Silver Tail Blog

Fighting against business logic abuse.

When Too Good To Be True Gets Even Better

free-money
In March of this year, Laura Mather posted a blog series on Nigerian ‘419’ scams, including telling the stories of victims who fell prey to this fraud.  This series has been one of the highest read Silver Tail blogs to date; with an even broader audience than we suspected!

Over the weekend we received the following blog comment from ‘Judy’:

 

Author : I was compensated
E-mail : judy*****@yahoo.com
URL    :
IP  : 217.14.85.242
Comment:
I am Mrs Judy Glass, I am a victim of online fraud. I was expecting some loan from some kind of firm. i ended up paying some money and got nothing in return. Then there was a  mail in my box that reads that i shall be compensated and i still believed and got scammed on the long run. So i went to NIGERIA and fortunately I was directed to the againcy incharge and they help me. now i am happy because i have been compensated. the only fee i paid was the legal fee which is constant ($600). So if you have been scammed you can reach them via the secetary (******@gmail.com).

This is a good new hurry and contact them because the offer will soon close so i was told.

 I wanted to give my reaction to this, but before I do, let’s just say Laura was not nearly as amused as I was.

Since the 419 scammer went to the effort of sending us this comment, I figure the least I can do it post it; but with a little commentary.

Afrinic whois lists the IP (217.14.85.242) as belonging to “GS Telecom Nigeria” in Lagos, Nigeria. IP geo-location is never enough to definitively mark something as bad, but in this case, it’s a strong indicator.  I doubt there are too many people named Judy in Nigeria who were scammed by a Nigerian 419 scam.

All contact is directed to free email address domains. Yahoo and Gmail email addresses for individuals’ personal use are largely legitimate (I have a couple myself); however, people representing organizations usually have email addresses with the name of the organization in the domain.  An ‘againcy incharge’ would likely have a private domain, not gmail.

Bad Spelling and Grammar are common in scam emails – especially from someone named, “Judy”. Many of these emails come from places where English is a second language.  I’m certainly not saying one should not trust emails from non-English speaking countries nor that perfect spelling and grammar make an email legitimate, but this is a factor to include with everything else.

Every email I’ve seen of this type has artificial urgency attached. Fraudsters of this variety want you to think as little as possible.  Asking that you act ASAP on the contents of the email is a great way to limit the amount of thought recipients go through before they respond.

Payment request between $200 and $900 are a common amount in 419 emails. Although I have seen numbers both higher and lower in 419 scams, the usual amounts fall in this range.  Again, this is not a definitive indicator, but another sign to be combined with the rest of the data points.

The promise of high returns for a nominal fee is ALWAYS present. This email is a smart twist on the standard scam, but still a recognizable relative.  Whenever I’m asked by family and friends to discern whether or not an email offer is legit, the first question I ask is, “Are they asking you to send money so that they might send you more money back?”  There are few examples I can think of where giving someone $600 will result in their sending me back ten to one hundred times that amount.

In general, I see this as a very interesting twist on the typical 419 scam.  In this case, the person figures there are people out there who have already fallen for a similar scam.  Who better to try to re-scam than someone who is known to be naive enough to have already fallen for something similar?  I must say, in some ways, this is quite brilliant (and somewhat amusing!).

November 10, 2009 Posted by Mike Eynon | Fraud, Online Fraud, Uncategorized | , | 3 Comments

Part 2: Dot-Con – Online fraud from the victim’s perspective

affidavitAs a reminder, this is the second part in a series about how internet scams no longer only victimize the naïve.  You’ll see in the two stories I’ll tell that intelligent, educated people fall for these scams because the scams have gotten more sophisticated and more difficult to report.

The first case involves “Paul”, a 29-year old medical doctor who lives in Europe. He received an email from a Barrister in London that said a relative of Paul’s had passed away and the Barrister was told to contact Paul about an inheritance left to him (~$7M).  Paul was told that he needed to pay the VAT tax on the inheritance money and then the money would be released to him.

The Barrister was very convincing.  He used words like “friendship” and “cooperation” to make Paul feel comfortable about the transaction.  The Barrister sent documents to Paul death-certificate-anonymizedthat looked legitimate.  You can see here the Affidavit that was sent, the death certificate, and the Stop Order that explains the taxes owed on the inheritance.  Since Paul does not live in England, it was difficult for him to confirm the legitimacy of this process or these documents.  The bad guys are spinning tales that are extremely convincing.

stoporder1This is where the story takes a bad turn.  Paul took out a loan to pay for the taxes on his “inheritance” and sent the money via Western Union to the “Barrister”.  In the end he sent the scammer over 7000GBP.   Paul will be paying back the loan on this scam for the next five years.

In the next installment I’ll tell another story about someone who was scammed.  And in follow-up posts I’ll talk about what these people did to try to get help.

March 19, 2009 Posted by Laura Mather | Fraud, Online Fraud, Phishing, Social engineering, Trust | , , , , | 5 Comments