The "419" or "Nigerian" Scam
Penn Information Security continues to receive regular reports of Penn
computer users encountering an "oldie but goodie" scam that
has been around, in one form or another, for more than 20 years.
Have you recently received an email message that resembles this?
(Spelling, punctuation, malapropisms and syntax have not been altered
or corrected- this is an actual email received at Penn):
I MUST FIRST SOLICIT YOUR CONFIDENCE IN THIS TRANSACTION; THIS BY VIRTUE
OF ITS NATURE AS BEEN INTERLY CONFIDENTIAL AND TOP SECRET THOUGH KNOW
THAT A TRANSACTION OF THIS MAGNITUDE WILL MAKE SOMEONE APPREHENSIVE
AND ELATED BUT I AM ASSURING YOU THAT ALL WILL BE WELL AT THE END OF
THE DAY. I HAVE DECIDED TO CONTACT YOU DUE TO THE URGENCY OF THIS TRANSACTION
AS WE HAVE BEEN RELIABLY INFORMED OF YOU DISCRETNESS AND ABILITY TO
HANDLE TRANSACTION OF THIS NATURE.
ME START BY INTRODUCING MYSELF PROPERLY , I AM MR. TIJANI YUSUFU CREDIT
OFFFICER WITH THE UNION BANK OF NIGERIA PLC (UBA) BENIN BRANCH, I CAME
TO KNOW OF YOU IN MY PRIVATE SEARCH FOR A RELIABLE AND REPUTABLE PERSON
TO HANDLE THIS CONFIDENTIAL TRANSACTION,WHICH INVOLVES TRANSFERING HUGE
SUM OF MONEY TO A FOREIGN ACCOUNT REQUIRING MAXIMUM CONFIDENCE
FOREIGNER AND AN AMERICAN , LATE ENGR JOHN CREEK (SNR) AN OIL MERCHANT
WITH THE FEDERAL GOVERNMENT OF NIGERIA, UNTIL HIS DEATH MONTHS AGO IN
KENYA AIRBUS ( A3K-300) FLIGHT KQ430 BANKED WITH US AT UNION BANK OF
NIGERIA PLC BENIN AND HAD A CLOSING BALANCE AS AT THE END OF MARCH 2001
WORTH $35,432,000USD , THE BANK NOW EXPECTS A NEXT OF KIN AS BENEFICIARY.
VALUABLE EFFORT HAVE BEEN MADE BY THIS BANK TO GET IN YOUCH WITH ANY
OF THE CREEKS RELATIVE OR FAMILY HAVE BEEN UNSUCESSFUL. IT IS BECAUSE
OF THE PERCEIVED POSIBILITY OF NOT BEEN ABLE TO LOCATE ANY OF ENGR JOHN
CREEK (SNR) NEXT OF KIN ( HE HAD NO WIFE OR CHILDREN THAT IS KNOWN TO
MANAGEMENT UNDER THE INFLUENCE OF OUR CHAIRMAN AND MEMBERS OF THE BOARD
OF DIRECTORS ARRANGEMENTS HAVE BEEN MADE FOR THE FUNDS TO BE DECLARED
"UNCLAIMED" AND SUBSEQUENTLY DONATE THE FUNDS TO THE ARMS
& ARMUNITION TRUST FUNDS AND THIS WILL FUTHER ENHANCE THE CAUSE
OF WAR IN AFRICA AND THE WORLD IN GENERAL .
OTHER TO AVERT THIS NEGATIVE DEVELOPMENT SOME OF MY TRUSTED COLLEAGUES
AND I NOW SEEK YOUR PERMISSION TO HAVE YOU STAND AS THE NEXT OF KIN
TO THE LATE MR.JOHN CREEK (SNR) SO THAT THE FUNDS WILL BE RELEASED AND
PAID INTO YOUR ACCOUNT AS THE BENEFICIARY NEXT OF KIN, ALL DOCUMENT
AND PROOFS TO ENABLE YOU GET THIS FUNDS WILL BE CAREFULLY WORKED OUT
. WE HAVE BEEN MANDATED BY THE BANK TO OFFICIALY DECLARE THE BENEFICIARY
WITHIN THE SHORTEST POSSIBLE TIME , THAT IS WHY WE HAVE DECIDED TO CONTACT
YOU AND MORE SO WE ARE ASSURING YOU THAT YOU THAT THE BUSINESS IS 100%
RISK FREE INVOLVEMENT .
SOON AS WE RECEIVE AN ACKNOWLEDGEMENT OF THE RECEIPT OF THIS MESSAGE
IN ACCEPTANCE OF OUR MUTUAL BUSINESS PROPOSAL WE WOULD FURNISH YOU WITH
THE NECESSARY MODALITIES AND DISBURSEMENT RATIO TO SUIT BOTH PARTIES
WITHOUT ANY CONFUSION .
THIS PROPOSAL IS ACCEPTABLE TO YOU DO NOT TAKE DUE ADVANTAGE OF THE
TRUST BESTOWED ON YOU ,KINDLY RESPOND IMMEDIATELY WITH THE E-MAIL ADDRESS
FURNISHING ME WITH YOUR MOST CONFIDENTIAL TELPHONE, FAX NUMBER AND YOUR
EXCLUSIVE BANK ACCOUNT PARTICULARS SO THAT WE CAN USE THIS INFORMATION
TO APPLY FOR THE RELEASE AND SUBSIQUENT TRANSFER OF FUNDS IN YOUR FAVOUR.
