Suspicious email offering to help get funds back - fake Cysec address

Aussie investor

Private
Messages
15
Hi All,

Please be aware if you receive an email like the following:

" Demetra Kalogirou <cysec.gov.cy@europe.com>
8:32 AM (5 hours ago)
to me

We conducted a search through a wide range of database and discovered that the number of people who are complaining about being scammed by their brokers are much, and so we have decided to reach out to as many as possibe who want their funds refunded back to them. kindly get back to us and we will help you get a refund."

It is obviously a SCAM. It is not Demetra Kalogirou from Cysec as they would lead you to believe. This is clear for the following reasons:

1. The email address used. It is not in the same FORMAT as those used by Cysec. This is what a legitamate email address from Cysec will typically look like "<info@cysec.gov.cy>". This scammer has just ripped off the last part of a legit Cysec email and used a different domain name;

2. They cannot spell "POSSIBLE" nor did they use a capital letter after a fullstop - im sure Demetra is educated enough to know how to do this;

3. The time in Cyprus at the time the email was sent to me was around 12am. I recieved a follow up email not so long ago and that would correlate to a Cyprus time of 530 am. I highly doubt Demetra Kalogirou is writing emails at 12am and 530am her time trying to help get my money back :)

BEWARE!!!!
 
Last edited by a moderator:
Try to get the full message headers. It may be possible to determine where this came from.
 
Try to get the full message headers. It may be possible to determine where this came from.
Thats all that i could seem to get. Im guessing its the same mob that contact you through "Valdemar Tore" and refer to a chinese based lawyer that doesn't exist. They then ask for money upfront to engage the lawyer to start working on the matter. Just a big scam
 
Thats all that i could seem to get. Im guessing its the same mob that contact you through "Valdemar Tore" and refer to a chinese based lawyer that doesn't exist. They then ask for money upfront to engage the lawyer to start working on the matter. Just a big scam

Here is the details how to get full headers.


How to view the full message headers of an email
If you're having difficulty with messages from a Google Group, viewing the message headers might help you track down the problem. The headers tell you where the email originally came from, and any other addresses it may have visited on its way to your inbox. Please follow the instructions below to view the message headers in your email program.

Gmail

  1. Open the message in your Gmail inbox.
  2. Click the down-arrow in the top-right corner of the message.
  3. Click the "Show original" link toward the bottom of the options box. The message will open in a separate window with the full message headers at the top.
Microsoft Outlook

  1. Open the message in Microsoft Outlook.
  2. Select "View," then "Options."
  3. You'll see the headers in the "Internet Headers" box.
Yahoo Mail

  1. Open the email message in your Yahoo Mail inbox.
  2. Click the "Full Headers" link located in the lower-right corner of the email message.
If instructions for your email program aren't listed above, please check your program's help information for instructions on viewing message headers.
 
Here….a Fake FCA recovery scheme ……..all kind of scammers will show up, pretending to recover funds.
 

Attachments

  • FCA (1).pdf
    525.9 KB · Views: 13
Full Message Headers:

