make it LOOK like they really are who they say that they are. If they can spoof an email address of a well know business, and in their email they say they are with that business, there are some people who are not as internet savvy that will believe that the scammer is really who they say they are or associated with the company they claim to be with simply because the email address appears to be from that company.

Email spoofing is a common tool used by internet scammers, since it allows them to hide behind the identity of another person or company.

Look inside your emails

I have never claimed to be a internet or computer know it all, so I have learned to do some research and look to those who do know more on the “technical” side of how things work when I need to. When I decided I wanted to talk to my readers about the information inside of an email, spoofing, hacking and IP addresses I knew I was entering into a world that I am not comfortable with . . . seriously, all of the technical talk starts to sound like “blah, blah, blah” to me. So that is when I contact my friend and fellow scam fighter at

Ironically, he wrote an article just this month about a LOT of the things that I wanted to touch on. Here is a sample . . .

Some of you reading this article may have seen news reports of people getting alarming email messages from their friends.

Tales such as “Help, I’m stranded in Nigeria and need money” have come to many people as a surprise in recent months, and the trend seems to getting more widespread. The messages are coming directly from the email accounts of someone you know, and at first glance it may seem real. The truth, once discovered, is that the email account has been taken over (hacked [link]) by a fraudster, and the solicitations for money being sent out are a simple fraud. One question that seems lost in all of these news reports is “how did this happen?” — Let’s investigate this a little further and shed some light into this dark corner.

From Hack To Phish

Hacking covers a wide range of techniques, such as Security exploit; Vulnerability scanner; Packet Sniffer; Spoofing attack; Rootkit; Social engineering; Trojan horse; Virus; Worm and Key loggers; but for the purpose of this article we will concentrate on only one of these, social engineering.

“Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.” (Source Wikipedia: [link])

Phishing [link] of course, comes under the general umbrella of social engineering and is a technique of fraudulently obtaining private information. People may associate Phishing with financial institutions (banks, credit cards and credit unions), eBay, PayPal and others due to a great many reports in press. However, one form of this phishing hides in relative obscurity, and asks not for banking details, but for your email account login credentials. If you get one of these emails, it may actually look very real indeed.

To read the rest of this article, go to

It starts with an email . . .

Here is a typical email that could show up in your inbox and start you down the path of becoming a scam victim if you don’t know what to look for.

Subject: You Have A Package


Reply To:

You have a bank draft of $580,000.00 USD , which await the outstanding payment of $95.00 Contact our dispatch unit for dispatch immediately. Contact person: Mr. Celin Smith, Email: Tell: +234 807 363 6733

How do I know that this is a scam from just this small amount of information? Let me show you.

First, they tell you that you have a large amount of money just sitting there waiting for you, and all you have to do is just send them some money and they can release these funds to you.  This is used in inheritance and lottery scams on a regular basis.  If you really did have a large amount of money owed to you, and the only thing holding that money from getting to you was some sort of payment, they could take that payment from the amount owed and just send you your money.

Second, there are WAY too many email addresses going on in this email.  There is the one in the From line, which is probably spoofed or this person could have had their email account hacked into.  We will talk about spoofing and hacking later on this week.  Then there is a different email address in the Reply To line, which includes the term FedEx, but is not a legitimate FedEx extension . . . a simple Google search verified this.  Then, within the email there is a third email address, again with terms referring to FedEx, but if you look they are on the front part of the email address, the part after the @ is from which is a free email service.  With free email services the person setting up the account has full control over the letter that appear before the @ in the email address.  I could go and create one right now that said WaltDisney@(insert free email service here) but that does not mean that the people who I am emailing are getting emails from Walt Disney.

Third, look at the phone number provided . . . Tell: +234 807 363 6733 . . . that is WAY too many numbers to be a United States phone number.  Another Google search tells me that 234 phone numbers are from Nigeria, and Nigeria is the number one country of these types of scams.

So what have we learned today?  Google is our friend, look at the email address and see if it is a free email service, and check your phone numbers.

The Non-Technical Guide To Finding An Email IP Address

James Bigglesworth (CyberCrimeOps.COM)
January 30, 2010

Being an anti-fraud activist for a number of years, and frequenting many different types of anti-fraud communities, I have heard many questions (and answers) about locating IP Addresses from an email. This article is for non-technical explanations into how to find it, and then how to figure out what it means.


Before we get started, let us look briefly at what an IP Address actually is.

Simply put, an IP (Internet Protocol) Address is a series of numbers assigned to a device that is part of a computer network. The IP Address can be thought of in the same light as a street address, giving a unique reference to a geographical location.

