2007-04-01
Abstract
Martin Overton revisits the topic of 419 scams, cataloguing some of the changes seen over the last few years.
Copyright © 2007 Virus Bulletin
I last visited the topic of 419 scams in 2003 (see VB, May 2003, p.15), when I described what they are, how they work, and how they have developed over the years, from the original paper-based versions sent via the post or via fax, to what we have now: the email versions that most of us see day in, day out.
Just to refresh our minds, the following is a brief introduction:
419 scams combine the threat of impersonation fraud with a variation of an advance fee fraud (AFF) scheme. A letter or email (originally from Nigeria, but we see them coming from just about any country now), offers the recipient the opportunity to share in a percentage of millions of dollars in return for helping the author – often a self-proclaimed government official, doctor, engineer, bank official, religious minister etc. – transfer the money out of the country illegally. The victim is encouraged to send information to the author of the letter, such as blank letterhead stationery, their bank name and account details and other identifying information.
The scheme revolves around convincing a willing victim (who has demonstrated a ‘propensity for larceny’ by responding to the invitation) to send money to the author of the letter in several instalments of increasing value. Often, the scammers elicit these instalments from the victim by describing in great detail the requirement to pay taxes, bribes to government officials, and legal fees, with the promise that all expenses will be reimbursed as soon as the funds are spirited out of the country. Of course, the millions of dollars do not exist and the victim ends up with nothing.
Should the victim stop sending money, the perpetrators have been known to use the personal information they were sent to impersonate the victim, draining bank accounts and credit card balances until the victim’s assets are exhausted.
Most law-abiding citizens identify the 419 emails/letters as hoaxes/scams. However, millions of dollars are transferred annually around the world as a result of these schemes.
The scheme violates section 419 of the Nigerian criminal code, hence the label ‘419 fraud’, although the fraud is now common the world over.
This article will focus on the changes that have been seen in the 419 scam over the last few years. Although the basic formula has (in most cases) stayed the same, the scammers have changed their approach and style – as you will see, many are now highly polished and very inventive.
In my last article on 419s, I mentioned that we were seeing a move towards versions of the scam that claim that you have won a lottery; one that you don’t even remember entering, because you didn’t.
Since then, the lottery variant of the 419 genus has flowered and borne much fruit. Some of these lottery scams are very well thought out and executed. The use of well-known company names and the names of wealthy individuals are commonplace, as is the use of HTML rendering and images such as logos and even ‘borrowed’ photographs of individuals who are not involved with these scams.
Figure 1 shows one of the many lottery variants of the 419 family. In this case, the name used to lend credence to the story is none other than Microsoft, and even Bill Gate[s] gets a mention. However, it is the following line in this particular variant that made me chuckle:
‘DO NOT REPLY ANY OTHER MAILS LIKE THIS ON NET, AS THEY ARE LOT OF SCAM ARTIST OUT THERE PRETENDING TO BE US…’
Tell me about it, what a bunch of scammers!
As illustrated in Figure 2, the names and graphics of real lottery companies are often used to try to hook victims. I have seen variants of this particular trick for almost all of the major lottery companies throughout the world.
There are many other versions of lottery scams, some of which are simple ASCII text versions, while others are more polished, but they are all scams and people are still being tricked into believing they have won a non-existent prize.
Below is a list of just some of the events/disasters that scammers have exploited to try to fleece good, honest people wanting to help the real victims of these tragic events:
London bombings
Asian tsunami
Hurricane Katrina
9/11
The situation in Iraq
The situation in Iran
The Israel and Lebanon conflict
Air/car crashes
The 419ers are not alone in exploiting these tragic events, many phishers and malware authors also jumped on the bandwagon when the opportunity arose. The bad guys and girls just can’t seem to resist using other people’s misfortune to line their own pockets – in this instance at the expense of both the recipients of the scam and the victims of the relevant disaster.
As mentioned above, I have seen a number of 419 scams that use the situation in Iraq as a basis for their stories. Those who have seen the film Three Kings will see the obvious similarities with the example email shown in Figure 3 (those who haven’t seen the film can read a synopsis at http://imdb.com/title/tt0120188/).
The interesting twist here is that this variant uses the name of a female sergeant rather than a male sergeant as is more commonly seen in this scam.
Not only do I often see 419 scams using high-profile events/disasters as bait, but there are also numerous scams that attempt to draw the victim in using the subject of illness. I have seen many examples of scams using sorry tales of the following illnesses as a way to push your buttons:
Cancer (usually of the oesophagus, liver or prostate)
HIV or AIDS
Stroke
Fibroids
Unknown incurable illness
All or several of the above at the same time.
