If someone — probably a friend — sent you to this page, read it carefully! This is a true story, from This is True’s 15 January 2012 issue.
Just How Stupid Are You?
A 65-year-old South Korean man got a random “spam” e-mail saying he had won tens of millions of dollars in the lottery, and went to South Africa to collect. The greedy man not only had not entered any lotteries in Africa, but stupidly took his daughter with him when he went for the money. The moment they arrived they were kidnaped — the scammers simply sent a taxi for them. The so-called “419” scam, named for the section in the Nigerian criminal code describing fraud, is so widespread online that most people who review their spam filters will literally find such come-ons daily. And by the poor spelling and grammar, lack of personal details, and other clues, they are generally very easy to detect as frauds. But the unnamed man and his daughter, who was described only as in her 30s, bought into it, and were being held for a 6.5-million-pound (US$10 million) ransom. The dumb duo were rescued only because their taxi driver escaped and notified police. “Members of the SAPS rescued the captives, before the ransom money was deposited,” said Col. McIntosh Polela of SAPS — the South African Police Service. The six who were holding them, five Nigerians and a South African, were arrested, but it’s unclear whether they will face prosecution: the traumatized victims fled home to South Korea when they were released, rather than providing evidence to the police. (RC/London Guardian) …Man: everyone in the story are SAPS!
Provocation
Is the title a bit loaded? Sure it is. It’s also reality — a wake-up call. If you don’t believe it, feel free to search Google, or Wikipedia for more information. Know what you’re doing before responding to such spams — junk mail just about all of us who have been online awhile get nearly every day.
And if any of this is new to you, drop everything and carefully read the entire Spam Primer (the entire site only takes about 20 minutes to read).
Related Page: What could it hurt to just forward a warning you got?
Last, if you’re sick of old jokes and dumb hoaxes clogging your inbox, subscribe to This is True and get new entertaining true stories sent once each week by email. Use the subscribe form on this page — it’s free!
December 2016 Update
Someone posted a comment to this trying to attract customers: it was a poorly spelled “offer” …of a scam. Of all the pages on this site they could have tried that! Not surprisingly, when I looked up his posting IP address, I found it was registered to …Nigeria.
Related: See this excellent follow-up.
– – –
Bad link? Broken image? Other problem on this page? Use the Help button lower right, and thanks.
This page is an example of my style of “Thought-Provoking Entertainment”. This is True is an email newsletter that uses “weird news” as a vehicle to explore the human condition in an entertaining way. If that sounds good, click here to open a subscribe form.
To really support This is True, you’re invited to sign up for a subscription to the much-expanded “Premium” edition:
Q: Why would I want to pay more than the minimum rate?
A: To support the publication to help it thrive and stay online: this kind of support means less future need for price increases (and smaller increases when they do happen), which enables more people to upgrade. This option was requested by existing Premium subscribers.
Occasionally, I’ll receive one to log in to my bank account to verify my password or that there is a problem with my credit card. They graciously provide the link for me to do so. It’s never the one bank I deal with and I don’t have a credit card, so that’s a no-brainer. If I’m bored, I will send a return email telling them I’ve forwarded their email to the FBI for prosecution.
—
If they get it (and that’s a big if), they’ll just laugh. I’d be surprised if anyone has been prosecuted for that — what should be a felony. -rc
Nothing new in South Korea. Every couple of months the papers regale the country with another idiot who got scammed of their life savings either by the 419 or by Chinese phone phishers. Yet despite all these publicized stories, they CONTINUE to happen (“Those guys were idiots to be taken in by an obvious scam, but THIS one is real, I know it!”). Koreans sure do love their lotteries and gambling… too good to be true? Nonsense. It’s their good fortune, finally!
—
In that case, I no longer feel at all bad for calling these two stupid! -rc
Regarding your response to Charles, a quick search for “phishing convicted” does turn up examples of successful prosecutions against people engaged in phishing scams.
—
Good to hear. -rc
Curtis, I once got a 419 spam that used that as its selling point: It was all about how the other scams were fake, but this pitch was real, and you’re smart enough to know the difference, right?
It was so brazen, I actually posted it on my blog with some commentary.
