I have never seen this before, but it does smell bad. If anyone wants the header info, I'll send it on. Also, if anyone has seen it, please explain what they are looking for. I gather they want the secure addys,,, could be wrong... Thanks - tc




To Whom It May Concern,

Firstly, I would like to extend a big hello to you from everyone
here at The National Crimestoppers Bureau, in the UK. My name is
Sarah ------ and I work as a call handler.

I have recently found that some emails have been directed to our
Most Wanted website from your country and as you may agree, we
don't want to regard this information as unactionable if it is
possible to pass it on to the relevant authorities.

I have been attempting to compile a list of secure email websites
where we can forward this information. As some places, such as
yourselves, do not support such sites, I would be most grateful if
you could forward an email address of a secure contact within your
area that can receive and handle this sensitive information.

As I'm sure you can appreciate, we are reluctant to send this
information over a standard email format unless we can be sure that
it will be handled with the utmost security. Once again, any help
you can provide in this matter will be most appreciated.

Yours Sincerely,

Sarah.

Never seen something like that before. Google shows nothing. Seems to be directed towards LEOs, are you sure this is spam? If you can post the header that might answer a question or two.

What use would a scammer have for an email address used for reporting crimes... weird.

Ok, here's a followup - Sarah's addy is .. crimestoppers-uk.org--- This seems ok.. the IP is 195.147.96.66 and here is the RIPE info:

Query the RIPE Whois Database
Search for


% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '195.147.96.64 - 195.147.96.71'
inetnum: 195.147.96.64 - 195.147.96.71
netname: GX-ADSL-CRIMESTOP
descr: crimestoppers trust
descr: Apollo House
descr: 66A London Road
descr: Morden
descr: Surrey
descr: SM4 5BE
country: GB
admin-c: PB1752-RIPE
tech-c: HM655-RIPE
status: ASSIGNED PA
mnt-by: AS5519-MNT
source: RIPE # Filtered
role: Hostmaster Contact
address: PIPEX Communications
address: The Hinshelwood Building
address: Edmund Halley Road
address: Oxford Science Park
address: Oxford
address: OX4 4GB
address: United Kingdom
phone: +44 870 909 8181
fax-no: +44 1865 778 160
admin-c: MATT1-RIPE
admin-c: HM655-RIPE
admin-c: ID40-RIPE
admin-c: RIZ5-RIPE
admin-c: FAZ5-RIPE
admin-c: SJC2-RIPE
admin-c: YSL1-RIPE
tech-c: MATT1-RIPE
tech-c: SH1765-RIPE
tech-c: RIZ5-RIPE
tech-c: ID40-RIPE
tech-c: MLAU1-RIPE
tech-c: BRI69-RIPE
tech-c: HM655-RIPE
tech-c: FAZ5-RIPE
tech-c: SJC2-RIPE
tech-c: YSL1-RIPE
nic-hdl: HM655-RIPE
abuse-mailbox: abuse@gxn.net
mnt-by: AS5519-MNT
source: RIPE # Filtered
person: Peter Brearley
address: crimestoppers trust
address: Apollo House
address: 66A London Road
address: Morden
address: Surrey
address: SM4 5BE
phone: +44 2082543250
fax-no: +44 2082543201
nic-hdl: PB1752-RIPE
mnt-by: AS5519-MNT
source: RIPE # Filtered
% Information related to '195.147.96.0/24AS5413'
route: 195.147.96.0/24
descr: PIPEX Communications
descr: (GXN)
descr: Carlton House
descr: 27A Carlton Drive
descr: London
descr: SW15 2BS
descr: UK
origin: AS5413
member-of: AS5413:RS-PIPEX
remarks:
remarks: ------------------------------------------------------
remarks:
remarks: Please direct Abuse complaints to abuse@gxn.net
remarks: Complaints directed elsewhere will not be actioned.
remarks:
remarks: ------------------------------------------------------
remarks:
mnt-by: AS5413-MNT


Based on this, it seems OK - If anyone has an opinion, please advise.. Thanks -tc

Daneel - It came to my website "contact us" e-addy ... From the way it was worded, it must have been a mass mailing. The "secure web" request is what throws me. Why??? If they are receiving info they can't use in a "practical" way, why not just refer the sender to the nearest LE agency ?? Just a little baffled right now.... tc

The email seems to have been mass-mailed, and the fact that they say "your country" rather than naming it also makes me suspect that it's a scam of some sort... but that IP seems to be connected to crimestoppers-uk.org, which is a legitimate website and organisation. I would suggest contacting them to check.

