Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Opting In Ticks Me Off | Main | Macs Finally Getting ECrook Respect »

February 25, 2008

419 Stupidity...Squared

Sometimes the bizarre-ness (bizarrity?) of an incoming scam spam is so high, I just don't know where to begin. There's something here for everyone.

First, the come-on:


To make a long (and I mean long) story short, the pitch comes from someone claiming to be Richard Johnson who says he (now aged 75) runs an orphan home in the United Kingdom. The orphanage runs on donations. (At first, I thought this was just going to be a begging letter.) Mr. Johnson's problem is in handling donations that come from the U.S. because he says he has difficulty cashing U.S. money orders and bank checks in the U.K. What he wants to do is set me up to process deposits from his "business partners" into my U.S. bank account, deduct my percentage, and then wire the rest via Western Union.

He warns me that I had better not try to screw him out of the money:

But the problem i have is trust,But i have my way of getting any one that gets away with our money,i mean the FBI branch in Washington gets involved.

What he doesn't tell me is that the financial instruments arriving in my mail box will be counterfeit money orders, fraudulently-obtained funds (from defrauded online auction bidders), or simply rubberized checks. I'll be pressured to wire his generous portion of the amounts to him right away before the frauds are uncovered or the checks bounce back into my lap. I would never, ever, be able to recover the wired money, and my bank will wash its hands on the matter—after I've repaid the overdrawn funds and forked over bounced check fees.

The warning about them calling the FBI on someone for not complying is a real stitch. When I read that, I almost wrenched my funny.

As is often the case with 419 scammers, this one uses a free email account to open the line of communication. This one is a Yahoo! email account, with the username (get this): richardluvgirls2 (makes me wonder what ever happened to richardluvgirls1?). I mean, is this an appropriate handle for an orphanage owner? I think not.

A little bit of due diligence—all of two Google searches—proved enlightening.

First, this email address user ID has been on a few different 419 scams since November, 2007. Someone was actually contemplating visiting Nigeria to meet with whoever was using the email address. Yikes! (How has this account not been shuttered by Yahoo?)

Second, the bulk of the email message I received had been in circulation since at least last summer. The scammer's name and email address for earlier campaigns were different; our "Richard Johnson" had also done a fairly poor copy-and-paste from an earlier specimen to come up with today's entry.

This is where the typically bad 419 scheme mailing ends. But there's a topper for this one.

The To: field of the message contained 100 addresses in plain view (one of my pet peeves, as regular readers know). But whoever sold these addresses to our aged, orphanage-running schnook has a bit of a wicked streak in him. From all appearances, the addresses were harvested from an old newsgroup archive of SpamCop messages. Moreover, the harvesting appears to have simply looked for any unbroken string of characters surrounding an @ symbol. I recognized a few of the complete addresses as regular contributors, but most of them look like they were ripped from message header fields (Message-Id: in particular) that can't, in any way, evaluate to true email addresses. Most posters to spam-related message boards utilize intentionally obfuscated addresses to prevent their actual addresses from being harvested. It's not surprising, therefore, to find "addresses" in the To: field aimed at foobar.edu (go Foobar U!), an enforcement user ID at sec.gov, and SpamCop's devnull dumpster. Fewer than 10 of the 100 were real addresses, every one of which belonged to a spam fighter.

I'm comfortable predicting that the response rate from this batch of 100 messages will be zero. What I can't predict is how many additional 100-address batches this guy sent, and where those addresses originated.

The work-from-home "payment processing" scam still manages to attract victims. Given the downturn in the U.S. economy, high gas prices, and mortgage squeezes, a lot of email users may be susceptible to this con—or at least versions that are better-written and more believable on their faces than Little Orphan Richard's attempt. With this scam, it doesn't matter if you're a Windows, Mac, or Linux user. If you nibble at this bait, you'll be in for a world of hurt.

Posted on February 25, 2008 at 05:47 PM