Everyone wants to succeed. Everyone wants to suddenly be wealthier than Bill Gates and Scrooge McDuck put together. I can understand that a lot of people don’t realize that a lottery is a tax on people who don’t do the math, because every now and then is a well-publicized win; but what makes you think that you won $XXXXXX without even buying a ticket? http://xkcd.com/570/
There’s only one explanation. People really ARE that stupid.
Another giveaway is that the real URL (usually spotted when you mouse over the provided link) is nothing like what you’d expect. I recall getting one message from a bank (at which I didn’t even have an account), and while the URL in the message looked like http://www.whateverbank.com, when I moused over it, the real URL was something along the lines of http://www.bob-and-sandys-kinky-adult-world.com. I guess the bank was expanding their portfolio.
I got a good laugh out of that one. Wish I had kept the message, though.
My ex-girlfriend of 5 years was of Korean-Vietnamese lineage, a super smart, multilingual, funny, good looking girl. We had to go our own ways when she went to medical school in Belgium (Yes, Belgium?). But while we were together she used to tell me stories about the Asians, she was flabbergasted at the hold gambling and luck has on every Asian culture. Seems to be a combination of Buddhism, Taoism and cultural memes. She didn’t buy into it but at every step in her education, her parents would conduct elaborate good luck rituals, involving ducks, goats, horns and who knows what, to ensure her entrance or good grades and such.
So if an email comes to the inbox saying you won a lottery you never entered, why would you argue with the will of the Universe?
Every culture has its baggage I suppose.
Since I first had internet access in 1997, I’ve known all about these scams. I was alerted to it very early on and pointed in the direction of a site which listed such scams. I occasionally reply to the sender, with some completely false and sometimes amusing details, and within a day or two, they suss out what I’m up to and leave me alone.
In June 2010, I received two emails at the same time, one from the “Governor of the Central Bank of Nigeria” and one from the “FBI”. Never had one from them before. I decided to have some fun with them, and managed to string them along for over 4 weeks, telling them that I’d rather not meet them at Heathrow, but would prefer to go to Lagos instead but couldn’t afford the air fare. They agreed to pay half of it but told me I had to get a Visa. I told them I had American Express and asked if that would do 🙂 The “Governor” and the “FBI” were actually the same person as one email was sent with the wrong name from the wrong address….
In the end, I got bored and told them that I knew that they were scammers, told them where to go in no uncertain terms and never heard from them again. I’m collating all the info to publish online, just for the fun of it!
I can’t count the number of “relatives” that have “left me money”. Riiiiiggghhtttt. Where were they when my family was growing up in poverty? How is it that they can only find me by my married name? How is it that they don’t know my name at all?
I’m waiting for the day when a rich uncle shows up at my door because they have really tracked me down. We moved a lot when I was a kid, but my grandparents lived in the same place for 40 years. Don’t tell me they couldn’t find me. I have fun with these people occasionally and string them along only to get tired of them and throw all of their e-mails in my spam folder when I get bored. The lengths they go to when they think they have you hooked… *eyeroll*
There is a hobby called scambaiting. Scambaiters respond to the scammers, and string them along for as long as possible, also getting them to do ridiculous things on the pretence that they are “being initiated into our religion” or whatever. It is amazing what scambaiters have managed to get the scammers to do — and you can access the three or four websites devoted to the hobby and read some of the stories. Good, harmless fun directed at wasting the scammers’ time and money and perhaps diverting them from their attacks on others.
If I’m bored, I’ll reply to them and say they can get my contact and banking info from two URLs that I include. One is a page where they can find the infamous “tubgirl” photo and the other page has the equally-infamous “two girls, one cup” video.
I also reply to their sob story, such as if they say their late husband.father/whatever “died a painful death”, I’ll tell them that’s what happens from fornicating with syphillitic goats.
Some of them actually write back and try to have a conversation, so I tell them that someone else from that s***hole has already contacted me about getting that money out of there and they won’t be pleased about someone else trying to interfere. None of them has written back after that. Replying to them hasn’t resulted in extra spam, although I do add them to my blacklist after I’ve had my fun at their expense.
