Sudden surge in Nigerian 419 Scam emails
For the last two days I have been getting lots of spam messages sent by Nigerian criminals, who are running a new 419 Advance Fee Fraud campaign. The current crop of 419 scams are mostly composed using all capital letters in the subject (but not always), and when you read the message body, it appears to come from a Barrister, or Solicitor, or a lottery, or a Will Executor. Huge rewards supposedly await the Mugu's (Fools) who respond and are willing to pay some processing fees to get this money transferred into their soon to be emptied bank accounts.
This request for fees to be paid in advance of the transfer of the imaginary funds is referred to as a 419 scam. That is the number of the statute in the Nigerian Criminal Code that covers financial advance fee fraud.
Here is a list of the subjects from the email scams I have received in the past 60 hours (Updated 3/28/08):
ASSISTANCE
ATM PAYMENT
Attention, Attention,, Attention
Attn:Beneficiary
CONTACT EFEX COURIER COMPANY ASAP
CONTACT FEDEX COURIER COMPANY FOR YOUR DELIVERY
CONTACT FEDEX COURIER COMPANY FOR YOUR PARCEL
CONTACT REV. DR. KENNETH OKOM DIRECTOR OF ATM CARD BANK
CONTACT YOUR ATM MASETR CARD
CONTACT YOUR ATM PAYMENT CENTER
Contact your claims agent
Dear Friend
From Barrister James.
FROM: PETER SUMEN. (NPA)
GOOD NEWS
IMPORTANT NOTICE
THIS IS FOR YOUR ATTENTION.
WILL EXECUTION
YOUR CONTRACT PAYMENT
Your Payment
GOOD NEWS CONTACT HALLMARK DELIVERY COMPANY FOR THE DELIVERY OF YOUR CONSIGNMENT ASAP.
Many of the message bodies begin with "Dear Friend,". Every one of these spam messages was an attempted 419 scam. If you get any email with these subjects you can probably be safe deleting it without reading the crap inside. If your email system allows for special filter rules, create one to delete or flag as spam all messages containing ALL CAPS. Spam Assassin already has this rule built into it. I personally use MailWasher Pro to screen all of my incoming POP email, before I download it to Outlook Express. MailWasher Pro uses a variety of methods to recognize spam and scams, including user created custom filters. I happen to write and maintain a group of filters for MailWasher Pro. They are available on my MailWasher Filters Page.
If you already have MailWasher and need a filter rule to detect messages containing all capital letters, here it is (the rule should be on one long continuous line):
[enabled],"Subject All Caps/Missing (S)","Subject All Caps/Missing (S)",33023,OR,Delete,Subject,doesn'tContainRE,(?-i)[a-z],Subject,doesn'tContainRE,.
Here is my MailWasher filter for known 419 scams (one long line):
[enabled],"Nigerian 419 Scams","419 Scam",16711680,OR,Blacklist,Delete,Body,containsRE,"^(?-i)Dear\ (Sir/Madam|Friend),(
)?$",Body,contains,"URGENT AND CONFIDENTIAL",Body,contains,"BANK OF NIGERIA",Subject,is,"URGENT AND CONFIDENTIAL",Body,containsRE,"unclaimed\ (benefits|funds)",Subject,contains,"CONFIDENTIAL MUTUAL BUSINESS PROPOSAL",Body,contains,"contacting you based on Trust",From,contains,"Department of National Lotteries",Subject,contains,"UNITEDN NATION",Subject,containsRE,"TREAT\ (AS|VERY)\ (CONFIDENTIAL|URGENT)"
Just copy and paste that rule into your MailWasher filters.txt file, which is found in (Windows XP) your logged in identity > Documents and Settings > Application Data > MailwasherPro folder. Make sure MailWasher is closed before you add this rule, save the file, then open MWP again. The rule should be visible when you click on View > Filter Sidebar (Ctrl+F7). You can download MailWasher Pro here.
Do not ever fall for the pitches from these Con men in Nigeria. They are very good at relieving North Americans and Brits of their excess money, using greed as the bait.
If you have a website, with a forum, hosted on an Apache web server, and your members are getting harassed by Nigerian scammers, you should consider applying my .htaccess Nigerian Blocklist, to your web or forum root folder. This will block them from viewing posts, or signing up for accounts, using a browser, but won't block email or ftp access. On the other hand, if you have administrator access to the operating system itself, applying my Nigerian iptables blocklist to your Linux APF firewall will block not only http browsing, but also, email from Nigerian criminals, signups and ftp access. They won't be able to access your server whatsoever, if you apply the firewall rules.
.htaccess blocklist (recommended for most non-admin webmasters):
My .htaccess Nigerian Blocklist is found here
Linux APF firewall - iptables blocklist, for admins with root access:
My iptables Nigerian Blocklist is located here
I also publish blocklists in both .htaccess and iptables formats, to block Chinese and Korean traffic, Russian and Turkish spammers and exploited servers.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.