Resolved Possible phishing attempt?

Hi. I just received an email from a friend who is not particularly internet-savvy. I'd attach it, but it's very long due to multiple forwarding, and all in Italian anyway. Basically the initiator suggested forwarding it to as many friends as possible, because Microsoft would then contact the sender to obtain a postal address and mail a cheque for 245 euros for every addressee to which it was forwarded, plus 243 euro for every one of those who forwarded it so a third addressee, 241 for each further forwarding, etc. It was interspersed with messages of glee from people who claimed to have just received a cheque for 34.540 euro and similar. By the time it reached me, it must have contained between 500 and 1,000 email addresses (and apparently nobody thought of using the "Bcc" field!).

Now, this is pretty obviously a scam of some kind: the arithmetic alone tells you Microsoft isn't going to pay out billions of dollars to a bunch of people just for forwarding an email. But I don't see who is winning here. How can a phisher get hold of a copy of this email with all those juicy, fresh email addresses? Who could possibly stand to gain from this scam? Or is it just some idiot's idea of a great practical joke?

I was able to copy the message header: is there anything suspicious in the following?

Received: from FBCMMI01B02.fbc.local ([192.168.69.89]) by FBCMST06V02.fbc.local with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 13 Oct 2009 14:42:01 +0200
Received: from FBCMMX01B05.fbc.local ([192.168.171.44]) by FBCMMI01B02.fbc.local with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 13 Oct 2009 14:42:00 +0200
Received: from cp-out2.libero.it ([212.52.84.102]) by FBCMMX01B05.fbc.local with Microsoft SMTPSVC(6.0.3790.3959);
Tue, 13 Oct 2009 14:41:58 +0200
Received: from wmail40 (172.31.0.229) by cp-out2.libero.it (8.5.107)
id 4AC9E4D600767F39; Tue, 13 Oct 2009 14:41:40 +0200
Message-ID: <1199713.177591255437700487.JavaMail.defaultUser@defaultHost>
Date: Tue, 13 Oct 2009 14:41:40 +0200 (CEST)
From: [my friend's address]
Reply-To: [my friend's address]
To: [a legit address - my friend's ex]
Subject: =?UTF-8?Q?I:__[Fwd:_I:_FW:_I:__COMUNICAZIONE_IMPORTA?=
=?UTF-8?Q?NTE...LEGGETE_KE_SE_E'_VERA......MAR=C3=B2=C3=B2=C3=B2!!!]?=
Cc: [a bunch of legit addresses, including my own]
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary= "----=_Part_15044_13575771.1255437700189 "
X-SenderIP: 81.208.18.101
X-Priority: 2 (High)
Importance: high
Return-Path: [my friend's address]
X-OriginalArrivalTime: 13 Oct 2009 12:41:58.0613 (UTC) FILETIME=[8DCCB850:01CA4C02]
X-Antivirus: avast! (VPS 091012-0, 12/10/2009), Inbound message
X-Antivirus-Status: Clean

Anyway, I stopped it right there, told my friend I was suspicious and would not forward it to anyone (and would she please stop publishing my address in the "Copy to" field!), and would seek your advice and report back.

 

Steve - you're absolutely right. I've already done the first half of your suggestion. It's just that my curiosity is burning me up! And my friend is offended that I killed her little project and I'd like to give her some more factual reasons for stepping on it than simply "believe me, it smells overwhelmingly phishy ". It would add to my knowledge, hers, and any other newbie's who's reading this post.

 

That's great, Steve - you're a star! (1) It gives me some ammunition to send to my friend, and (2) it confirms my suspicion that it's only a stupid practical joke and all those folks in the 500-1000 email addresses aren't in danger of being taken over by something from outer space.

As you so rightly said, delete and have done with it.

Best regards