Pages

How to Spot a Scam

Wednesday, November 26, 2008

IP Address Tracker - The Best Way to Locate a Scam Artist

Have you received an email that sounds a little too good to be true? Or is your gut telling you that something isn't right? Wish you could locate exactly where that email came from? Well now you can. Every computer that is connected to the Internet has what is called an IP address. Similar to a phone number, an IP address is unique to every computer, which indicates Geographically where the particular computer is located.

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender. The tutorial below can help you find the IP address of the sender. Note that this will not work if the sender uses anonymous proxy servers.

First of all, the IP address is generally found in the headers enclosed beween square brackets, for instance, [129.130.1.1]

Finding IP address in Gmail
1. Log into your Gmail account with your username and password.
2. Open the mail.
3. To display the email headers, Click on the inverted triangle beside Reply. Select Show Orginal.
4. Look for Received: from followed by the IP address between square brackets [ ].

Example: Received: from [69.138.30.1] by web31804.mail.mud.yahoo.com

5. If you find more than one Received: from patterns, select the last one.
6. Track the IP address of the sender



Finding IP address in Yahoo! Mail

  1. Log into your Yahoo! mail with your username and password.
  2. Click on Inbox or whichever folder you have stored your mail.
  3. Open the mail.
  4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
    • Click on Options on the top-right corner
    • In the Mail Options page, click on General Preferences
    • Scroll down to Messages where you have the Headers option
    • Make sure that Show all headers on incoming messages is selected
    • Click on the Save button
    • Go back to the mails and open that mail
    • Look for Received: from followed by the IP address between square brackets [ ]. Example: 202.65.138.109.
      That is be the IP address of the sender.
      If there are many instances of Received: from with the IP address, select the IP address in the last pattern. If there are no instances of Received: from with the IP address, select the first IP address in X-Originating-IP.
  5. Track the IP address of the sender



Finding IP address in Hotmail

  1. Log into your Hotmail account with your username and password.
  2. Click on the Mail tab on the top.
  3. Open the mail.
  4. If you do not see the headers above the mail message, your headers are not displayed. To display the headers,
    • Click on Options on the top-right corner
    • In the Mail Options page, click on Mail Display Settings
    • In Message Headers, make sure Advanced option is checked
    • Click on Ok button
    • Go back to the mails and open that mail
  5. You should see the email headers now.
  6. If you find a header with X-Originating-IP: followed by an IP address, that is the sender's IP address
    In this case the IP address of the sender is [68.34.60.59].
  7. If you find a header with Received: from followed by a Gmail proxy like this

    Look for Received: from followed by IP address within square brackets[].
    In this case, the IP address of the sender is [69.140.7.58].


Look for Received: from followed by IP address within square brackets[].
In this case, the IP address of the sender is [61.83.145.129] (Spam mail).

  1. * If you have multiple Received: from headers, eliminate the ones that have proxy.anyknownserver.com.
  2. Track the IP address of the sender

If you have further question about the proceedure you can learn more here.

You can always Track the IP address here.

1 comment:

Anonymous said...

A novel idea, but this isn't going to work if you use CL's anonomized email listing (where is lists sale-123456789@craigslist.org as the email address instead of yours) - and who doesn't.

In this case, CL is actually receiving the email from the scammer and then re-forwarding the mail to you - meaning that for the email you receive the originating IP is actually CraigsList.

Why do I know this you ask? Of course because I was trying to track a scammer and figured this out when it traced back to CL :-/