Usually, the person named in the email claims to be seeing the errors of their ways and experiencing a change of heart, from being selfish and self-obsessed to becoming a philanthropist as a way of paying for the mistakes they have made in their lives. In many cases they state that they need your help in order to give money to a charity or a church (as shown in Figure 4). All very touching, but still a pack of lies.
Banks the world over are targeted not only by phishers, but 419 scammers have also spotted the potential for drawing in victims using the name and details of well-known banks.
The email shown in Figure 5 claims to be from someone at the Bank of England. I have seen versions of this approach featuring all the major UK, Spanish, Swiss, Chinese, US, Canadian, French and South African banks, to name just a few – the list is almost endless. The scam usually involves an account that has become dormant, due to its (non-existent) owner having died. The victim’s mission, should they accept it, is to pretend to be a relative of the account holder and claim the money; less a percentage for the banker, of course.
The use of religion as a hook is a common way for scammers to try to convince potential victims that they have high ethical standards, because they (claim to) subscribe to a particular religion.
However, as you can see in Figure 6, sometimes they use a religion as the originator of a lottery or other scam, rather than simply saying they are a devout believer. Occasionally, they even masquerade as religious officials, such as priests or nuns.
I find it interesting that I have not yet seen a 419 scammer use Buddhism, Hinduism, Judaism, Sikhism or even Santeria in their scams. Maybe the scammers have only been exposed to Islam and Christianity.
419 scams based around the oil industry are nothing new; these have been around in one shape or another almost since the beginning of the scam. However, every now and then a new twist emerges which raises the scam from being ‘just-another-419-oil-scam’ to something special. Figure 7 shows one of the latest scams in that vein – one which J.R Ewing would be proud to call his own.
The tale that appears in the email shown in Figure 8 has to be one of the oddest I’ve seen yet. It claims to be from a (dying) former employee of the British Railway Commission, who wishes to use his great wealth to help the poor and needy. One has to wonder how a ‘British railway worker’ could amass over £18 million. Either those who work on the railway are very, very well paid (I know that they are not) or most likely the scammers believe that we, in the UK, are all millionaires.
According to the email shown in Figure 9, a certain Mr Berlusconi needs your help in moving some funds before they all get frozen by the authorities investigating him for alleged fraud. Poor man, don’t you feel sorry for him?
Whether he is innocent or guilty is irrelevant, at least as far as it has to do with this request. Why? Well, guess what, the email isn’t from Mr Berlusconi, or indeed anyone acting on his behalf. Don’t you just love the wording ‘…rest assured that this transaction would be done legally…’?
On 11 November 2004, the very day that Yasser Arafat died, I saw a new 419 using his name and claiming to be from his widow. And in March 2006, scammers used the death of none other than King Fahd of Saudi Arabia, who died on 1 August 2005 at the age of 84, as a basis for their scam.
Once in a while I see a 419 like the one shown in Figure 10, which claims to be from someone who is trying to stamp out these scams and the related corruption – of course, it is a scam in its own right.
Below are just some of the many rules that many 419s will trigger, indicating that they are not what they claim to be:
Tell you to keep the deal secret, even from your family and solicitors. And mention that failure to keep it secret will void your winnings, etc.
Claim they are representing a large company, financial or other trusted or well-known organisation or person.
Use free web mail addresses instead of ones for the company they claim to represent.
Include only a mobile phone number, fax number or premium rate number.
Use common social-engineering tricks, playing on greed, illness, empathy, altruism, etc.
Claim that the deal is perfectly legal, even when they are asking you to move stolen/trapped funds/goods they have no right to (even if they did exist).
The boys and girls from Lagos – or indeed anywhere in the world now – are not shy about using current events or disasters to try and part you from your money, and they seem to be obsessed with lotteries, believing that people will fall for this ploy (unfortunately they are often right). What’s more, this article only scratches the surface of the scale and inventiveness of the 419 scammers.
So, next time you are:
Told that you have won a lottery that you didn’t enter.
Approached to help someone move trapped funds/goods.
Asked to make a donation to a disaster fund by a person claiming to be a victim of said disaster.
Don’t be fooled, even if your heart strings have been tugged and you want to help the poor unfortunate person, or the thought of all that money you have (supposedly) won has bypassed your normal healthy scepticism. If you fall for the ploy, you may find yourself with a seriously depleted bank account.