Anyone else remember the good old days when the Nigerian scam actually used snailmail? I got some nice stamps that way.
—
Just goes to show how old it is. -rc
I dunno about prosecution. I tried to turn in some DVD pirates once to the FBI & the Postal Inspectors. After a year, I threw the things away & quit. No one was interested. (I haven’t been so ignored since I was dating in High School….)
To top it off the only “rich relative” to ever contact me was from New Zealand. I forget how many times I’ve deleted those emails before I started using filters.
I almost always reply to these guys, using some outlandish made-up name, and telling some wild tales, try to waste as much of their time as possible. I claim to have wired them the money-required-to-redeem-my winnings/inheritance/other imaginary moolah, but it’s been lost/misdirected/stolen by a dishonest Western Union guy who absconded with it.
It’s great fun, and I’ve been posted (as raynaz, or the phony name but attributed to raynaz) at scamorama.com many times in nearly 9 years. I love doing this to them, mainly because they fall for the stories I invent.
The store I worked at did Western Union payments. Even though we did not do too many transfers, I still had to tell quite a few people that they may want to think twice about sending money (non-refundable) to Nigeria or other parts of Africa. At least WU sent us monthly updates to help us and our customers to know the latest scams (and there were many). Just remember, if it sounds too good to be true….
Replying to scam emails is a bad idea. It confirms your address is real and they sell it to other spammers or scammers.
Re “Scam-baiting”:
One such hilarious (and cringeworthy) example is this clip: http://www.youtube.com/watch?v=X-XeFuBGvqs where the scammers act out Monty Python’s famous parrot sketch, in the hopes of rich pickings from a theatre company grant.
Note for people like Charles, Texas: You should NEVER reply to these emails. The only thing a reply does is confirm that this is a valid and real email account with an actual live person on the end of it who actually reads the email! Congratulations, you are now gold for spammers to sell your address.
Never reply. By all means report them to appropriate authorities, but never reply. If you want to string them along for some fun, always make yourself a new gmail or something specifically for that, don’t do it from your regular email account (you don’t have to wait for them to email you at the new gmail, they won’t care or probably even realise this is an address they never sent to.)
—
That is, of course, what throw-away accounts are for. -rc
The sad truth is, some reasonably intelligent people fall for these scams. We had a leader in our church congregation, a retired insurance broker, who was taken in, stripped of his financial resources and even then didn’t catch on. He was calling fellow parishioners asking for loans so he could go to Nigeria to collect his fortune. Neither his sons, the FBI nor the clergy could dissuade him of the scam.
Personally, I think the US State Department should tell the Nigerian government that there will be no more USAID funds for Nigeria until they put their internet crooks out of business permanently.
Same is true for Ivory Coast, Hong Kong and Eastern European scammers — I’ve heard from all of them via an obsolete email address.
Mike, Michigan: The problem is, I think, that once people have committed a chunk of money to the scam they persuade themselves that it will all turn out fine if they just keep going. It’s very difficult to admit you’ve been conned out of 3 or 4 grand, so you just keep going until you’ve been conned out of 30 or 40 grand, at which point you get desperate because now you are in REAL trouble and if the deal doesn’t pay off you will be down the plughole. To be fair to the Nigerian government, they do go to a lot of effort to stop the scams, but since anybody with a computer (or access to an Internet cafe) can run the thing, it’s hard to police.
In Cyberspace, no-one can hear you scream….
I had one just this morning that slipped past my filters, one of those “national representative” scams that ask you to cash a (forged) check and keep a portion as your fee. It included one of those generic confidentiality notices that said if the message was sent in error to notify the sender.
So I did 🙂
I also sent a copy with full headers to the mail administrators for every machine through which that message passed. Worth the effort? Well, I enjoyed it, so yes.
I had always thought the 419 scams were simply to get your bank account info so they could clean you out. This is the first I’ve ever heard of them kidnapping people. I can’t imagine what made them think that anyone gullible/desperate enough to fall for their clever scheme would be able to come up with $10 million for the ransom, but I suppose it just goes to show that everyone involved was lacking cents.
