Inside a 419 Scam: A Real-world Example

Inside a 419 Scam: A Real-world Example

I have decided to offer an inside view into the life of a 419 scammer, by replying to and doing business with one such scammer who e-mailed me a short while ago. If anyone feels like trying this method for themself, I have only one warning: be careful. These scammers can be highly dangerous.

Scam baiting is a technique where the goal is to scam a scammer in an attempt to get information or goods out of them. This is not as strange as it sounds; many people have managed to get money and personal information out of a scammer.

One such example of scam baiting is the now infamous “Church of the Red Breast,” run by the scam baiters at www.419eater.com. where the scammer was scammed to the tune of $80.00 through a reverse-advance-payment scheme. The scammer was conned into thinking that by sending $80.00 to his victim, he could free up required funds that could then be transferred back to him. The full details of this reverse scam can be read at http://news.bbc.co.uk/ 1/hi/world/africa/3887493.stm.

More recently, a friend of mine engaged in an e-mail conversation with a “Sweepstake” scammer, who was trying to get a $1,500.00 payment for processing costs incurred by transferring the winnings to his account. By reading various e-mail headers, my friend determined that this scammer was e-mailing him from his own personal ISP account in the UK. A few e-mails to Interpol, Scotland Yard, and his ISP soon saw some interesting results. Scotland Yard rang my friend to inform him that they had just made an arrest and thanked him for bringing down a notorious scammer. Crazy as it may be, but one person really can make a difference and in this case a few e-mails is all it took.

I can’t emphasize this enough. I encourage anyone to report illicit scams such as this to the police.

During the flow of these e-mails keep an eye out for the language used and the tone of the various e-mails. You’ll be able to see how the scammer attempts to foster a very fast-paced relationship with me. First easing any suspicions I may have, then becoming authoritative and strong willed towards me, while maintaining a friendly composure and attempting to build a friendship with me. These social attributes will help him greatly when it comes time to ask me for money.

The plot is the usual story. A great uncle has died and taken with him twenty million dollars. The money has been tied up in another country and our scammer is unable to touch it. However, if I can fill out some bank forms, I could claim responsibility for the fortune and even be allowed to keep 15 percent of the amount. This first e-mail shows my reply to his original message, and the second e-mail is his response. He has also included a passport in Figure 9.3. The passport is obviously fraudulent; however, we have blocked out any personal information as it may very well be a stolen passport from an unsuspecting victim.

Figure 9.3: The Passport of Our Scammer

Benard, I am highly interested in your offer, I am an investment banker  from Spain and would be interested in helping you with your financial  problem.  What do I need to do?

The first reply:

Dear Partner, I am really impressed with your attention towards this business.I want  to let you understand that what I require from you is your  trust,honesty and understanding without which we cannot achieve  success in this transaction.My Name once more is Dr.Benard Mcarthy,i sent to  you a business proposal for you assistance in the transfer of funds  into your account to which you accepted to assist me.  Since i got your reply this afternoon i have been very happy knowing  that at last my dreams and aspirations will soon come through.As a  result of this i have decided to send you the details and what is  expected from you so that we could proceed,that depends on if you  finally make up your mind to assist in this business.All i need from you  is your assistance so we could transfer this funds into your account  successfully.May i warn for now that we need absolute confidentiality in  this business as i will not want to jeopardize my carrier on the basis  of this business. Firstly,I want you to know that every arrangement to get this fund  transfered to a foreigners account is in place so you do not have to  bother.You will be at the receiving end of the transaction and I will  be updating you on what to do to get this funds transfered successfully  into your account. Secondly,I will be providing you with all the documents that will be  demanded by the bank for the successfull transfer of the funds to your  account.I will authenticate all the transfer documents at your  country's consulate in South Africa to prove to your bank and  government that the funds going to your account is 100% genuine and  devoid of terrorism and money laundering. This transaction is very safe and will not implicate any of us as i  have taken care of every modalities for a successful transfer of the  funds into the account you will forward to us.All that i demanded from  you like i said earlier is your trust,confidence and solid believe in  the almighty that this will be fruitful in the next 2 weeks. Note that you will be placed as the next of kin to The Late Mr Wolfang  Schnister since from the records available to this Bank he did not name  any beneficiary,you will eventually be the sole inheritor of the  funds.As soon as the documentation is done and submission made to the  bank,then the reseve bank here in south Africa will order a transfer of  the Funds into the bank you so desire by wire transfer. Nevertheless,What do you think we should invest this fund in your  country?Because I want the fund to be invested in your country as I  will be coming with my family over to your country when you receive  this fund in your account. Assure me that you will be honest and will  not let me down after you have received the fund. Attached to this mail is the medical death certificate of the deceased  which I have obtained from the hospital and also a copy of my  international passport and my Curriculum Vitae for you to know exactly  who you are doing business with. Also Attached are pictures of my family members so that i could build  enough confidence in the course of this business.You should handle every  content of this mail and the documents with utmost privacy. You should send to me your passport copy or drivers license as proof of  identification as I am sending you mine. Regards, Dr.Benard Mcarthy