Thanks -yeah, I'll check it out when I can.... Working on a case now where a guy lost about $2000.00 to a company called ALTER COMPUTER U.K. --I know he was scammed and I don't think I can do much, but we're going to try.. They also claim to have people in Spain (yeah, right !!);) -- I'll be getting all the info the first of next week. I'll post some of it here and maybe you guys can help.... tc

The site is registered just for one year and the phone-number is completely bogus, that screams fake. I've tried making a reverse-ip lookup, for no avail. Has the mail possibly been spoofed?

Are you refering to Alter ?? If so, there is a good chance of that. I can't answer a lot of questions yet because the victim has not given me all the information yet. I googled the name an nothing matching came up (1st hint). When I have info (headers (?) addys, etc) I'll post as much of it here as I can. Then ya all can go crazy and find out what we can... Thanks - tc

Are you refering to Alter ??no, the crimestoppers thing

crimestoppers-uk.org is definitely a legitimate site :)

If that IP is really theirs I can't be 100% sure. It does have one of their addresses. Which phone number did you mean?

To dispel notion, Crimestoppers-uk is a perfectly legitimate organization in the UK. TC, all you have to do is contact the lady via email and the resulting header will tell you if it's dodgy or not. A scammer would not approach you in this way... not with a web IP that points right back to CS-UK, that would probably be very difficult to achieve (?)

crimestoppers-uk.org is leggit.

However there is also crimestoppers-uk.org.uk which is dubious at best. No website setup so it's apparently used for email only. I think that Rob may have been referring to this one.

TC, the domain you posted appeared truncated. Could it be crimestoppers-uk.org.uk that you have?

==============================

Domain name:
crimestoppers-uk.org.uk

Registrant:
Mike Morgan

Trading as:
Mike Morgan

Registrant type:
Non-UK Entity

Registrant's address:
12 Webster Place
CBS
Topsail
Topsail
A1W 5M7
CA

Registrant's agent:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com

Relevant dates:
Registered on: 17-Nov-2005
Renewal date: 17-Nov-2007
Last updated: 20-Nov-2005

Registration status:
Registered until renewal date.

Name servers:
ns1.proredirect.com
ns2.proredirect.com

"Mike Morgan" seems to buy a lot of different domain names according to Google searches, probably in order to sell them or earn money from the ads.

The nameservers Fabulous.com, Proredirect.com, DomainHop.com, and Rentalqueue.com belong to Internet companies that park and redirect domains for the purposes of getting “ad clicks.”

Yup. Not a scammer.

Right on! Daneel.

I wonder who will eventually be interested in purchasing crimestoppers-uk.org.uk and for what purpose since it's almost identical to crimestoppers-uk.org . Remains to be seen I guess.

On http://www.crimestoppers-uk.org/about/webpolicy/privacypolicy/ I read :

========
We may share your information with other organisations who are supportive of our aims and objectives. We only use your personal information for direct marketing purposes if we are allowed to do this by law or if we have your consent.
========

Since they do direct marketing, perhaps it was them. If the address wasn't spoofed.

Ok -- I e-mailed the crimestoppers-uk.org and asked about Sarah O. Am waiting for a reply. I see that Alibaba has been mentioned in other threads. The fellow who was scammed I spoke about did mention something about Alibaba (I think). Will know more when he gets back to me and will pass it on here. Thanks for everything, gang !!! tc :D PS -I did double check and it is just -- crimestoppers-uk.org -- Again, Thanks - tc

Follow-up on the crimestoppers-uk.org question - I received an answer from them and they do not seem to know a Sarah O. .... :cry: Therefore, I must regard the e-mail from her as bogus and presume that she/he is up to no good. Will post more info as it comes in........ About my "scamee".. Have not heard from him as of this post.. will post when I get the info.... tc