[nsp-sec] Google/Gmail - gmail in use for hitman 419 scam

RuthAnne Bevier ruthanne at caltech.edu
Wed May 28 00:28:35 EDT 2008 

I'm not sure who to send this to at Gmail to get this shut down and
maybe investigated.  One of our users received a 419 variant known
at the "hit man" scam, in which the sender claims he is a hit man
contracted to kill the recipient, but for a price he will not carry
out the murder.  Full headers are below (with recipient's username
supressed by request).  The user has also reported this to the FBI. 

The message demands that the recipient send a response to
"final.bulletpoint360 at gmail.com".

-------- Original Message --------
Return-Path:    <redbulletpoint.1 at klikni.cz>
X-Original-To:  xxx at caltech.edu
Received:       from fire-dog.its.caltech.edu (fire-dog
[192.168.1.4]) by
earth-ox-postvirus (Postfix) with ESMTP id C4F0B1BC77 for
<xxx at caltech.edu>; Tue, 27 May 2008 03:42:01 -0700 (PDT)
Received:       from ag-out-0708.google.com (ag-out-0708.google.com
[72.14.246.248]) by water-ox.its.caltech.edu (Postfix) with ESMTP id
EFAD21BA77 for <xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700
(PDT)
Received:       by ag-out-0708.google.com with SMTP id
8so2985600agc.0 for
<xxx at caltech.edu>; Tue, 27 May 2008 03:41:58 -0700 (PDT)
Received:       by 10.90.103.3 with SMTP id
a3mr1414933agc.112.1211884870218;
Tue, 27 May 2008 03:41:10 -0700 (PDT)
Received:       by 10.90.83.5 with HTTP; Tue, 27 May 2008 03:41:10
-0700 (PDT)
Message-ID:
<ced2a0070805270341v10ce85a2q78e8396c8d2cadbd at mail.gmail.com>
Date:   Tue, 27 May 2008 12:41:10 +0200
From:   ANTHONIO BENITO <redbulletpoint.1 at klikni.cz>
Subject:        SOMEONE YOU CALL YOUR FRIEND, WANTS YOU DEAD.
MIME-Version:   1.0
Content-Type:   multipart/alternative;
boundary="----=_Part_12012_15314810.1211884870212"
To:     undisclosed-recipients:;
X-Spam-Scanned:         at Caltech-ITS on fire-dog by amavisd-2.4.5
X-Spam-Score:   2.996
X-Spam-Level:   **
X-Spam-Status:  No, score=2.996 tagged_above=-10000 required=5
tests=[DK_POLICY_SIGNSOME=0.001, HTML_10_20=0.945,
HTML_MESSAGE=0.001,
SUBJ_ALL_CAPS=1.166, UNDISC_RECIPS=0.883]






-- 
RuthAnne Bevier
Information Security
California Institute of Technology   
626-395-2671
ruthanne at caltech.edu

More information about the nsp-security mailing list