Scam Investigation Toolkit

Step 1: Get Email Headers

In Gmail:

1. Open the email
2. Click the three dots (more options)
3. Select "Show original"
4. Copy everything

Step 2: Analyze the Sender

• 🔍 Check if "From" name matches the email address
• 🔍 Look for visual tricks (like "BIockFl" using capital I instead of lowercase L)
• 🔍 Compare "From" vs "Reply-To" addresses (different = red flag)
• 🔍 Check if it's a personal email (Gmail, Yahoo) claiming to be a company

Step 3: Trace IP Addresses

• 🌐 Find IP addresses in "Received:" headers
• 🌐 Use IP lookup tools to find location and ISP
• 🌐 Check if location matches claimed sender
• 🌐 Run WHOIS lookup for ownership information

Step 4: Investigate Links

• 🔗 NEVER click suspicious links directly
• 🔗 Hover over links to see real URL
• 🔗 Use URLScan.io to safely analyze links
• 🔗 Check domain registration with WHOIS
• 🔗 Look for recently registered domains (common scam sign)

Step 5: Document Everything

• 📸 Take screenshots of the email
• 📸 Save complete headers
• 📸 Document all IP addresses found
• 📸 Screenshot any fake websites
• 📸 Keep timestamps of when you received the email

Step 6: Find the Person Behind It

• 🕵️ WHOIS lookup on suspicious domains
• 🕵️ Reverse email search (using the Reply-To address)
• 🕵️ Check if email appears in data breaches (HaveIBeenPwned)
• 🕵️ Search email/domain on ScamAdviser
• 🕵️ Check hosting provider and report abuse
• 🕵️ Social media search for email addresses

1. Bug Bounty & Fraud Reporting Programs

Get paid for finding and reporting scams:

• 💵 HackerOne - Report phishing domains (up to $10,000)
• 💵 Google Safe Browsing - Report malicious sites
• 💵 Microsoft MSRC - Report phishing campaigns
• 💵 Paypal Bug Bounty - Report phishing attempts ($50-$5,000+)
• 💵 Banks & Financial Institutions - Many have fraud reporting rewards

2. Freelance Fraud Investigation

Offer your services on these platforms:

• 💼 Upwork - Email forensics, fraud investigation ($50-150/hr)
• 💼 Fiverr - Scam analysis services ($100-500 per investigation)
• 💼 LinkedIn - Network with law firms, companies needing fraud experts
• 💼 Direct to Victims - Help scam victims investigate (charge consultation fees)

3. Become a Certified Professional

Certifications that increase your earning potential:

• 🎓 Certified Fraud Examiner (CFE) - Average salary: $88,000/yr
• 🎓 Computer Hacking Forensic Investigator (CHFI) - $70,000-120,000/yr
• 🎓 GIAC Security Essentials (GSEC) - Entry level security cert
• 🎓 Certified Information Systems Security (CISSP) - $100,000+/yr

4. Full-Time Jobs

Companies hiring fraud investigators:

• 🏢 Banks & Financial Institutions - Fraud analyst ($60,000-100,000)
• 🏢 Tech Companies - Trust & Safety specialist ($80,000-150,000)
• 🏢 FBI Cyber Division - Special Agent ($80,000-130,000)
• 🏢 Secret Service - Electronic Crimes Task Force
• 🏢 Private Investigation Firms - Digital forensics specialist
• 🏢 Cybersecurity Firms - Threat intelligence analyst ($90,000-160,000)

5. Content Creation & Education

Share your knowledge and make money:

• 📹 YouTube Channel - Document your investigations (ad revenue + sponsors)
• 📝 Blog/Newsletter - Write about scam tactics (affiliate income)
• 📚 Online Courses - Teach others fraud investigation (passive income)
• 🎙️ Consulting - Train companies on fraud prevention ($200-500/hr)

🇺🇸 U.S. Government Agencies

🛡️ Anti-Phishing Organizations

📧 Email Service Providers

Gmail: Forward to phishing@google.com or click "Report phishing"

Outlook/Hotmail: Forward to abuse@outlook.com

Yahoo: Forward to abuse@yahoo.com

Mailgun: Forward to abuse@mailgun.com (Your scammer used this!)

🏦 Financial Institutions (Your Case)