Thursday, September 15, 2011

The Nigerian ScamerAtor™!

The Nigerian ScamerAtor™!

Over the past ten years or so I have been sporadically reporting "Nigerian Scam" spam messages to the email vendors these criminals abuse.

I'm going to assume that you know what a Nigerian Scam is. They've been in existence since the mid-90's, and they re-use a lot of the same ruses to entice their victims to part with some - and in some cases nearly all - of their money. Many of you may remember my experiment over the past two years to tabulate how much I would have "won" from these alleged inheritances, lotteries, funds and other ridiculous scams. I also kept tabs on how much I would have "inherited" or "won" from November 2009 to the end of 2010. The final total was $100,319,915,673.22 USD (100.3 Billion dollars.)

In November 2008 I wrote a detailed posting describing how anyone could report these scam messages, and about the reliability and timeliness of the responses and cancellations of these offending accounts. At that time, Hotmail and Yahoo were two of the worst at getting accounts removed which were actively being used in this patently criminal activity. Fast forward to today - and especially the past six months - and that situation has greatly changed for the better.

Hotmail is now cancelling these offending account in as little as ten minutes of receiving my report. This is a huge, huge difference and I applaud this drastic change in their responses to these reports. I would report a new scammer's Hotmail / MSN Live Mail account within a few seconds of receiving one of them, and 10 - 15 minutes later it would be shut down.

It's important to note that they won't shut down just any account. You have to explain to them why the account is being used fraudulently, and explain where in the message the offending account appears. If your reporting to them is consistent, they shut the account down, simple as that.

Per day, I was receiving from 60 - 80 of these scam messages every single day. Once I started cc'ing the criminal's account on my reports, that account saw a precipitous drop in the volume of Nigerian Scam spam messages received every day. Now it's one or two a day. For that account, Nigerian scam messages are the only spam it receives. All the pharmacy spammers gave up on that account two years ago.

I also received a small handful of replies from the criminals on the other side of these accounts. Some of them demanded that I stop reporting them. I replied that they shouldn't have me in their lists in the first place. Some boasted that this would do nothing, that they would just create thousands of other new accounts. But then after a few weeks I received another message pleading for me to stop. All of this indicates that these reports work, even if it's just one person doing them.

So I decided to create a tool that automates the creation of these detailed reports so that a lot more people could join me in trying to put a major dent in this malicious activity, and I called it the Nigerian ScamerAtor™.

You can download it here:

http://www.spamtrackers.eu/downloads/files.php?fid=90
[Link last updated Jun. 24th, 2012 - v.1.6]

Instructions:
  • Download the file
  • Unzip the file
  • Open the html file in a browser of your choice (as always, I recommend FireFox.)
  • Choose the email vendor this criminal is abusing from the drop-down list.
  • Enter the offending email address
  • (Optional) Choose which fake scenario this criminal is claiming to present. (Lottery, fund, FBI, UN, etc.)
  • Choose where this email address appears (headers, body, both.)
  • Enter the message headers
  • Enter the message body
  • Click on the "Go!" button
  • A message will be generated for you including the "to", "subject" and a detailed message for the abuse team you wish to send it to.
  • Copy that into an actual email and send.
I'm discovering that some of the lesser-known of these email vendors - Blumail.org, Superposta, Globomail, etc. - are far less responsive, so it's unclear whether this will ultimately have any effect at all on these messages, but I figure with more volume of these complains coming in, somebody would have to take notice.

Both Gmail and Yahoo now only process these abuse reports via online forms. No emails, period. They also do not respond to any reports but I did some randomized testing and it appears that within 24 hours the reported accounts are indeed terminated. I wish that they would be more communicative of this but at least they do shut the accounts down.

I welcome responses as to further features you think this tool could use, and especially any reports of major successes.

As always, thanks for reading.

SiL / IKS / concerned citizen

8 comments:

Anonymous said...

In India they have started sending such scams via sms and our lame telecom companies are not doing anything about it. worst telecom is Vodafone.

Gof said...

Hello :)

It is a good idea i think.

Are we authorized translate it (in french) to propose it after on forums ?

Thank you :)

Sling Trebuchet said...

I'm fascinated that they would contact you to request you to stop. Chutzpah?
It's like a house-breaker doing a leaflet drop to ask people to turn off alarm systems.
Maybe I'll ask the next 419er to send me a photo of himself holding a card reading "We do not pose for photos".

IKillSpammerz said...

@Gof:

> Are we authorized translate it (in french) to propose it after on forums ?

Absolutely. And please let me know how to download a copy so I can also link to it here.

Also to the Anonymous commenter: I will attempt to contact Vodafone and ask why they are dragging their feet regarding such a serious international criminal act.

SiL

Anonymous said...

Thank you for the tips. I've been reporting these things for almost 2 years now. I noticed Hotmail/Live is a whole lot better than earlier, and I want my reports done in 10 min too! I'm going to be more specific about where to find the address. One really frustrating thing is the Nigerian and Benin ISPs that won't even accept the reports. I see a lot of other ISPs with abuse addresses, and very few that say they correct the problem. But, when you write to Multilinks in Nigeria, Benin Telecom and a few others, all you get is bounce backs that they don't receive the report. And, similar or same IPs keep getting used. Can anyone tell these ISPs that their infrastructure is being abused?

IKillSpammerz said...

> Can anyone tell these ISPs that their infrastructure is being abused?
Sure: you can.

Try sending a more basic email to them that only asks: how do I report continued criminal abuse of your services? Their spam filters are probably pretty heavily abused also.

When and if they reply, save a text copy of the entire spam message on a site like pastebin.com and send them a link to it, and make sure you tell them that they need a proper abuse contact address which will not have spam filters on it so that they can properly act on this continued abuse.

But good luck with that, generally speaking. Benin is a pretty corrupt country, as is Nigeria. That's why this criminal activity is so rampant.

SiL

Anonymous said...

Thank you for all your advice in fighting these 419 criminals. I've made it one of my hobbies to nail these guys in an attempt to make their lives of scam more difficult. This is one of the best places I've found to ask questions and get friendly helpful answers.

My question today has been bugging me for many months now. Thank you for any info on it.

How and where do we report the telephone numbers the crooks place in their messages to call them to be scammed? Usually, it is a Benin or Nigerian number, but I've seen what looks like UK or US numbers too (that probably connect to Africa). Cancelling the email addresses does not solve the whole scam and spam problem if victims call these numbers and send their IDs and money. Where can we email or enter info in to get these numbers cancelled quickly?

Thank you so much for your advice and expertise on this. I appreciate it. Usually, I ask the providers if they know where and can report the numbers when I report the email addresses. But, I doubt they are getting these cancelled either. Again, thanks.

IKillSpammerz said...

You raise an interesting, and unfortunately (so far) frustrating question.

All the searches I've ever done for the past several months for an international reverse phone lookup have resulted in a plethora of forum and blog spam pages which don't provide this service. (Thanks again all you "SEO" morons. You have ruined many searches which would actually be useful.)

If any of my readers ever find a form which will perform this function I'd be much obliged to know about it. So far, only the US has such a service.

Based on several reports I've read about scammers who got convicted for this activity, they purchase cheap "pay as you go" phones which they know they won't use for long, and they switch numbers often, so even reporting the phone numbers might not be that helpful.

I appreciate the question and I wish I had a more solid answer for you.

SiL