Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Monday, May 20, 2013
 
  New Resources
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

The "419" or "Nigerian" Scam

Penn Information Security continues to receive regular reports of Penn computer users encountering an "oldie but goodie" scam that has been around, in one form or another, for more than 20 years.

Have you recently received an email message that resembles this?

(Spelling, punctuation, malapropisms and syntax have not been altered or corrected- this is an actual email received at Penn):

DEAR SIR,

FIRSTLY I MUST FIRST SOLICIT YOUR CONFIDENCE IN THIS TRANSACTION; THIS BY VIRTUE OF ITS NATURE AS BEEN INTERLY CONFIDENTIAL AND TOP SECRET THOUGH KNOW THAT A TRANSACTION OF THIS MAGNITUDE WILL MAKE SOMEONE APPREHENSIVE AND ELATED BUT I AM ASSURING YOU THAT ALL WILL BE WELL AT THE END OF THE DAY. I HAVE DECIDED TO CONTACT YOU DUE TO THE URGENCY OF THIS TRANSACTION AS WE HAVE BEEN RELIABLY INFORMED OF YOU DISCRETNESS AND ABILITY TO HANDLE TRANSACTION OF THIS NATURE.

LET ME START BY INTRODUCING MYSELF PROPERLY , I AM MR. TIJANI YUSUFU CREDIT OFFFICER WITH THE UNION BANK OF NIGERIA PLC (UBA) BENIN BRANCH, I CAME TO KNOW OF YOU IN MY PRIVATE SEARCH FOR A RELIABLE AND REPUTABLE PERSON TO HANDLE THIS CONFIDENTIAL TRANSACTION,WHICH INVOLVES TRANSFERING HUGE SUM OF MONEY TO A FOREIGN ACCOUNT REQUIRING MAXIMUM CONFIDENCE

THE PREPOSITION:

A FOREIGNER AND AN AMERICAN , LATE ENGR JOHN CREEK (SNR) AN OIL MERCHANT WITH THE FEDERAL GOVERNMENT OF NIGERIA, UNTIL HIS DEATH MONTHS AGO IN KENYA AIRBUS ( A3K-300) FLIGHT KQ430 BANKED WITH US AT UNION BANK OF NIGERIA PLC BENIN AND HAD A CLOSING BALANCE AS AT THE END OF MARCH 2001 WORTH $35,432,000USD , THE BANK NOW EXPECTS A NEXT OF KIN AS BENEFICIARY. VALUABLE EFFORT HAVE BEEN MADE BY THIS BANK TO GET IN YOUCH WITH ANY OF THE CREEKS RELATIVE OR FAMILY HAVE BEEN UNSUCESSFUL. IT IS BECAUSE OF THE PERCEIVED POSIBILITY OF NOT BEEN ABLE TO LOCATE ANY OF ENGR JOHN CREEK (SNR) NEXT OF KIN ( HE HAD NO WIFE OR CHILDREN THAT IS KNOWN TO US ).

THE MANAGEMENT UNDER THE INFLUENCE OF OUR CHAIRMAN AND MEMBERS OF THE BOARD OF DIRECTORS ARRANGEMENTS HAVE BEEN MADE FOR THE FUNDS TO BE DECLARED "UNCLAIMED" AND SUBSEQUENTLY DONATE THE FUNDS TO THE ARMS & ARMUNITION TRUST FUNDS AND THIS WILL FUTHER ENHANCE THE CAUSE OF WAR IN AFRICA AND THE WORLD IN GENERAL .

IN OTHER TO AVERT THIS NEGATIVE DEVELOPMENT SOME OF MY TRUSTED COLLEAGUES AND I NOW SEEK YOUR PERMISSION TO HAVE YOU STAND AS THE NEXT OF KIN TO THE LATE MR.JOHN CREEK (SNR) SO THAT THE FUNDS WILL BE RELEASED AND PAID INTO YOUR ACCOUNT AS THE BENEFICIARY NEXT OF KIN, ALL DOCUMENT AND PROOFS TO ENABLE YOU GET THIS FUNDS WILL BE CAREFULLY WORKED OUT . WE HAVE BEEN MANDATED BY THE BANK TO OFFICIALY DECLARE THE BENEFICIARY WITHIN THE SHORTEST POSSIBLE TIME , THAT IS WHY WE HAVE DECIDED TO CONTACT YOU AND MORE SO WE ARE ASSURING YOU THAT YOU THAT THE BUSINESS IS 100% RISK FREE INVOLVEMENT .

AS SOON AS WE RECEIVE AN ACKNOWLEDGEMENT OF THE RECEIPT OF THIS MESSAGE IN ACCEPTANCE OF OUR MUTUAL BUSINESS PROPOSAL WE WOULD FURNISH YOU WITH THE NECESSARY MODALITIES AND DISBURSEMENT RATIO TO SUIT BOTH PARTIES WITHOUT ANY CONFUSION .

IF THIS PROPOSAL IS ACCEPTABLE TO YOU DO NOT TAKE DUE ADVANTAGE OF THE TRUST BESTOWED ON YOU ,KINDLY RESPOND IMMEDIATELY WITH THE E-MAIL ADDRESS FURNISHING ME WITH YOUR MOST CONFIDENTIAL TELPHONE, FAX NUMBER AND YOUR EXCLUSIVE BANK ACCOUNT PARTICULARS SO THAT WE CAN USE THIS INFORMATION TO APPLY FOR THE RELEASE AND SUBSIQUENT TRANSFER OF FUNDS IN YOUR FAVOUR.

