How I dodged a scam email

A Pakistani scammer emailed me, posing as the official embassy of a country. Here's how I found out and maybe you can too.

How I dodged a scam email

Google does a good job of sending scam emails straight to the trash bin. So this wasn't an email I randomly received from a Nigerian prince. Ah, those were the days of 2006! This was a potential scam email address I sent an email to (and got a reply).

I say 'potential' because I can't be completely certain this person was a scammer, but he posed as an embassy official when he probably runs a travel agency; which is fraud, nonetheless.

Here goes the story:-

In light of the current Covid situation, I emailed four embassies with a specific travel query. I sourced their official email IDs online.

Of the four, one seemed suspicious, but I was tired of this research and wanted to be done with the last step. I sent the same email to all four embassies.

In any other situation, where I'd need to send a one-time email, I would use some alias service. But I thought the embassies should know it's a real person behind the query. So I sent it from my personal Gmail.

Below is the email I sent (to the suspicious mail ID):

Notice the email ID underlined in red

The recipient email address was something like: [email protected]<country code>embassy.in

Now, if you are someone who has squandered away a few years of your life online—like myself—you would already know that official email addresses need to look... official.

If I were calm and collected, I would've thought, "Hmm, why does the email ID of a foreign embassy have a .in domain extension instead of it's own?"

And then I would have proceeded to verify this email address and somehow ended up on Twitter.

But I was in no mood for research. I thought, "maybe it's their India office, I'll know when I get the reply.".

And then I got the replies:

Here's how one legitimate response looked:

Legitimate response

How do I know this email was legitimate?

  • It answered my query to the point.
  • It didn't ask me to do something weird or go outside Gmail.
  • It left a (legitimate) link for additional information.

Now contrast this with the fraud reply from the suspicious email:

Fraud response

This looked totally scammy because:

  • The word 'agent' set off all kinds of alarms.
  • WhatsApp?! Seriously?! My entire family is already running a scam there. No thanks.
  • The weird first letter capitalisation and differences in font size.

But you can see how it could come across as 'very official' with its The Embassy of.., the undersigned Ambassador's office and the address in New Delhi.

I got annoyed with myself and decided to do one final confirmation about its fraudulence.

I did a basic WhoIs lookup of the domain name associated with the email. And I found answers very quickly:

Mastermind's dead giveaways
  • First off, the domain name itself was created on 15th Jan 2019. That's too recent for an embassy. India's national portal, for eg., was created in 2005 and that still seems recent.
  • Second, the name of the organisation that registered this domain was xxxxmastermind. Yeah, that seems totally official.
  • Lastly, the country where the domain was registered was neither in India nor in the purported embassy country. It was registered in Pakistan.

Sigh.

Now, we may have fought four wars and hate each other like there's no tomorrow, but we—Indians and Pakistanis—are more similar than we like to think; in making conversation with a mouthful of paan, in insisting that our guest have just one more <insert food item> and in our deep love to scam people online.

(In all seriousness, love to Pakistan ki awaam from a Hindustani who doesn't 'bhau bhau'.)


I could have stopped there and moved on with my day. But I googled 'xxxxmastermind'. This 'master of a mind' had used the same username for his personal social media as he had to run this fraud. What a mastermind.

I found his dp on one site—a selfie in the toilet—and thought it only fitting to make some artful additions to the floor and send that as reply.

I'll let your imagination run wild as to what those majestic items on the floor could be.

Goo chi gang

As a brown man who intends to fly towards the Atlantics and beyond, my girlfriend asked me to calm the freak down and not get too adventurous, by getting into a back and forth with a scamster from the aforementioned country.

The last thing I need while traveling amidst the pandemic stress, is an airport security flagging me to do a 'pat-down' or worse, a strip-search; because I now show up on their radar, thanks to my amorous email exchange with the said mastermind.

Come to think of it, what if this is the scam?

What if he derives some sort of a devious pleasure in trapping oversmart innocent enquirers like myself into an email exchange with him, which then puts the likes of poor little me on the radar of international intelligence agencies?

I need to wear nice chaddis when I fly.