Notice how the e-mail said, “Assure me that you will be honest and will not let me down after you have received the fund.” He wants me to know that he is scared of my untrustworthiness, making me feel in control of the situation. He also wants a copy of my passport to be sure that I am legitimate and willing to go all the way. If I won’t scan my passport for him, the chances are I won’t be too willing to pay him money. Being a family man is another common social tactic and is used to lower suspicion levels. Our scammer not only mentions that he wants to come visit my home country with his family, but also attached pictures of some of his own family members. Very crafty, especially since one of his family members has a large U.S. flag on his jacket. This scammer is obviously targeting proud Americans and is trying to win trust and confidence by showing some family affiliation to the U.S. The reply also has a very template look to it. I wrote him only a small mail and showed very little interest or emotion in the body, however, his reply states, “I have been very happy knowing that at last my dreams and aspirations will soon come through.” It’s likely the body of his e-mail is a simple copy/paste template reply, sufficing the thousands of replies he daily receives, because my message did not warrant such a reply.

The e-mail account this scammer is using is at yahoo.com, and yahoo is very proficient at including the message author’s Internet Protocol (IP) address in the mail header, as seen here:

Received: from [193.219.XXX.XXX] by web61310.mail.yahoo.com via HTTP;  Mon, 13 Sep 2004 20:35:55 PDT

The whois information for 193.219.XXX.XXX provides:

Lawrence Xxxxxx No 3 First Avenue, Independence-Layout Enugu, Nigeria.

A Google search for any Web site containing this IP address shows some interesting information, including online Web page statistics linking this IP to many university and educational Web sites. My guess is that our Nigerian scammer only has Internet access at a library or Internet caf . This would account for the large delays between his replies and the constant Web traffic to random Web sites this host produces.

At this point, to continue my experiment, I need a copy of a passport, and once again Google.com comes to the rescue. A search for “index parent passport.jpg” shows many results that contain directories with the file “passport.jpg” in them. Obviously, many people scan their passport in case they lose the original, but do not realize that the rest of the world can also access this backed-up copy. This provides a good identity for me to use and will protect my true identity.

Benard,  I am very pleased I can help you with your financial problems; find  attached a copy of my Passport. I do have some problems with calling  you directly, I am currently located in Spain and calling long distance  to South Africa is unsafe due to your countries political instability. I ask instead that you call me. What documents or papers do you need from me in order to make the first  deposit? Robert.

Once the bait has been taken, his response quickly followed:

Dear Robert,   Happy monday to you,its monday here in southafrica and am at work.I  just received your mail,its quite unfortunate that you cannot call me  but i want you to know that all they told you about africa is very  wrong.Africa is just like every other country with few restiveness and  political problems but it a fantastic continent.I shall invite you to  my country soon and you will enjoy it as my wife is already happy when  i told her of the prospects of having an investor friend like you. Why are you being a little sceptical about this business as i see you  are not comfortable enough yet,Robert this is very inspiring and i know  that you are an adventurous person as such that makes us similar. I  want you to realise that there is nothing too much to spend on this  business since the future is very bright so you should know that am the  one making almost all the expenses and am not complaing yet. I will be coming to London in october you must fly here and meet me so  we can sign the needed documents, you can meet my wife as she is much  exicted to meet my new investor friend. However,i think we should start the process as time waits for no body.I  shall be sending to you the application that you shall send to the bank  for the bank to vet and send to you the necessary details that will be  needed for the transfer but that will depend on when i receive  your particulars that will be needed in processing the documents.Remember  that there are some basic informations that i demanded from you.You  should revist the mail preceeding my proposal to see the requirement.  They include: Bank Name Routing Name Swift code Full Name The bank details you will send may have a zero balance if you are not  comfortable with sending one with amount but it should be a Dollar  Account.It is important that i receive this info today so i could  source and forward the Application,the MEMEORANDUM OF  UNDERSTANDING(MOU)Guiding us in this business shall be signed by both  of us in london. You should send to me your direct phone number so i could call you  since you are not able to call me now. One very important issue in this business is confidentiality,like i told  you that i have everything to loose if you bug this business,my  personality,integrity,family bond and above all what i stand for will  be tarnished so i ask you for the final time to hold this dearly to  you.  Have a nice day Mr Robert. Regards, Dr.Benard Mcarthy. 

Notice how the e-mail tone has become slightly pushy. For example, Benard wants me to fly and meet him in London and demands my bank details. This is part of a social test on the scammer’s part, determining if he can enact his authority over me. Once a friendship was established, the scammer was quick to become the dominant force, suggesting all ideas and taking complete control over the situation.

This power position needs to be established now, as it will become crucial for later exploitation of the unsuspecting victim, when he will begin to make financial demands on me. The swindle requires my trust and loyalty to his cause. If I ever argue or question any of his ideas, Benard will become very upset and attempt to make me feel guilty by telling me that I am not mature enough to handle this type of business and that I need to realize what I am dealing with.

At this point in the experiment, I decide to play along with his mind games and bend to any idea or suggestion he has. This scammer has to think that he has socially and intellectually conquered me.

Now the pace of the correspondence begins to quicken. He is expecting me to fly to London to meet him or more likely one of his London-based associates, possibly as part of a plot to extort my friends and family for ransom money upon my kidnapping. His e-mail chides me for not being committed to his cause, but also calls me an “adventurous person.” The family guy routine is worked even harder this time, promising me a trip to South Africa to meet his wife and more promises of meeting her in London. It’s at this point that the bank demands begin. At this stage he wants to be sure that I have adequate bank accounts setup and I am prepared to move his money. To prove this, he asks for the swift and routing information for one of my bank accounts. As the scammer is going to lengths to lie to me, I create a fictitious bank account at a large New York-based bank to continue the charade.

I purposely avoid calling him by giving a poor excuse and ignore his request for my own phone number. As long as I give him other information he should not require it; however, I do plan on calling him in a few days to surprise him.

Obviously, this scammer is scared of being caught and has asked me to keep a high level of confidentiality around our business. Stressing that he has much to loose if I “bug” his business, which equates to my promising to keep quiet about his aspects of our business together and not “bug” any part of it. The following e-mail is my response to his message, including my bank account and eager thoughts. This is the “hook, line, and sinker” e-mail; hopefully this scammer will think he has me fooled after reading this:

Here is my bank information as requested bank Name: JP Morgan Chase Bank, New York SWIFT Address: CHASUS XX Fedwire Routing 021XXXXXXX CHIPS number 00XX account name: Robert Frankie Symth Account No: 54XXXXXX I promise I will keep your business very private and not disturb it, I  also have been thinking about London. Since you are helping me greatly with your financial deposits, I have  decided to fly to London; I could do with a holiday anyway. Can you meet  me on October 1st with your wife? I would be very happy to also come visit you in South Africa, once all  the documents have been drawn up and the money has been moved. I look forward to your reply, please forward any documents you need me  to sign right away and let me know about the date for London, as I need  to book my tickets soon. Robert

The bank account is fake, and even though I included a real bank name with matching Society for Worldwide Interbank Financial Telecommunication (SWIFT), Federal routing number, and Clearing House Interbank Payment System (CHIPS) number, the account and its holder are completely bogus. I have no plans of visiting London; this gesture is simply to act as an identifier of my dedication to his cause. The tone of my e-mail has also changed slightly. I am now trying to convey the voice of a dedicated (and unknowing) victim who will do anything to help him move the funds. My own greed and desire for financial gain will seep out in the various e-mails I write. I want this scammer to think I am drooling over his fictitious wealth and I will try to convey this as much as possible.

Our Nigerian friend soon replies, telling me that he is drawing up important financial release forms, allowing the money to be transferred to my bank account. I should receive a copy of these documents “tomorrow” in my e-mail account. The next day I check my e-mail to find a not so surprising e-mail from Benard, shown here:

Robert, My bank in South Africa told to me today that your bank account is  located outside of local bank jurisdiction. This means that a $16,000 usd deposit fee is required on your behalf,  to esthablish a working releationshp between the two banks so the funds  can flow sucessfully. I have invested allready too much money into this buisness deal the  thought of another 16,00 is too much for me and unless you can cover  this expense we may have to not proceed any further. If I give to you the account and swift details, can you move the money  into the account from your bank account some time this week. Benard 

This message is very interesting, especially since the bank details I gave Benard were of JP Morgan Chase in New York, which is one of the largest U.S.-based financial institutes. In addition, I have never heard of “bank jurisdiction.” Money is transferred from bank to bank every day; this is how the world operates. There is no jurisdiction between banks.

Fictional bills and expenses would continue to pop up during the life of this scam if I let it continue. The scammer does not have millions of dollars; it’s very possible that I have more wealth than he does. Scammers will lure money out of their victims first by befriending them (which, on a side note, our scammer did a very poor job of) and then by attempting to gain financial assistance to help transfer the elusive millions. It’s a classic situation of Akum’s Razor (all things being equal, the most obvious answer is usually the most correct). If someone is asking for large amounts of money via e-mail and you suspect them of being fraudulent in nature, you’re probably right.

At this point, I no longer want to continue my relationship with my new Nigerian friend. I have shown the scam he is trying to pull, and without paying him the funds there is no way I can continue scamming this scammer. So I am going to construct an e-mail that will make him never contact me again, a “Dear Nigerian John” letter if you will.

Benard, I have been thinking about your proposal carefully, and your offer  seems very tempting, however there is something I have to tell you and  get off my chest. Last night, at a close friend's bachelor party I did something I have  come to greatly regret. After a few too many drinks, I made my way to the Casino, where I  managed to loose over $65,000 on BlackJack and strippers. I think one  of the strippers may have stolen my wallet also, because I cant find it. I am now very broke and I doubt I will be even to pay my rent this week  or even feed my cat!. I ask of you an advance from the 35 million you  promised, so I can pay some of my bills. I will be unable to pay the  16,000 you ask from me and without an advancement I will be unable to  work with you in any form of business. I am very sorry Benard and I hope you can help me, just a few thousand  would help me greatly, so I can pay my rent and try to rebuild my life. Robert.

Oddly enough, I received no reply to this. There is no point in the scammer trying to defraud me if I have no money to loose. But I have proved my point of how a fee advancement scam works; highly simple and highly effective.

If you have been victim to a 419 scam you should contact the police. There is a good Web site with contact information at www.secretservice.gov/alert419.shtml.

Yes, the men in black care about 419 scams. This is a sign just how prolific 419 scams have become in our world.