27 Jan Nigerian polyglots Tatiana Kulikova
28 Oct ‘Nigerian’ letters - now with a Syrian twist Tatyana Shcherbakova
15 Apr Continuing the Nigerian theme Maria
03 Apr 419s - from Russia with love Anna
07 Sep 419 scammers using Hurricane Katrina for profit Roel
31 May A phishing tale David
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Messages from bank workers or millionaires looking for someone to help them cash in huge sums of money are no longer capable of surprising us. Most of these emails are written in English, which has long been the language of international correspondence - it was unusual to ever see these kinds of messages written in other languages. However, that has changed, and now we are increasingly seeing letters like this written in Portuguese, French, Spanish and Russian as well as in Hebrew, Belorussian and Arabic.
Here is a letter about a win in an “Australian Lottery” held across several continents. It is written in Arabic and uses a standard scam: the recipient is told that he/she was randomly selected from among millions of people and has won a large sum of money. In order to claim the money, the user has to contact the scammers.
The continuing conflict and the complex political situation in Syria have created the perfect conditions for new ‘Nigerian’ scams. In recent months, there has been a surge in the number of Nigerian letters that contained some sort of reference to Syria; scammers sent messages both in the names of ordinary citizens of that country and on behalf of representatives of banks and humanitarian organizations. The texts of the messages made frequent use of words such as “turmoil”, “crisis” or “revolution”.
The scam messages, written in the names of representatives of reputed Syrian and UK banks, stated that their clients would like to transfer their multi-million savings from their accounts because of the unrest in Syria, and were looking for a partner who would help them to do so. Naturally, “compensation” was offered, of which the scammers were ready to tell the recipient either immediately or once they had received a reply. The scammers gave a contact phone number and an email address; the latter could be either the sender’s address or the personal email of the “bank’s client” who allegedly needed help. The scammer’s aim was to entice the victim into an email exhange. After all details of the future partnership are discussed, the victim will most probably be asked to perform a service, e.g. transfer a small amount of money to pay for the mediator’s services. When the money is transferred, the scammers will vanish just as suddenly as they appeared.
For the second day in a row the topic of Nigerian spammers has cropped up. And once again they have been sending their heart-rending messages to none other than KL employees.
This time one of my colleagues received a message on the Russian-language social network Vkontakte which was a perfect example of the usual Nigerian scam letter:
It claims to be a message from the representative of a millionaire who died in an air crash with his family two years ago. Sounds familiar, right? 50 per cent of Nigerian letters start like this or in a similar vein. The “representative” goes on to talk about $13.5 million and how he has searched unsuccessfully for two years for any surviving relatives of the deceased. The letter claims that the lucky recipient has the same surname as the victim and therefore should inherit the $13.5 million, after the transaction costs have been covered. The “personal postal address” of the representative is attached of course.
So far, this is all pretty familiar. But apart from the fact it was sent to a KL employee there is another interesting aspect: it wasn’t received via e-mail as is usually the case for Nigerian letters, but on a Russian social networking site!
Virtually no information can be gleaned from the sender’s profile, except a name, city, school number and the year of graduation – amazingly, the “legal representative of the dead millionaire" only finished school this year.
That fact that this type of international spam found its way onto Vkontakte is, among other things, a sign of the gradual globalization of the resource. But the main conclusion to be drawn here is that Nigerian spammers have started to explore the vast world of Web 2.0.
It's been a while since Nigerian spam, aka 419 scam emails, came only from Nigeria. Spammers use every method they can to hook trusting users - they're ready to make use of any region or country which is perceived as being corrupt or volatile in any way.
At the end of March, spam analysts at Kaspersky Lab encountered a mass mailing of 419 messages, which traditionally include a request for help in transferring funds, or cashing assets in return for a substantial percentage of the overall sum mentioned. In this case, the scammers are going under the guise of a Russian financial analyst. Of course, this analyst doesn't actually exist. And any user who thinks that s/he'll be able to make an easy profit by contacting the scammers is mistaken - s/he is very very unlikely to receive the promised sum and is more likely to find his/ her bank account emptied.
This is a typical 419 scam. However, it has a couple of interesting points:
But let's call things by their real names. This is a 419 scam, no doubt about it - it just takes a slightly different approach.
There's been a lot written about how the Hurricane Katrina situation is being exploited: fake websites distributing malware, fake charity sites collecting donations, and people setting up sites or spamming email to score political points.
As you can see from the graph at ISC hundreds of Katrina related domains are being registered each day.
Unfortunately it's not always easy to distinguish between scam sites and legitimate sites, so they should all be treated with great caution.
Sadly, the 419 scammers have also decided to see if they can get a piece of the pie - here's an example of a Katrina-related 419 scam which has been mass-spammed during the last day or so.
It's got all the hallmarks of a classic 419 - grammar and spelling mistakes and a large sum of money. If you get a mail with any of these characteristics, make sure you check the source, and think at least twice before disclosing any personal information.
Subject: (Urgent) New Orleans>> Hurricane Katrina
Please help me out in this desperate situation. I am a Mexican national and
also an illegal immigrant living in the state of New Orleans of the disaster
hit area of the U.S.A. I presently work as a member of a rescue team, following
the event of the recent disaster in New Orleans which is caused by "Hurricane
In a relief effort to save the lives of the indigenes, I personally made
a recovery of some treasure boxes which belong to a private banking firm,
here in New Orleans. These boxes which are currently in my possession were
found to be containing uncountable number of defaced foreign currencies,
which ranges from United States Dollars down to Japanese Yens, thus running
into hundreds of millions of U.S. Dollars when converted.
I have so far decided to undisclose these funds to the "Federal Emergency
Management Agency", pending my personal use, soon after this disaster as
things come back to normal in New Orleans.
Dear colleague, I have already made prior arrangements with a private courier
services firm who will assist me to convey these boxes, out of the U.S.A.
I am desperately searching for a trustworthy individual who would provide
me with a valid home or business address, in outside U.S.A (particularly
in Europe or Asia), where these boxes can be conveyed, so as to start immediate
I am sorry, I may not be able to leave U.S.A at present due to lack of authentic
travel document, but I would like to entrust these funds in you, and I will
make my way out of U.S.A as soon as the boxes are moved out of U.S.A.
Thank you for taking out time to read about my problem. I look forward to
Please you can always reply me on email: marklyford2005@[removed].com
Your contact information will required for easy communication.
Mr markly ford.
Book yourself something to look forward to in 2005.
Cheap flights - http://www.[removed].co.uk/travel/flights/
Bargain holidays - http://www.[removed].co.uk/travel/holidays/
I read about a case of computer fraud last weekend in an unlikely place: the parish bulletin of my local church. It seems that the priest's name, and the postal address of the church, are being used in a way that is part 419 fraud, part identity theft and part phishing scam.
Unsolicited email is being sent from fake, though plausible, e-mail addresses. The email is apparently 'signed' by the priest and tells the recipients about a legacy they are about to receive, or asks for help in a financial transaction or simply asks for a donation.
The priest found out about it when someone in Australia decided to do some checking. He has reported the fraud to the police and the fake email accounts known so far (there may, of course, be others) have been closed down.
I'll keep you posted about any developments.