Jump to content

419 mail


Xylella
 Share

Recommended Posts

Since joining SpamCop my conventional spam (viagra, promotional rubbish and such) has now pretty well gone leaving a residue of about twenty 419 e-mails a day. Most are pretty transparent but some are very clever and in the last couple of years three of them have nearly caught me out.

These seem pretty immune to normal SpamCop reporting so for example I reported one today with the following reply from SpamCop;

Reports regarding this spam have already been sent:

If reported today, reports would be sent to:

Basically the reports seem to be routinely ignored and the scammers keep going. I have looked at various other approaches to 419 mail, besides SpamCop, and there seem to be several around who go to a lot of trouble to identify sites and engage with ISP's and bank regulators to try and help catch the scammers and put them out of business. Perhaps the fact that the complaint is being followed up by an interested party rather than a (semi) automated complaint makes a difference to the success of some of these organizations

Any ideas bout how SpamCop could look at this more proactively?

Xylella

Link to comment
Share on other sites

...Reports regarding this spam have already been sent:

If reported today, reports would be sent to:...

That is the usual message when you look at a reported (or cancelled) submission in your "Past reports". If you want to discuss the effectiveness (or otherwise) of notifications to ISPs, you need to go a little deeper and case-by-case - see Tracking URL. ISP notifications (reports) are a courtesy which allows responsible providers an opportunity to deal with the spammers in their network. It is yet to be shown that SpamCop needs to be/can be more proactive.

SpamCop's quite modest primary mission is to list persistent spam sources in the SpamCop Blocking List while those continue spamming and your reports certainly assist with that - although you are quite correct in thinking that this will not single-handedly stem the flow. But, combined with the efforts of other reporters and the SC spamtraps it certainly "raises the bar" of difficulty for spammers of all types, including the 419-ers, and contributes to occasional break-throughs when a major gang gets cornered and eliminated.

Ѕpam is international but generally you can do more with any of it originating in your own country. See

http://ispa.org.za/spam/identifying-south-african-spam/

http://ispa.org.za/spam/419-scams/

For some observations about advance fee and lonely hearts scams read

http://forum.spamcop.net/scwik/Nigerian419...nceFeeFraudScam

... and the various links. Reporting the "drop box" email addresses (those to which the scam mail specifically tells you to reply) to the e-mail service providers is a useful way to fight back but can be very frustrating (ESPs often play dumb, which is far cheaper than actually enforcing their terms of service as they are generally obliged to do under codes of conduct with degrees of compulsion ranging from none at all to possible loss of lisense depending on the country/state, not to mention any requirements that might be imposed by the applicable criminal law provisions) - perseverance is the key.

Additional reporting addresses can be found summarised in all sorts of places, here is one:

http://spamlinks.net/track-report-addresses.htm

... noting the link specific to criminal 419 scams within that

http://spamlinks.net/scams.htm

If you search this site (up to three different site "search bars" provided from any given forum page) you will find much more.

Steve

Link to comment
Share on other sites

Steve,

You correctly surmise that I do much of my reporting from South Africa but I actually work in Central, East and West Africa much of the time. Almost all of my 419 mails actually originate from Burkina Faso and Cote d'Ivoire. The 419's that do originate in South Africa are usually very clever fake bank sites which I report to the relevant bank IT fraud departments, Gmail, and SC.

The frustrating thing about the 419 mail is that it is very persistent for some reason and while SC has helped me get normal spam down to only about 3 -4 a week I still get a pile of 419 mail. Reporting it to my provider (Gmail) through the 'report phishing' and 'report spam' still allows about two to three to get through to my in-box every week.

I looked at the links you sent which are very useful but only as far as they go and also the SC Wiki entry on the topic which is quite bland and not really up on some of the scams out there. In fact entering '419' on any search engine comes up with over 500,000,000 results some of which go into some detail about the types of scam as well as how to help actively closing down these sorts of spammers and associated websites.

From what you are saying I assume that I should just plug away with reporting through SC and where an institution is being impersonated perhaps use additional reporters similar to SC. However it is a bit demoralizing to be processing 419 spam where the Administrators of the network have ignored previous complaints and all one gets is a message saying that if a report was sent it would go to xyz[at]zyx.com

Xylella

Edited by Xylella
Link to comment
Share on other sites

There's no single solution to the problem. By using the SC reporting tool the important thing is you add to the weight of evidence saying that particular IP address is currently sending spam. Cancel the report and that doesn't happen. SC never has insisted that ISPs heed their reports. The only real leverage is the blocking list. By itself that risk, to them, is often not enough, depending on the volumes and sending strategies and alternate routes, etc. (419s are usually fairly low volume and the perpetrators are often vulnerable in other ways because of that) but it is one move on the chess board in the bigger game - provided that datum, one reporter's submission (never enough to cause listing by itself), makes it to the database.

These criminals frustrate all sorts of people all the time (including the beleaguered Nigerian High Commissioner to Australia 4 years ago, who suggested we jail the victims - an unexpected solution and one which remains underutilised to this day :P ). Anyway, people fight back in all sorts of ways, including baiting the scammers (hopefully the baiters bear in mind that these are criminals of unknown potential with whom they "play").

There are all sorts of spam for which SpamCop is not "the answer". But it plays its part, great or small, with them all.

Link to comment
Share on other sites

Prosecuting victims is a new one on me! It might focus a few minds.

While most of the scams are very transparent here is an example of a scam that could catch out a lot of people from academia.

A lot of my 419 mail is aimed at soliciting academic articles from me for publication. I have wondered why but now realize that most of my articles give my e-mail address as corresponding author and therefore I am seemingly the target of this particular type of scam. At first glance the journal web site looks very slick but when investigated further one sees that the journal has no recorded 'impact factor' and articles accessed through the website are culled from other sources and are mostly not relevant to the described purpose of the journal. The basic idea is that you submit an article and then have to pay a publication fee - so a variant of the 'advance fee scam'.

This type of 419 is about 25% of my spam but hardly rates a mention in any of the descriptions of 419 activities. Perhaps because the victims feel embarrassed that they did not look into the credentials of the journal and, as academics, should have known better.

So these scams and websites seem to be operating for extended periods of time and SC seems only to be able to go so far. It took me about three months to close down a website purporting to be an agency of the Ministry of Health of one African country (three months after reporting it to the Ministries fraud hotline though at the time I was not a member of SC).

Edited by Xylella
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...