Re: CRIME Re: Funny way to deal with Nigerian Scammers [slightly off topic]

From: Duane Nickull (duane@private)
Date: Sat Sep 20 2003 - 13:17:05 PDT

  • Next message: Andrew Plato: "CRIME Need somebody for application-level security work"

    I usually spoof the email address of another known spammer or else put 
    the email address of a law enforcement agency that is tasked with 
    stopping the Nigerian Scams.  These guys send out so many emails they 
    will never know who they sent to or not.
    The spoofing idea is a new twist on an old school fax-spam retaliation 
    scenario I used to do in the late 1980's.  The office I worked at used 
    to get  hundreds of Spam faxes each week.  We would note the return fax 
    numbers of the biggest perpetrators, then change our fax machine to 
    spoof a fax coming from them.  I would then tape four pieces of paper 
    into a big loop with the words "Buy" "More" "fax" and "Paper" on them 
    and transmit the fax to another fax spammer.  The machine would chug 
    away until it used up all the fax paper at the receiving machine.  I am 
    sure this started more than one fax "war" between the spammers.
    Although I abhor spam in any way shape or form, I usually rationalize 
    retaliation against known spammers in this manner, by using a 
    combination of creativity and social engineering for personal amusement. 
     Hey - we have to get something back from these people ;-).
    Kuo, Jimmy wrote:
    >Do you send this from an account that's traceable back to you?
    >How about sending it from an office machine through a hotmail acct?
    >PS.  Travelling in Germany.  I see that you all can see through the Swen
    >virus and not click on it.
    >-----Original Message-----
    >From: Duane Nickull [mailto:duane@private]
    >Sent: Tuesday, September 16, 2003 4:36 PM
    >Cc: crime@private
    >Subject: CRIME Re: Funny way to deal with Nigerian Scammers [slightly off
    >This got blocked the first time so I deleted the Nigerian references and
    >sent again....
    >I thought you all may get a laugh out of this. After experiencing a
    >frustratingly large increase in my inbox of Nigerian Scams, I have decided
    >to fight back by mentally intimidating those who propogate this scam.
    >I start by tracking the IP address the email originated from (usually Canada
    >or Netherlands). Although the emails may be launched from a illegally
    >accessed site, many law enforcement reports who that internet cafes and
    >hotels are popular.  Once I have the IP, I do a lookup to get a physical
    >location. This can be correlated by looking at the IP address in the header,
    >doing a reverse look-up and using the time zone offset to check it.  I then
    >send the message below, with the full SMTP headers exposed in the email
    >reply, and cc at least two law enforcement agencies who are in the area
    >(only the ones who have asked people to notify them of nigerian scams since
    >I don;t want to propogate spam).
    >I also send back HTML emails with an image in them with  a remote link to a
    >finctional file in a real Law Enforcement agency server.  As soon as the
    >perpetrator views the email, his email client will make an http get()
    >request to the server which will also leave his real IP address on their log
    >file (of the computer used to view the email).  
    >I would be interested in anyone who has other ideas to add to this email.
    >*****************EMAIL SAMPLE*******************
    >[Sent to reply to address with 1-2 law enforcement agencies cc'd]
    >Hello [insert psuedo name of perpetrator here]:
    >Thank you for emailing me with your offer.  I usually don't accept offers
    >from morons who say they are in Nigeria but in your case, I wanted to talk
    >to you in person.  Perhaps you can call me in Canada at  (416) 952-4619.
    >[Note: this is an actual RCMP phone number for nigerian SCAM tracking]
    >The funny thing was that your IP address [note: use a program
    >like VisuaRoute to trace this] places you in the Netherlands, not Nigeria???
    >Strange.  Perhaps you are just too stupid to know where you are.
    >Oh - I have cc'd some friends of mine who belong to an international justice
    >movement to track and punish people like yourself who try to perpetuate (I
    >know its' a big word for a moron like yourself to read. My apologies) a scam
    >like the Nigerian one.
    >[image deleted to protect CRIME list viewers]  
    >Oh - one more thing.  The broken link above is an image with a URL of
    ><> .  By the
    >time you have read this sentence, an HTTP get() request will already have
    >gone to the RCMP (Canadian Police) server at
    ><> .  All they have to do is check their log files
    >to see what IP address tried to retrieve the file under the path
    >/images/TheStupidNigerianScammer.jpg and they will have your IP address
    >(probably by the time you finish reading this sentence).
    >If I were you, I would start running real fast becuase the local police in
    >Netherlands will be notified and start looking for you.
    >Run, Loser, Run!!!!
    >-------- Original Message -------- 
    >Return-Path: 	 <mailto:timothymobutu1@private>
    >Received: 	from (
    >[]) by (8.12.5/8.12.5) with SMTP id
    >h8BDoXLr024552 for  <mailto:duane@private>
    ><duane@private>; Thu, 11 Sep 2003 13:50:34 GMT	
    >From: 	Timothy Mobutu  <mailto:timothymobutu1@private>
    >To: 	duane@private <mailto:duane@private> 	
    >Reply-To: 	timothymobutu1@private <mailto:timothymobutu1@private>
    >Subject: 	Urgent Assistance	
    >Date: 	Sun, 09 Nov 2003 15:16:37 +0100	
    >MIME-Version: 	1.0	
    >Content-Type: 	multipart/mixed;
    >Dear  Partner, 
    >I am the son of the late  president of ... blah blah blah

    This archive was generated by hypermail 2b30 : Sat Sep 20 2003 - 14:16:10 PDT