Delivered-To: XXXXX gmail.com
Received: by 10.202.199.131 with SMTP id x125csp2596603oif;
Wed, 24 Feb 2016 19:37:42 -0800 (PST)
X-Received: by 10.140.145.72 with SMTP id 69mr56221758qhr.95.1456371462375;
Wed, 24 Feb 2016 19:37:42 -0800 (PST)
Return-Path: <cysec.gov.cy@europe.com>
Received: from mout.gmx.com (mout.gmx.com. [74.208.4.200])
by mx.google.com with ESMTPS id l63si6089640qki.111.2016.02.24.19.37.42
for <XXXXX gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Wed, 24 Feb 2016 19:37:42 -0800 (PST)
Received-SPF: pass (google.com: domain of cysec.gov.cy@europe.com designates 74.208.4.200 as permitted sender) client-ip=74.208.4.200;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of cysec.gov.cy@europe.com designates 74.208.4.200 as permitted sender) smtp.mailfrom=cysec.gov.cy@europe.com
Received: from [197.210.173.104] by 3capp-mailcom-lxa01.server.lan (via
HTTP); Thu, 25 Feb 2016 04:37:41 +0100
MIME-Version: 1.0
Message-ID: <trinity-1eadf763-ca2e-4065-a480-f8c98d8b1544-1456371461485@3capp-mailcom-lxa01>
From: "Demetra Kalogirou" <cysec.gov.cy@europe.com>
To: "" <XXXXX gmail.com>
Subject: Re: Scam Broker
Content-Type: text/html; charset=UTF-8
Date: Thu, 25 Feb 2016 04:37:41 +0100
Importance: normal
Sensitivity: Normal
In-Reply-To: <CADp1n_kX0VzZUcvzFoE+svDVzVzCZe_n+VVaDhL7YCBoR=i3Xw@mail.gmail.com>
References: <trinity-39c7c232-e910-4a65-8aaf-5aa94c208db2-1456353168993@3capp-mailcom-lxa01>,
<CADp1n_kX0VzZUcvzFoE+svDVzVzCZe_n+VVaDhL7YCBoR=i3Xw@mail.gmail.com>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K0:rEbxJyWrGNXgS0ItvMDuWWuwUgc42irWOico8KH6D91
SKzqVuk6WaaEHkc4t2HEn/qPy3Iq7BEmWS9riM17Q2xJs3QDcb
h2Py59jkeOyJNjwDQif4b9zqF9FEgxjCDZ37YY6tip5dZAJN6F
Kmf38S86Rp7/44x6VBgQJV8Xez81oDBxBdmTb/8cjTqK4HgRW0
qede0ADr3cV+v2t5L8HOhgOBNfRCbxo7YZ9bT5qa+rw70pkb6a
pxg0I7SfIHDXAFHjTnoTmtjVnw0r8ML7ATLnufSaurP/1dlVBh
fr9ZpaKxHbJn/+VPWHigjIv5lmt
X-UI-Out-Filterresults: notjunk:1;V01:K0:0JHO2EAj/9E=:nU+u3XDI06foagoCGKFkGE
utNCOaFRI6HTuLPXiAe7FsIJPi/r56AruViEUa7jrbROsCCmnaISjBBkCIOpE0gjRh2LGN43o
6KKIR5T0bTeOfx4m3+UYWWGoADGSr7DElKZBn/Y7hb/HvjBiBLp2CeC/8px31xECLSd3Fnejn
4bUvguqRzqFRYebaCi/KkDaUdRb1Vy7vvA5KVnVdJw3jZfNtnioGLephSJUzVQZQKHfyHgYB4
oegnJTbL6JXmkqAMmnpGqUJqNf7vGl4zxUPntBOVjIWI/chGCddQS/8ap8wIlQlCVLwexW7lp
FLYUbBQp26F0oe8j+o9a8FR02fIgYuXwnVMXSMrjf5wxA8Urk7suCikBbmqAIvd82Tg/QSFTz
VyYSWDM880f0oASUhTVd+Xm5IibfUuoxx6CyQB7eqlGIIlmjWxF1sZzu4oJq/Eqk3r8Zk1EKH
MsH+i16E7w==

How much did you lose and what broker in particular did you lose your money with?<br>
<br>
<div name="quote" style='margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;'>
<div style="margin:0 0 10px 0;">
<b>Sent:</b>&nbsp;Thursday, February 25, 2016 at 12:01 AM<br/>
<b>From:</b>&nbsp;&quot&quot; &lt;XXXXXgmail.com&gt;<br/>
<b>To:</b>&nbsp;&quot;Demetra Kalogirou&quot; &lt;cysec.gov.cy@europe.com&gt;<br/>

<b>Subject:</b>&nbsp;Re: Scam Broker
</div>
<div name="quoted-content">
<p>Hi, how do you propose to do that ? Thankyou</p>
<div class="gmail_quote">On 25 Feb 2016 9:32 am, &quot;Demetra Kalogirou&quot; &lt;<a href="cysec.gov.cy@europe.com" target="_parent">cysec.gov.cy@europe.com</a>&gt; wrote:<br/><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex;border-left: 1.0px rgb(204,204,204) solid;padding-left: 1.0ex;"><div><div style="font-family: Verdana;font-size: 12.0px;"><div><strong>We conducted a search through a wide range of database and discovered that the number of people who are complaining about&nbsp;being scammed by their brokers are&nbsp;much,&nbsp;and so we have decided to reach out to as many as possibe who want their funds refunded back to them.&nbsp;kindly get back to us and we&nbsp;will help you&nbsp;get a refund.</strong></div></div></div>
</blockquote></div>

</div>
</div>
<br/>
 
Last edited by a moderator:
Send the email and full headers to Cysec. They may want to put out a warning about this one.

If possible, keep "Demetra" occupied chatting with you. See how long until he asks for a fee.
 
Back
Top