Jimmy: I usually spoof the email address of another known spammer or else put the email address of a law enforcement agency that is tasked with stopping the Nigerian Scams. These guys send out so many emails they will never know who they sent to or not. The spoofing idea is a new twist on an old school fax-spam retaliation scenario I used to do in the late 1980's. The office I worked at used to get hundreds of Spam faxes each week. We would note the return fax numbers of the biggest perpetrators, then change our fax machine to spoof a fax coming from them. I would then tape four pieces of paper into a big loop with the words "Buy" "More" "fax" and "Paper" on them and transmit the fax to another fax spammer. The machine would chug away until it used up all the fax paper at the receiving machine. I am sure this started more than one fax "war" between the spammers. Although I abhor spam in any way shape or form, I usually rationalize retaliation against known spammers in this manner, by using a combination of creativity and social engineering for personal amusement. Hey - we have to get something back from these people ;-). cheers D Kuo, Jimmy wrote: >Do you send this from an account that's traceable back to you? > >How about sending it from an office machine through a hotmail acct? > >Jimmy > >PS. Travelling in Germany. I see that you all can see through the Swen >virus and not click on it. > >-----Original Message----- >From: Duane Nickull [mailto:duane@private] >Sent: Tuesday, September 16, 2003 4:36 PM >Cc: crime@private >Subject: CRIME Re: Funny way to deal with Nigerian Scammers [slightly off >topic] > > >This got blocked the first time so I deleted the Nigerian references and >sent again.... > > > > >I thought you all may get a laugh out of this. After experiencing a >frustratingly large increase in my inbox of Nigerian Scams, I have decided >to fight back by mentally intimidating those who propogate this scam. > >I start by tracking the IP address the email originated from (usually Canada >or Netherlands). Although the emails may be launched from a illegally >accessed site, many law enforcement reports who that internet cafes and >hotels are popular. Once I have the IP, I do a lookup to get a physical >location. This can be correlated by looking at the IP address in the header, >doing a reverse look-up and using the time zone offset to check it. I then >send the message below, with the full SMTP headers exposed in the email >reply, and cc at least two law enforcement agencies who are in the area >(only the ones who have asked people to notify them of nigerian scams since >I don;t want to propogate spam). > >I also send back HTML emails with an image in them with a remote link to a >finctional file in a real Law Enforcement agency server. As soon as the >perpetrator views the email, his email client will make an http get() >request to the server which will also leave his real IP address on their log >file (of the computer used to view the email). > >I would be interested in anyone who has other ideas to add to this email. > >Cheers > >/d > >*****************EMAIL SAMPLE******************* > >[Sent to reply to address with 1-2 law enforcement agencies cc'd] > >Hello [insert psuedo name of perpetrator here]: > >Thank you for emailing me with your offer. I usually don't accept offers >from morons who say they are in Nigeria but in your case, I wanted to talk >to you in person. Perhaps you can call me in Canada at (416) 952-4619. >[Note: this is an actual RCMP phone number for nigerian SCAM tracking] > >The funny thing was that your IP address 62.177.188.59 [note: use a program >like VisuaRoute to trace this] places you in the Netherlands, not Nigeria??? >Strange. Perhaps you are just too stupid to know where you are. > >Oh - I have cc'd some friends of mine who belong to an international justice >movement to track and punish people like yourself who try to perpetuate (I >know its' a big word for a moron like yourself to read. My apologies) a scam >like the Nigerian one. > >[image deleted to protect CRIME list viewers] > >Oh - one more thing. The broken link above is an image with a URL of >http://www.rcmp-grc.gc.ca/images/TheStupidNigerianScammer.jpg ><http://www.rcmp-grc.gc.ca/images/TheStupidNigerianScammer.jpg> . By the >time you have read this sentence, an HTTP get() request will already have >gone to the RCMP (Canadian Police) server at http://www.rcmp-grc.gc.ca/ ><http://www.rcmp-grc.gc.ca/> . All they have to do is check their log files >to see what IP address tried to retrieve the file under the path >/images/TheStupidNigerianScammer.jpg and they will have your IP address >(probably by the time you finish reading this sentence). > >If I were you, I would start running real fast becuase the local police in >Netherlands will be notified and start looking for you. > >Run, Loser, Run!!!! > > > >-------- Original Message -------- >Return-Path: <mailto:timothymobutu1@private> ><timothymobutu1@private> >Received: from netscape594.com (62-177-188-59.bbeyond.nl >[62.177.188.59]) by yvr.yellowdragonsoft.com (8.12.5/8.12.5) with SMTP id >h8BDoXLr024552 for <mailto:duane@private> ><duane@private>; Thu, 11 Sep 2003 13:50:34 GMT >Message-Id: ><mailto:200309111350.h8BDoXLr024552@private> ><200309111350.h8BDoXLr024552@private> >From: Timothy Mobutu <mailto:timothymobutu1@private> ><timothymobutu1@private> >To: duane@private <mailto:duane@private> >Reply-To: timothymobutu1@private <mailto:timothymobutu1@private> > >Subject: Urgent Assistance >Date: Sun, 09 Nov 2003 15:16:37 +0100 >MIME-Version: 1.0 >Content-Type: multipart/mixed; >boundary="396eeca7-6dde-4d0e-8e40-7b492dd89df9" > > >Dear Partner, > >I am the son of the late president of ... blah blah blah > > >
This archive was generated by hypermail 2b30 : Sat Sep 20 2003 - 14:16:10 PDT