THANK YOU IN ADVANCED FOR YOUR ANTICIPATED CO-OPERATION
MR TIJANI YUSUF
This is a classic example of the infamous "Nigerian Scam",
or "419 Scam" (so named because of the Section Number
of Nigerian criminal law that applies to it), an "advance fee fraud"
scheme that has been in existence through regular postal mail for more
than 20 years, and which has been multiplied many times over since the
advent of the Internet and (free) e-mail. Over the last few years, literally
thousands of Penn people have received countless e-mails like the one above. Although
the nature and exact text of the "preposition" varies from letter
to letter, as well as the purported author, there are a number of features
common to most (but not all) that instantly identify them as "419"
- They often, but not always, are ALL CAPS, as this one. Some commentators
on the scam have speculated (usually with tongue in cheek) noted that
there must be an epidemic of keyboards with broken Caps Lock keys in
- They often (again, as in this example) feature tortured syntax, malapropisms
and misspellings - much more than might be expected of a writer who
claims to be a bank manager or oil industry executive (among others)
- remember that English is the official language of Nigeria and several
other West African nations.
- In almost all cases, the e-mails appear to come from an African country and/or individual,
usually Nigeria, but examples alleged to be from Senegal, Ivory Coast,
Togo, Ghana, Liberia, Angola, Chad and South Africa have also been encountered. In recent years, Asian and Eastern European countries have begun to appear as well.
- They almost always refer to large amounts of funds - millions of US
Dollars - that are "trapped" or "frozen" for a variety
of purported reasons: "double-invoiced oil", and unclaimed
accounts belonging to victims of African air disasters (as above) or
other (alleged) deceased persons are among the most frequently seen
- They always offer you, the recipient, a healthy percentage of these
funds as a "commission" - all you have to do is send them
your bank account numbers (the more account info you send, the faster
your share of the "proceeds" will start rolling in) for them
to transfer and "free" the funds from the grasp of the bungling
administrators, greedy bureaucrats, etc.
- They almost always urge you to act without delay, and often refer
to some sort of "statute of limitations" or other legal stricture
that is about to expire and return the funds to the government or other
entity that would undoubtedly use them for nefarious purposes.
At this point, if you have received one of these e-mails and feel that
the "Nigerian Scam" has reached out and touched you, you probably
have a few questions:
How did they get my name/e-mail address?
The key thing to understand here is that, despite the shady nature
of this fraud, the way in which it is spread is very familiar - this
is essentially a more virulent form of "spam", or unsolicited
commercial e-mail (UCE). The messages are mass mailed in exactly the
same way as the more mundane "XXX", "Toner Supplies"
and "Make Money Fast" junk e-mails that appear in your inbox
on a daily basis. All they need to get a "419" message into
someone's inbox is a valid e-mail address, and they collect these the
same way that other spammers do: they buy lists collected by other spammers,
they harvest addresses themselves from Usenet postings, they scour online
directories, and sometimes they find a mail host and just try every
possible 8-character email address for that host. There are many other
methods for them to collect addresses, and no matter how zealously you
limit who you give your address to, chances are that eventually it will
make it onto somebody's mass mailing list.
Do they know who I am, or any other information about me?
There is very little likelihood that they know anything of a personal
nature about you at all, despite the assurances that they "know
you to be a person of integrity" and "discretness" (see
example above). They don't know you any more than they know the millions
- maybe billions - of other people around the world that they try to
bilk. To them, all you are is an email address that didn't bounce.
Who are the people who are sending these scam messages?
The consensus among government and law enforcement officials around
the world, as well as information security experts is that despite the
many countries that "419" messages appear to originate from,
the source is, in fact, in Nigeria, although Amsterdam, in the Netherlands appears to be a center of activity in recent years as well. Although the Nigerian government
claims to be cracking down on them, it is commonly believed that they
are actually protecting the scammers, in fact, many believe that Nigerian
government officials are the scammers. Whether this is true or
not, it has been alleged that the reason the Nigerian government allows the scam
to continue is that it is estimated to be the third or fourth largest
source of revenue for the Nigerian economy.
You're kidding - you mean people actually fall for this?
You bet. Remember, this has been going on for more than 20 years -
if the fishing is good, you don't change the bait you're using. Not
only are there many documented cases of people who have had their bank
accounts drained by "419", there are also cases of people
who have been lured into traveling to Nigeria and entering the country
without a passport - which puts them at the complete mercy of the scammers,
and some law enforcement agencies report that some of these people did
not leave the country alive.
Pretty scary...am I in any danger?
Only if you respond to them and send them any of your personal and/or
financial account information. Otherwise, as mentioned above, you're
just one of millions of e-mail addresses that didn't bounce.
Should I report it to any law enforcement authorities?
Law enforcement agencies around the world are all too aware of "419"/"Nigerian"
scam activity. As long as you do not respond to the e-mail or letter,
it is safe to delete it or throw it away.
The U.S. Secret Service has instructed anyone in the US who has
lost funds because of this scam to forward appropriate written documentation
U.S. Secret Service
Financial Crimes Division
950 H Street, NW,
Washington, DC 20001.
Or send email using the Secret Service form or
direct to email@example.com
Please Note: The Secret Service no longer requests that copies of 419/Nigerian scam messages and letterrs be faxed to them.
The Secret Service has posted a "419" advisory on their web
Are there any websites with more "419" scam information
There are lots of sites with good writeups and information. A Google
search on "Nigerian Scam" will turn up lots of hits, but here
are a few of the better sites:
Should I report it to Penn Information Security?
No thanks, we've seen enough of them.
Last updated: Wednesday, December 3, 2008