Scam emails

Discussion in 'IT & Internet' started by OMGVape, Aug 30, 2019.

  1. OMGVape

    OMGVape UKBF Regular Free Member

    243 29
    Is it possible to find the source of a (scam) email ? Even down to which country would be good to know. If a friend forwarded it to me could I trace the origin country?
     
    Posted: Aug 30, 2019 By: OMGVape Member since: Jan 21, 2018
    #1
  2. TargetICT

    TargetICT UKBF Contributor Free Member

    63 11
    You can’ get the sending server and co but most times they just compromise legitimate accounts.

    You could reply with an email containing a tracking cookie that would capture location, isp and device information whenever the email is opened.
     
    Posted: Aug 30, 2019 By: TargetICT Member since: Feb 26, 2018
    #2
  3. KM-Tiger

    KM-Tiger UKBF Legend Full Member - Verified Business

    9,839 2,617
    You need to see the full original headers which forwarding will not give you. You *might* be able to determine the source from the original headers, but that could be a compromised system or a bot.

    It's generally more fruitful to have systems that block nasty stuff rather than worrying about exactly where it came from.
     
    Posted: Aug 30, 2019 By: KM-Tiger Member since: Aug 10, 2003
    #3
  4. OMGVape

    OMGVape UKBF Regular Free Member

    243 29
    Thanks for the replies, I like the idea of a tracking cookie but wouldn’t know where to start.
     
    Posted: Aug 30, 2019 By: OMGVape Member since: Jan 21, 2018
    #4
  5. WESH.UK

    WESH.UK UKBF Contributor Free Member

    75 16
    Sadly not, you would need the original, otherwise all you are going to see is the info in the headers of your friend emailing you.

    If you can get the original sent to you as an attachment instead of forwarded, then yes, you can see where it was sent from and at the very least, report them for spamming which may likely result in their server being blacklisted.
     
    Posted: Aug 30, 2019 By: WESH.UK Member since: Aug 11, 2018
    #5
  6. TargetICT

    TargetICT UKBF Contributor Free Member

    63 11
    Posted: Aug 30, 2019 By: TargetICT Member since: Feb 26, 2018
    #6
  7. OMGVape

    OMGVape UKBF Regular Free Member

    243 29
    P
    That’s possible, when I get it as an attachment where do I get the origin info?
     
    Posted: Aug 30, 2019 By: OMGVape Member since: Jan 21, 2018
    #7
  8. WESH.UK

    WESH.UK UKBF Contributor Free Member

    75 16
    > I like the idea of a tracking cookie but wouldn’t know where to start.

    You would need to be the sender of the email and a "Tracking pixel" is extremely unreliable to say the least. At best, all it will show you is where in the world your email was opened by people with poor email security.

    If for example you open that email within MS Outlook, you can view the message headers very easily. Just depends which version of outlook you are using.

    With Outlook 365 for example, at the top of the email there is now a "Tags" arrow, its tiny and easy to miss, whereas in previous versions you could actually select "Message options" and the mail headers were then viewable.

    With out mail clients, you will want to read the manual so to speak on how to view message headers.

    Once you get the email header, copy and paste it into something like this:
    https://mailheader.org/

    That will make more sense for the average man about town :)
     
    Posted: Aug 30, 2019 By: WESH.UK Member since: Aug 11, 2018
    #8
  9. OMGVape

    OMGVape UKBF Regular Free Member

    243 29
    That’s a great help, thank you.

    And thanks to everyone else.
     
    Posted: Aug 30, 2019 By: OMGVape Member since: Jan 21, 2018
    #9
  10. TargetICT

    TargetICT UKBF Contributor Free Member

    63 11
    An alternative solution to tracing the whereabouts of the scammer would be more than welcome.
     
    Posted: Aug 30, 2019 By: TargetICT Member since: Feb 26, 2018
    #10
  11. TargetICT

    TargetICT UKBF Contributor Free Member

    63 11
    You're welcome.
     
    Posted: Aug 30, 2019 By: TargetICT Member since: Feb 26, 2018
    #11
  12. Mr D

    Mr D UKBF Legend Free Member

    16,193 1,804
    Pay a specialist tracing company a fortune and they may be able to track backwards and narrow it down. To the country that sent the message, which may be half the world away from the person.
    Depends how much the scammer tries to hide their location - hiding isn't that hard from what others tell me.
    If you want the actual address of someone who knows how to cover themselves you are probably not going to get it.
    Or the person could end up giving you your address.... :)
     
    Posted: Aug 30, 2019 By: Mr D Member since: Feb 12, 2017
    #12
  13. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,307 1,520
    Try pasting the header details into https://www.spamcop.net and that should discard all the fake gubbins and give you the real stuff
     
    Posted: Aug 31, 2019 By: Ian J Member since: Nov 6, 2004
    #13
  14. cjd

    cjd UKBF Legend Full Member - Verified Business

    15,447 3,073
    It's impossible for an individual to track back to the original sender. The majority of spam comes from rented bot nets; the mailheader and IP address is that of the hi-jacked PC.

    Others come from illegally rented virtual servers in Germany and France and other countries with lax security/regulation.
     
    Posted: Aug 31, 2019 By: cjd Member since: Nov 23, 2005
    #14