Scam email ends:

Let's examine this email in more detail. The first thing is to look at the eMail's source code. In particular the headers. When you expand these you get:

Return-Path:
Delivered-To: xxx@xxx.xxx.xxx
Received: (qmail 88810 invoked by uid 1024); 30 Jan 2008 06:56:20 -0000
Received: from no_reply@moneybookers.com by server28.donhost.co.uk by uid 1002 with qmail-scanner-1.22
( Clear:RC:0(195.39.136.18):.
Processed in 2.135699 secs); 30 Jan 2008 06:56:20 -0000
Received: from unknown (HELO mail.alfarabiinvestment.com) (195.39.136.18)
by 192.168.147.22 with SMTP; 30 Jan 2008 06:56:17 -0000
Received: from User ([82.63.164.157] RDNS failed) by mail.alfarabiinvestment.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 30 Jan 2008 09:46:09 +0300
Reply-To:
From: "Moneybookers"
Subject: Money Received
Date: Wed, 30 Jan 2008 07.51.45 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: no_reply@moneybookers.com
Message-ID:
X-OriginalArrivalTime: 30 Jan 2008 06:46:10.0362 (UTC) FILETIME=[CC4FA1A0:01C8630B]

First and foremost, the Delivered-To address included in the eMail was a website address and not a personal address. I would never (and have never) used this address to sign-in to moneybookers or anywhere else for that matter. So, alarm bells were ringing in my head already. Now the return address and from addresses look genuine enough as: 'no_reply@moneybookers.com'. But, when you look closely at the message header you see that the originating server is 'mail.alfarabiinvestment.com' and the originating email address is: 'FARABIEXCHsbz8LtoDb000010ea@mail.alfarabiinvestment.com' but the reverse DNS lookup on this failed, so it's a fake address.

By now the alarm bells should be trilling in your head... This email originated from a source other than moneybookers.com and that source could not be verified by the maier program. This is a scam email. However, if you're still not certain that this is a scam email then have a close look at the main links in the email. The first of these is: <a target="_blank" href="http://203.92.45.194/www.moneybookers.com/app/index.html"><span id="lw_1181124139_1">moneybookers.com</a>. Basically the link is re-directed to the IP: 203.92.45.194 which has nothing at all to do with Moneybookers. The main link in the email from which you can 'claim your money' is also similarly cloaked: <a href="http://203.92.45.194/www.moneybookers.com/app/index.html">https://www.moneybookers.com/accept.php?payment_id?=43829574</a>. Once again you're re-directed to a site that has nothing to do with moneybookers but which looks exactly like the moneybookers site.

This email is clever in that it appeals to people's native greed. Getting money is good. But it's also been targeted at webmasters who use their websites to make money. Exactly the type of people who use moneybookers to receive payments and who get these kinds of emails several times a day. You would take this as just another moneybookers email and use the log-in page to transfer the money to your account. But once you log in the scammers have just grabbed all your details to log in to moneybookers. They can then use this to log into moneybookers to gain access to your account and to gain access to your personal details. This is a very clever phishing scam and all your personal details have just been grabbed and you've become a victim of identity theft.

This is a very clever scam email and very professionally done. But it only took me one minute of looking in detail at the email to uncover the scam. Basically if you get this kind of email just don't click on any links in it. Even if you use a payment system such as moneybookers (PayPal is just as vulnerable to this kind of scam) log into your account manually and don't use the link. That way you can safely access your account and you won't be scammed.