THANK YOU IN ADVANCED FOR YOUR ANTICIPATED CO-OPERATION

BEST REGARDS

MR TIJANI YUSUF

This is a classic example of the infamous "Nigerian Scam", or "419 Scam" (so named because of the Section Number of Nigerian criminal law that applies to it), an "advance fee fraud" scheme that has been in existence through regular postal mail for more than 20 years, and which has been multiplied many times over since the advent of the Internet and (free) e-mail. Over the last few years, literally thousands of Penn people have received countless e-mails like the one above. Although the nature and exact text of the "preposition" varies from letter to letter, as well as the purported author, there are a number of features common to most (but not all) that instantly identify them as "419" scams:

  • They often, but not always, are ALL CAPS, as this one. Some commentators on the scam have speculated (usually with tongue in cheek) noted that there must be an epidemic of keyboards with broken Caps Lock keys in Nigeria.
  • They often (again, as in this example) feature tortured syntax, malapropisms and misspellings - much more than might be expected of a writer who claims to be a bank manager or oil industry executive (among others) - remember that English is the official language of Nigeria and several other West African nations.
  • In almost all cases, the e-mails appear to come from an African country and/or individual, usually Nigeria, but examples alleged to be from Senegal, Ivory Coast, Togo, Ghana, Liberia, Angola, Chad and South Africa have also been encountered. In recent years, Asian and Eastern European countries have begun to appear as well.
  • They almost always refer to large amounts of funds - millions of US Dollars - that are "trapped" or "frozen" for a variety of purported reasons: "double-invoiced oil", and unclaimed accounts belonging to victims of African air disasters (as above) or other (alleged) deceased persons are among the most frequently seen versions.
  • They always offer you, the recipient, a healthy percentage of these funds as a "commission" - all you have to do is send them your bank account numbers (the more account info you send, the faster your share of the "proceeds" will start rolling in) for them to transfer and "free" the funds from the grasp of the bungling administrators, greedy bureaucrats, etc.
  • They almost always urge you to act without delay, and often refer to some sort of "statute of limitations" or other legal stricture that is about to expire and return the funds to the government or other entity that would undoubtedly use them for nefarious purposes.

At this point, if you have received one of these e-mails and feel that the "Nigerian Scam" has reached out and touched you, you probably have a few questions:

How did they get my name/e-mail address?

The key thing to understand here is that, despite the shady nature of this fraud, the way in which it is spread is very familiar - this is essentially a more virulent form of "spam", or unsolicited commercial e-mail (UCE). The messages are mass mailed in exactly the same way as the more mundane "XXX", "Toner Supplies" and "Make Money Fast" junk e-mails that appear in your inbox on a daily basis. All they need to get a "419" message into someone's inbox is a valid e-mail address, and they collect these the same way that other spammers do: they buy lists collected by other spammers, they harvest addresses themselves from Usenet postings, they scour online directories, and sometimes they find a mail host and just try every possible 8-character email address for that host. There are many other methods for them to collect addresses, and no matter how zealously you limit who you give your address to, chances are that eventually it will make it onto somebody's mass mailing list.

Do they know who I am, or any other information about me?

There is very little likelihood that they know anything of a personal nature about you at all, despite the assurances that they "know you to be a person of integrity" and "discretness" (see example above). They don't know you any more than they know the millions - maybe billions - of other people around the world that they try to bilk. To them, all you are is an email address that didn't bounce.

Who are the people who are sending these scam messages?

The consensus among government and law enforcement officials around the world, as well as information security experts is that despite the many countries that "419" messages appear to originate from, the source is, in fact, in Nigeria, although Amsterdam, in the Netherlands appears to be a center of activity in recent years as well. Although the Nigerian government claims to be cracking down on them, it is commonly believed that they are actually protecting the scammers, in fact, many believe that Nigerian government officials are the scammers. Whether this is true or not, it has been alleged that the reason the Nigerian government allows the scam to continue is that it is estimated to be the third or fourth largest source of revenue for the Nigerian economy.

You're kidding - you mean people actually fall for this?

You bet. Remember, this has been going on for more than 20 years - if the fishing is good, you don't change the bait you're using. Not only are there many documented cases of people who have had their bank accounts drained by "419", there are also cases of people who have been lured into traveling to Nigeria and entering the country without a passport - which puts them at the complete mercy of the scammers, and some law enforcement agencies report that some of these people did not leave the country alive.

Pretty scary...am I in any danger?

Only if you respond to them and send them any of your personal and/or financial account information. Otherwise, as mentioned above, you're just one of millions of e-mail addresses that didn't bounce.

Should I report it to any law enforcement authorities?

Law enforcement agencies around the world are all too aware of "419"/"Nigerian" scam activity. As long as you do not respond to the e-mail or letter, it is safe to delete it or throw it away.

The U.S. Secret Service has instructed anyone in the US who has lost funds because of this scam to forward appropriate written documentation to:

U.S. Secret Service
Financial Crimes Division
950 H Street, NW,
Washington, DC 20001.
(202) 406-5850
Or send email using the Secret Service form or
direct to 419.fcd@usss.treas.gov

Please Note: The Secret Service no longer requests that copies of 419/Nigerian scam messages and letterrs be faxed to them.

The Secret Service has posted a "419" advisory on their web page at:

http://www.ustreas.gov/usss/

Are there any websites with more "419" scam information and advice?

There are lots of sites with good writeups and information. A Google search on "Nigerian Scam" will turn up lots of hits, but here are a few of the better sites:

http://www.scambusters.org/NigerianFee.html

http://home.rica.net/alphae/419coal/

http://www.snopes2.com/inboxer/scams/nigeria.htm

http://www.quatloos.com/scams/nigerian.htm

Should I report it to Penn Information Security?

No thanks, we've seen enough of them.

 

Last updated: Wednesday, December 3, 2008
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania