Jump to content

419 and phishing emails


mrmaxx

Recommended Posts

I'm having some problems figuring out when to report a spam to the Nigerian 419 Secret Service address and when to report it to the US Government's anti-phishing email address.

Are all phishing attempts 419's or are all 419's phishing attempts? Should I report all phishing to the Secret Service or just ones that claim to be a Nigerian "inheritance" or such?

I'm tempted to say I should report Nigerian 419 scams to both places, as 419 scams are a subset of phishing scams, but I'd rather get an opinion from someone else, preferably a SpamCop deputy. :D

Link to comment
Share on other sites

You're on your own here. I don't know anything about where else to report the scams.

Well, I did a bit of Googling and found this:

US-CERT is collecting phishing email messages and web site locations so that we can help people avoid becoming victims of phishing scams.

You can report phishing to us by sending email to phishing-report[at]us-cert.gov

So, I know that we can report phishing to them. My question is, do 419 scams constitute a subset of phishing or should I report all phishing to both? :unsure:

Link to comment
Share on other sites

I am in the UK and you can report to MillersMiles who run a dedicated 419 scam and anti-phishing service at http://www.millersmiles.co.uk/

Interesting. They don't seem to differentiate between 419 and phishing. I may go ahead and add them to my standard reporting list. 'Course, I'll have to take someone else off... :)

Link to comment
Share on other sites

My question is, do 419 scams constitute a subset of phishing or should I report all phishing to both? :unsure:
I think there's a lot of wiggle room in these definitions. I'd say report them to anyone you can find, let them tell you otherwise.

My own understanding is that "phishing" is where the crook makes an elaborate pretense to be your bank (etc.) and tries to get you to log in in such a way that he can capture your login info, credit card number, etc. He will typically use direct-to-MX bulk mailing and secret websites for this purpose. He doesn't ask you for money, etc. (he will get that himself later).

419ers, on the other hand, are very low-tech swindlers (using freemail, no websites and no direct-to-MX) who try to trick people into thinking they won the lottery, that they can collect money belonging to a dead politician, etc.

The phisher is done with you after one message to you (if you respond, that is). 419s, on the other hand, require a lot of back-and-forth traffic for the crook to suck you further into the scam. That's why it can be useful to report e-mail addresses known to be used by 419ers for collecting replies.

-- rick

Link to comment
Share on other sites

The problem is that law enforcement wants to know how much you lost before they really can act. If you want to protect the gullible, then the best course of action is to report the drop box.

I figure that law enforcement agencies have the same opportunities for a spamtrap that doesn't rely on possible reporter error to catch these 419 spam.

Miss Betsy

Link to comment
Share on other sites

As I understand it, "419" refers to section 419 of the Nigerian legal code that deals with "advanced fee fraud". This is where you are told that you have won the lottery, have been left a large inheritence, or that Prince Mabutamba has several "trunk boxes" full of money they need to get out of the country. Then you are asked to pay an advance fee to get your cut of the money.

On the other hand, as rick points out, phishing is an attempt to get personal information from an overly trusting user.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...