The IP Address is a set of 4 numbers separated by periods like this; nnn.nnn.nnn.nnn. Each number will be between 0 and 255 like this;

When you connect to the internet, your ISP gives you an IP Address, and it stays with you as you surf the world-wide-web. You may get a different one from your ISP the next time you connect, or you may get the same one. When you send an email, each machine between you and the recipient makes their mark in the email header. These marks give a roadmap of how the email has travelled through the internet.


As mentioned above, an IP Address gives unique geographical pointers, and in the case of email communications can show you where an email actually came from, and the route travelled before it gets to your inbox.

This information can be vital in figuring out whether someone talking to you via email is being truthful about their location or not. For example; if someone you are about to purchase something from says they are in the UK, but their IP Address says Nigeria, then clearly you may be on the verge of being defrauded.


In short, yes. There are a few ways that an IP Address can be altered when sending an email. Spammers for example, use an Email Relay systems to obfuscate their originating location. So instead of an email really being sent from Russia, it may appear to come from the United States of America. Typically this kind of email is sent in bulk via specialised email software designed just for this task.

Other techniques are to send emails using scripts on a website, probably one that has been hacked into. These may only give the starting IP Address which relates to the machine on which the script was hosted.

Another technique is to use a webmail account that either does not give out the originating IP Address, or the webmail account is logged into whilst using a piggyback machine (Internet Proxy) to hide the real location.


Locating the IP Address requires that you look at the header information embedded into the email itself. How you get to that information will depend on what you use to read your emails.

Rather than reinvent a wheel, I have chosen to incorporate information already published elsewhere. SpamCop.NET (anti-spam organisation) carry a large list of information regarding the revealing of email header information. The page is part of the SpamCop.NET FAQ [link] and covers many of the more popular software applications and webmail providers.


The email header contains a great deal of information, and for our purposes most of this is useless. Due to the possible wealth of information it is very easy (and common) for people to get completely confused.

First obstacle is realise that you must read the header from bottom to top and not top to bottom! This common mistake could mean the difference between identifying someone in Africa, or saying they are in Sunnyvale California and work for Yahoo!

As you read up the header, look for the first IP Address. You may be lucky as the header may have a special field called X-Originating-IP (or similar). If not, keep reading until you spot something, then look this number up using a WHOIS service (see below).


As mentioned above, we need to use a WHOIS lookup service once we have located an IP Address. There are literally many hundreds of these on the internet that can be used.

I will recommend only two, as I use both of these myself. The first is called Domain Tools [link] and is my personal favourite. The other is called DNS Stuff [link]. DNS Stuff contains a lot more geeky tools, but look for the “WHOIS/IPWHOIS Lookup” and enter the IP Address.

The information you get back may give you the information your seek, such as the company & country that is allocated to that IP Address.

Some things to think about when getting results you don’t understand. Some foreign countries, especially Africa, use satellite connections to get onto the internet. This means that the IP Address will relate to the first landfall that is made from the satellite. This could be in any number of countries, such as UK, Canada, USA, Israel, or others.

It takes more investigation at that point as you then have to visit the corporate website and try and find their coverage map, if they publish it. This will indicate what satellite services they utilise, and what areas of the world it covers.


Unfortunately no. Some email services do not log the original IP Address in the header. Typically this would be done from a WebMail provider. Three of the best known IP hiders are GMail, FastMail and HushMail.

GMail and FastMail allow their users to send emails directly from their email application of their computer, instead of using the webmail interface. This mechanism does not hide the original IP Address, so it is always worth having a look at the header, just in case.


Fortunately there are people out there who like to help, by providing tools we can use for free. If you find reading an email header too confusing or complicated then try copying and pasting the whole header into the following web-page; I have no idea who owns it, but it has been around for many years.

This very useful tool will read the header for you and display all those it finds, along with a probable country of origin. The email header will be displayed to you again, but all IP Addresses will be highlighted so you can see where they all are. This can be very useful if you are learning to read the header yourself.

The ApeLord tool will also have links to DNSStuff, to enable you to look at details in closer detail.

Further Reading

  • Wikipedia – IP Address [link] | Private IP Address [link]
  • Wikipedia – Email Relay [link]
  • Wikipedia – Internet Proxy [link]
  • SpamCop.NET – Reveal the full, unmodified email. [link]
  • Wikipedia – Email Headers [link] | E-Mail Message Header [link]
  • ApeLord – Header Analysis [link]
  • WHOIS Lookup – Domain Tools [link] | DNS Stuff [link]

Original article written for Shawn Mosch, co-founder of ScamVictimsUnited.COM

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.



The FTC has charged the operators of an Internet-based check creation and delivery service with violating a 2009 court order. The FTC has asked the court to impose a daily fine or imprisonment to make Neovi, Inc., its principals and affiliates stop their illegal actions, compensate affected customers, and give up their ill-gotten gains. According to the FTC, the defendants allowed people to create and email checks via the Internet without verifying their identities or their authority to withdraw money from the accounts they were using.
Press release: