The Nigerian Prince Scam — also known as a "419 Fraud" — has a long, weird, and fascinating history. But the basics of it are pretty easy to understand: a random phishing message riddled with grammatical errors, from a stranger claiming to be Nigerian Prince (or representative of one), who needs help shifting some money around through US bank accounts. If you would be so kind as to help this Prince launder his inheritance or whatever it is, he will bequeath you with a substantial portion of his wealth as a token of his gratitude. All you need to do is provide him with all the information he would need to access your bank account, and in six months, you'll be tens of millions of dollars richer!
It feels like an old joke at this point, but weirdly, it still works: in 2018, scammers managed to make nearly a million dollars off the ol' classic. There are other variations, of course, with wealthy orphans, lottery winners, et cetera. The trademark poor grammar is actually a deliberate mechanism used to help the victims self-select by weeding out false positives; basically, if you're smart enough to realize how poorly written it is, the scammers are better off not wasting their time with you. If you're gullible enough to fall for the fake bad grammar, then they know they have a sucker.
I share all of this, because of an email I received today:
Read the rest
In the late 2000s, Jamaican authorities launched a crackdown on drug dealers, extraditing the country's most notorious crime-bosses to the USA; the power-vacuum was filled by telephone advance-fee fraud (419/Spanish Prisoner/etc) scammers who targeted American victims, bringing an estimated $300,000,000 to Montego Bay and its region, the epicenter of the scam.
Read the rest
Kvatch of The Hoax Hotel is masterful at playing rubes who fall for online scams. In this gem, he keeps an "FBI agent" named "Josh" on the line for nearly 22 minutes, riling him up until he's "the angriest scammer I've ever called." Read the rest
In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their own malware, which captured their keystrokes and files and uploaded them to a file-server from which the researchers were able to monitor their activities and methodologies. Read the rest
Audrey Elaine Elrod was divorced, depressed and broke when a romance-scammer targeted her on Facebook, posing as a widowed Scottish oil-rig worker who admired her photo and sympathized with her plight. Read the rest
Security researcher Brian Krebs has had a look at the contents of "BestRecovery" (now called "PrivateRecovery") a service used by Nigerian 419 scammers to store the keystrokes of victims who have been infected with keyloggers. It appears that many of the scammers -- known locally as "Yahoo Boys" -- also plant keyloggers on each other, and Krebs has been able to get a look at the internal workings of these con artists. He's assembled a slideshow of the scammers' Facebook profiles and other information. Read the rest
The FDIC has issues a special alert warning that America's debt-haunted, cash-strapped banks are falling prey to conmen working the advance fee fraud, the same scam used in the familiar "Nigerian prince" or "419" scam. The banks fork over big bucks to supposed high-flying investors who are supposed to come through with large sums in return, but who vanish into the ether instead.
The FDIC has become aware of multiple instances in which individuals or purported investment advisors have approached financially weak institutions in apparent attempts to defraud the institutions by claiming to have access to funds for recapitalization. These parties also may claim that the investors, or individuals associated with the investors, include prominent public figures and that the investors have been approved by one or more of the federal banking agencies to invest substantial capital in the targeted institutions. Ultimately, these parties have required the targeted institutions to pay, in advance, retention and due diligence fees, as well as other costs. Once paid, the parties have failed to conduct substantive due diligence or to actively pursue the proposed investment.
Banks Desperate For Funds Victimized By Con Men
(via CSM) Read the rest