jwSpamSpy Recent spam domains Spam domain blacklist
Links joewein.de joewein.net Contact |
|
|
"419" Scam – Advance Fee / Fake Lottery Scam
- Frequently asked Questions (419 FAQ)
- Is it a scam? Check online here!
- Phone numbers used by 419 scammers
(+225 +229 +234 +27 +31 +32 +34 +44 other) - Company names mentioned in 419 spam:
1 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z - How to report 419 spam to us
- What can you do when you receive 419 spam
- Names of people mentioned in 419 spam
- IP addresses / ISPs used by 419 scammers
- Email addresses used by 419 scammers
- Domains registered by 419 scammers
- Opinions about the scammers and their victims
- 419 scam trivia and observations
- Support our efforts to stop scams!
Advertisement:
|
The so-called "419" scam (aka Advance Fee fraud, "Nigeria scam" or "West African" scam) is a type of fraud named after an article of the Nigerian penal code under which it is prosecuted.
Typically, victims of the scam are promised a lottery win (example) or a large sum of money sitting in a bank account or in a deposit box at a security company. Often the storyline involves a family member of a former member of government of an African country, a ministerial official, an orphan or widow of a rich businessman, etc. Here is an example. Variants of the plot involving the Philippines, Taiwan, China, Hong Kong, Korea, Iraq, Kuwait, UAE, Mauritius, etc. are also known. Some emails include pictures of boxes stuffed with dollar bills, scans of fake passports, bank or government documents and pictures of supposedly the sender.
Though most of these scams use emails sent in English, we also come across emails translated into French, German, Italian or Spanish, as well as English and French letters by postal mail, usually mailed from Spain.
Back in the 1980s (for this is nothing new!) the main vehicle for this scam were fax machines.
The victims are promised a fortune for providing a bank account to transfer the money to. Then - if they fall for the scam - they are made to part with thousands and sometimes hundreds of thousands of dollars in "fees" (taxes, insurance, legal fees, etc) before the "partners" finally disappear without trace. The promised fortune is never paid out, because it doesn't actually exist. Here are some typical examples of advance fee demands.
Sometimes fraudulent cashier's checks are issued to the victims, who are asked to wire funds for various charges after the bank says funds are "available" from the check. Check can bounce even after they have "cleared" and then the person who deposited is fully liable.
Here are some of the fake reasons given to victims why they should send money:
- Legal fees: Many 419 scams involve a fake lawyer (usually a person who calls himself a Barrister or claims to work for a firm whose name includes the word "Chambers"). Beware of anyone using a @lawyer.com, @justice.com etc. free webmail account who gets introduced in such emails.
- Insurance: Any lottery prize that is supposedly insured is fake.
- Shipping: Real parcel services do not charge $800 and more for delivering a letter. Real lotteries don't ask you to contact a parcel service to arrange for shipping of a check or a winnings certificate that you will have to pay for.
- Wire transfer charges: Real banks charge about $40 for an international wire transfer, not several $1000.
- "Drug free certificate", "Anti Money Laundering certificate", "Terrorist Free Certificate": No such certificates exist in the real world. They are 100% sure evidence of a scam.
The people who receive the scam emails and fall for them often are not the only victims of the scam. We have come across a few cases where people who lacked the funds to cover the advance fee demands committed crimes to get money. They misappropriated often huge amounts from their employers, from charitable organizations they worked for or from other acquaintances they defrauded, hoping they would be able to repay them from the promised millions before anybody would notice. In this way one crime begets another.
|
Spam emails for advance fee fraud differ from "normal" spam in several ways:
- Most "normal" spam uses bogus sender addresses. For 419 spam existing mailboxes at legitimate mail providers are used. When such mailboxes get cancelled for abuse, often similarly named mailboxes are created at the same provider. Most 419 scams originate from about a few dozen freemailer domains (netscape.net, yahoo.com/yahoo.*, tiscali.co.uk, libero.it, telstra.com, bigpond.com, indiatimes.com, 123.com (Chile), zwallet.com, fsmail.net, hotmail.com, etc., see addresses by domain). A small minority uses throw-away domains registered via Rediffmail, MSN (see example), XO/Concentric, Yahoo/Geocities or other webhosters as the sender instead of a freemailer service, particularly for fake companies and fake banks.
Recently PHP-Nuke installations with a webmailer are abused for sending mail via a webbrowser. In these cases the sender addresses can be fake. - Virtually no effort is made to hide the source of the spam though technical means. These spammers rely on the lack of efforts by the respective providers to stop their abuse of the service. The spams often trace to servers based in African countries (Nigeria, Côte d'Ivoire, Togo, South Africa, Senegal, Cameroon, etc.) and are often routed through Europe, Israel, Australia or South America. Some "419" mails originate from Europe, particularly from the Netherlands, UK and Spain. This is untypical for common spams (Viagra, penis enlargement, etc.), which are often routed through China, South Korea, Brasil or Russia or are sent from hijacked servers (e.g. broadband hosts infected with stealthware) in the United States. The relative absence of common cloaking techniques on the sender side means that "419" spam can only be distinguished from legitimate email from Africa or Europe by analyzing the text of the message, looking for typical phrases and features.
- Often the "419" scammers include phone numbers in the email, especially in fake lottery scams. Typically these phone numbers are in the Netherlands, the UK, Spain or in Nigeria. "419" scammers in the Europe tend to use mobile phones with prepaid phone cards. Country code 31 (0031 or +31) is the international country dialling code for the Netherlands. All Dutch area codes starting with the digit 6 are mobile phone numbers (e.g. 0031-630-835-750, +31-630-354-500). Nigerian "419"-numbers are either fixed line or mobile numbers (e.g. 234 8043281627, +234 1 4717291). The scammers there are part of or closely connected to the political and economical elite of the country. Country code 234 (00234 or +234) is the international country dialling code for Nigeria. All Nigerian area codes starting with the digits 80 are mobile phone numbers:
Nigeria mobile phone prefixes Econet Wireless Nigeria Ltd 802 MTN Nigeria Communications Limited 803 Nigerian Telecommunications Limited (NITEL/M-Tel) 804 Globacom 805 The only other type of spam that tends to include a phone number is the fake "diploma" spam.
- Most "419" spam uses plain text while most "normal" spam uses HTML.
- Usually no domains are advertised as no websites are involved, except in some cases media articles about political events in Africa (the BBC website is a popular source) that are meant to give credibility to the background story. The initial communication occurs by email, followed by phone and fax communication.
- The text of the messages varies very little. Often the message body or mail subject line uses all capital letters. In many cases the senders make religious references, such as belief in God or Allah.
- Whatever you do, never send any money, no matter what reason you are given. Don't be greedy, use your common sense.
- Don't rush. Why the hurry? 419 scammers make up a deadline after which the unexpected (and imaginary) fortune will be lost forever. You're not supposed to have time to research and think about the matter.
- Report the email to the abuse department of the domain used by the scammer (see abuse contact list). Normally you get the email address of the abuse department by changing the left hand side of the scam email address to the word abuse. For example, if the mail originates from mrjephills6@tiscali.co.uk then write to abuse@tiscali.co.uk, if it's barristerchris_smith1@zipmail.com.br then write to abuse@zipmail.com.br, etc. Please quote the full text of the mail including message headers (in Outlook Express you get the full message source via Ctrl+F3; use cut+paste to insert that into your email). Even more important than sender addresses are contact addressed in the message body, such as "claims agents" of fake lotteries. Make sure you report these to the matching abuse department too.
- You can report the case to law enforcement in your country. In the United States, contact your local police. An overview of reporting addresses for various countries can be found at the
US residents can also file a fraud report at the website of the Internet Crime Complaint Center (IC3).
- If you need to contact law enforcement in Nigeria, the Economic and Financial Crimes Commission (EFCC), a body set up by the Nigerian government in 2002, may be helpful:
- Fraud emails that involve a phone number in the Netherlands (starting with 0031-6-, +31-6-, etc.) can be forwarded to the Dutch police:
KLPD, Financial Crimes Unit,
Post Office Box 3016,
2700 KX Zoetermeer,
The Netherlands,
Attention: C. Schep
Email: LBF@planet.nl
- In most cases, law enforcement in your country will do very little once they have confirmed that the criminals are based outside of your country. As long as international online fraud is considered a low priority item this situation will not change. The tide will only turn if the media create public awareness that international fraud is largely ignored by law enforcement even though it provides hundreds of millions of dollars in revenue to foreign criminal groups every year. It takes political will to change that. Write to your Member of Congress or member of parliament. Write to a newspaper or a TV station. Unless you complain about the problem it won't get fixed!
- If the email address is not listed in our blacklist yet, you can submit the complete email (if possible with full headers) to us. If we get suitable evidence we'll add the 419 scammer to our blacklist.
- You can "ping" the scammer (bounce a message off his contact address to get him to reply) to give them work to do and to help provide evidence to us. Forward their reply to us. Please use a disposable Yahoo email account for this. Do not do this from your main email address or you'll end up receiving heaps of spam indefinitely.
- You can get yourself a spamfilter, such jwSpamSpy for Outlook Express, Microsoft Outlook and other email clients. If you run a Linux-based mailserver you can use SpamAssassin, which recognizes many 419 scam emails.
- Some people write to 419 scammers, to get them to exchange emails that ultimately lead nowhere, so the scammers waste time. This sport is known as scambaiting and can be very entertaining :-) Just don't use your real name and use a disposable email account created for the purpose. Visit scambaits.com for examples and advice.
- Most 419 scam emails contain phone numbers. When you call such numbers, please carefully check the time zone in Nigeria or wherever the criminals operate from. I am sure you would not want to accidentally wake someone at 3am, just because you got confused about the time zones ;-) Make sure you disable caller ID or call from a public payphone so as not to leave your home or office number on their mobile phone display. Calls to Nigerian mobile phones cost as little as €0.20/minute (US$0.25/minute) via SkypeOut. Be careful with +44 70 redirection numbers, they cost as much as US$0.90/minute, so keep it short.
- Other people mail large files such as digital snaps to the contact addresses listed in the emails. This can fill up their mailboxes pretty quickly, preventing emails by potential victims from reaching the criminals. While it's quite effective, it also uses resources of companies who provide free email services, potentially affecting their other customers. It's vigilante justice. We don't condone it :-)
How to report 419 spam to us
Please see our FAQ:
FAQ: "How to report 419 spam to us"
fraudwatchers.org - Fighting scams on the internet
FraudAid - First aid for fraud victims
Scam Victims United
Japan Anti-Scam Organization (JASO)
scambaits.com - the scam baits community
"Artists Against 419" - fighting 419 scams
419Eater.com - scam baiting forum
"419" scam sample email archives:
2007:
01
02
03 04 05 06 07 08 09 10 11 12
2006:
01
02
03
04
05
06
07
08
09
10
11
12
2005:
01
02
03
04
05
06
07
08
09
10
11
12
2004:
01
02
03
04
05
06
07
08
09
10
11
12
Urgent Message - scam letters published
http://419mail.blogspot.com/
419baiter.com - large scam letter archive
http://419scams.tblog.com/ - sample spams published
The following is a list of senders and subject lines received over the last couple of months. In some cases there are duplicates because we received more than one copy in our mailboxes.
- by sender address (current)
- Domains registered by 419 scammers
- Table (incomplete)
- by email domain (2004-11-04)
- by email subject (2004-11-04)
|