"Advance Fee Fraud" "419 fraud" "Nigerien Prince Scams"

Can we talk about fraud emails, specifically those of the classical Nigerien Prince sort of style or it's derivatives? I just got my first letter going over this and I've been looking into it and the whole phenomenon is really interesting. If you want to look into it you can start with the keywords in the subject line, it's a pretty well documented thing that's more complex than you might think it is.

Have you ever received any before? What did it say? What did you say? How did they respond? Any of you try reporting them to the proper authorities?

If you want to know what mine read and how the whole thing went down you can see here, since I don't feel like making several posts explaining the situation.
pastebin.com/4s0hhfQf
There's a typo there, the second email is [email protected] I swear I ran that through a grammar check, but I guess that space got geeked in translation or something. Probably other typos, but whatever.

Any suggestions on how I should reply? I fully intend to follow this rabbit hole as far as I can and fuck with these people as much as possible, so long as it doesn't entail any exhaustive effort or investment on my part.

Sorry if this isn't really a Sup Forums topic. I figured it's email so it's close enough. If you think this belongs somewhere else let me know and if the thread goes down I'll try it again there.

Other urls found in this thread:

youtube.com/watch?v=f1nKR3gYRY8
thisamericanlife.org/radio-archives/episode/363/enforcers
youtube.com/watch?v=ytDamqTjPwg
twitter.com/AnonBabble

Had an office job once doing damage investigation. Talked with the IT guy and he explained the email filtering a bit. Every now and then I would get an email from someone whom I had been emailing written in the same style but asking for information that was private.

I would let the IT guy know and it was usually poor security on the other paties part. We even cut an insurance client because we lost close to 200,000USD after years of their servers being hijacked.

If it is automated prince of x shit it is caught in the filter. Else if it is a more coordinated and specific strike there were plenty of dumbasses there that just push pencils and would gladly send account info to third parties even after receiving an email from IT explicitly informing them that a client had been exploited.

What did the more coordinated stuff look like? Did they just try really hard to make it seem like generic emails between different parts of the business asking for information, or what? Did they go after specific targets that seemed more vulnerable, or what?

Thread theme:
youtube.com/watch?v=f1nKR3gYRY8

>I send email structured like "My name is user E Moose and I am requesting all documents pertaining to an event yada yada"
>real reply looks like "k i will talk to my manager on tues and get back to u" (no joke these were middle aged office workers
>one month later I email a follow up and get a reply back
>"k i talked to the manager and he says the easiest way is for you to fax over a copy of the current account status"

This is a breach of protocol as we never send anything that isn't public. Private info is obtained through a secure interface (through a third party firm).

If this was a random person I would inform them that it was innappropriate. If it was someone I had done business with many times before I would know that there was a problem. Usually there are some other hints too. Then I would call and speak with the front office ladies and have them pass the message to the manager that there may be a security breach.

Because these people rely mostly on social engineering they target mostly mundane transactions and look for tiny bits of info that they can leverage and, for lack of a better term, pwn into the system. With an account number and vague details regarding the incident they can either directly reroute payment, get access to SSN and CC info, and even send more Nigerian Prince emails using the contact lists they gather.

They make good money and aren't pursued very actively. I forget where I read this but it was billions USD stolen per year and only a couple of percentage points of the people were ever caught.

Like I said before, you can't do much to fix stupid when it comes to securing an organization.

In this example it would likely end up as the original guy got fired and his email wasn't deleted. Therefore there is no need for the scammer to spoof anything. This could be county DOT in rural Indiana or deep inside of a large car rental companies hierarchy in New York.

My dad received a Nigerian scammer's email at some point when I was in my early teens and my English was still quite bad. It seemed pretty fishy to both of us, so we did some googling and found out it was a common scam.

That's how I learned about Nigerian fraudsters in like 2005. Never had any of them contact me ever since.

/blogEnd

Kinda unrelated, but my sis got herself a variant of cryptolocker. I have two sisters and one of them sent the other one a mail (not electronic, real one, a cargo). The other one got an e-mail that day, apperently it said something like your cargo has shipped, click here to learn more etc. She clicked and bam. Still locked to this day. If this is pure luck, that's something. If not, the implications on our postal service is pretty scary.
The worst part is, i'm studying cryptography as my masters degree.

Like everyone I got some phishing mails, here are some hosts from the last week :

(the mails are all related to european or french banks)

blcart.com
www.objets-sante-securite.com
versio.nl
microhdj.com


Check the Registrars and you'll find some obvious errors or fake physical adresses.

419eater.com was the first site I discovered. Fucking church of bread and wine.

Reply with an into lesson on math or something. Like 10 hours worth of math. Copy/paste a book or something.

Also watch the ted talk video where some guy replied to these "ted talk scam emails" or something in YouTube should find it.

Also, my uncle is trapped on a secret russian space station and I need $60 million to purchase a Soyuz seat to bring him back down. They have enough food for him but no money for a seat due to the collapse of to Soviet Union. He'll be stuck up there for years if I don't get enough money for him and he's already so miserable having been stuck up there for decades. I fear he may kill himself if I don't help him soon. Please user, you're my only hope.

P.S. that's $60 million. $60,000,000.

I once set up a meeting in London and didn't show up. Never heard from the spammer again.

I once tried to sell some shit trough ebay equivalent website. I made the mistake of accepting paypal. Next day I've got like 3 people, who wanted to buy my shit. They all wanted to pay trough paypal, but have their uncle/brother/father come to my house and get the thing.
Apparently you can do that, and then claim that you never got the thing, which makes paypal charge back.

For anyone that hasn't heard it and want to satisfy their justice-boners, here is an episode of "This American Life" where they totally fuck over an email scammer. First act.

thisamericanlife.org/radio-archives/episode/363/enforcers

>Nigerien Prince Scams
Is older than a decade.
Who gives a shit anymore it's STUPID!!

Fresh from my inbox

>@yahoo.com

Kek

Not exactly recent, but I'll leave it here anyway.

youtube.com/watch?v=ytDamqTjPwg

>96 bucks

Wow, they're shooting for the moon with this one.

It's the age of microtransactions. Soon they will be asking for $2.

That's part of the reason why it's interesting. You would think it would be something that's dead, but apparently people are still falling for these things and the industry behind them is still going strong.

>mfw I just got something similar to this last night at 12:00am.

I'm fairly certain it was a pyramid scheme. As I read reviews and low reviewers stated it was. While some high reviews had to explicitly state that it wasn't a pyramid scheme. I mean, who would even have to explicitly state that it isn't? It shouldn't even be a question in the first place.

I sent an email back and told them to fuck off basically.

I triggered the bitch and she sent me back a non-templated response where she/he didn't even know the difference between "your and you're." And this person was a "Corporate Regional Director" at this place.

Pretty funny.

Actually, that does not mean its not legit.

I was working in """""development"""""" a few years ago, and we had to work with various african governments. The horrors…

Most where just using random yahoo mails, since a lot either had no official email adresses, or their servers where wrecked (physically, or misconfigured, I dont know) and you never reached anyone.
And if you tried to call them on phone, you had a lot of fun to understand anything, between all the static, and weird accents.
Also, their writing style was often 100% the same as the scammers.