—
I have heard of other kidnap cases. There are multiple versions, but getting the victim to send money is a lot more sure than tapping an account and hoping it doesn’t get reversed. -rc
I like to reply: For only $50 US we will add your name to the list of those to be saved. Praise be to the Highest. Hurry. The end is almost here. I have never had a second notice.
I started collecting the spams for about 18 months and analized them. My favorite are the ones from the FBI saying I will be prosecuted for not collecting my funds.
One trend I did notice was one group appeared to be writing the email and several spammers sent the same message; unfortunately, some of them didn’t understand how to substitute/insert their unique information. I am guessing someone or group “spammed” the spammers for a fee.
I get scam emails from Fedex, UPS, DHL, IRS, Chase bank as well as the foreign ones. I just forward those messages to the companies and let them deal with it since they have more resources than I do.
—
Just to clarify, those spams are not from those organizations, but from scammers who pretend they are. It’s probably a waste of time to forward them to the organizations that are identified. They know this is happening. -rc
Yes: these scams and others are going on for decades, it’s just the technology that has changed and many more can be drawn into such a scam.
1. I had been working in a hospital in 1980 when we got an invoice (ca. $100) from Spain asking to pay for our subscription of a scientific periodical. Sure enough, the hospital had no such subscription and we did not pay. But considering that many offices, hospitals etc. were (are?) not always checking invoices, many might have paid. Even if only 5 in 100 pays and you have sent out 1000 letters, you (the scammer, con, etc) will get at least $5000 for a simple serial letter. But I suppose, the “paying rate” was and is bigger.
2. Ten years later, 1990, the bureau in which I was working indeed got a snail-mail (or was it a fax?) from Nigeria. If we could help to get $1,000,000 out of the country, we would get, say, 20% of it. On condition that … (whatever, we had to pay bribes to officials or such). And I remember well, that these scams had been widely (!) reported in the press in Germany — and how many people had tried to get their share of the loot. I felt and still feel that such people responding to this scheme were rightly stripped of their money as they were accepting money to steal money from that country, because they were accepting to bribe people in Nigeria to get a million out of the country.
3. As early as 2002 I was asked to verify my Paypal account. Everything in the mail looked nice and completely authentic. And yeeeeees, they asked for the password etc. “Phishing” had not been reported much by then — not even by eBay or Paypal, which was still an independent company then. Only after these first scams they constantly gave advise what NOT to do. Well, I did not reply to the mail directly but asked Paypal about the matter — I considered it possibly valid, but had no idea why I should verify my account as I had been verified by them before. They said NO! and asked to send these mails to spoof@paypal.com. I wonder, how many fell victim to this and later phishing attacks.
4. And yes: DO NOT REPLY to spammers and scammers – while you think you’re wasting their time, you’re wasting yours!
It isn’t a waste of time to forward phishing and other scam messages to the organizations that are identified. In the late 90s I received a fee message from my Credit Union saying I had been charged a NSF fee. (Ack, how did I bounce a check?!?) The e-mail looked legit and I clicked on the link to go to a very authentic-looking spoof website. I luckily took a second look at the URL just before logging on and noticed the Credit Union name was misspelled by 1 letter.
I immediately called customer service and had to convince them that there was really an issue. I forwarded the e-mail while on the phone and the supervisor clicked on the link and stated “I don’t see what issue you are seeing, this is our website” and I asked her to read the URL to me letter by letter. There was a long silence and then a big “OH NO!, they can’t do that”. Of course they could and they did. Today that same Credit Union has an entire team that deals with these types of attacks and tries to educate their membership on how to identify phishing and how to easily report them.
Many of these organizations, especially financial ones, have teams setup to analyze and respond to these types of e-mail. PayPal is one of the more progressive.
—
I agree that notifying small organizations is an exception to what I said. Note the examples used in that message, though: Fedex, Chase, the IRS. Those huge organizations do know about these things already. -rc
I had a program on my computer that told me the name and location of the sender of the e-mail including the server and provider and like to write back a reply that gives them this information. Kind of like looking into a window and seeing yourself looking back. Scares the hell out of them, I would like to think.
—
Quit telling them how to improve! -rc
I decided to play along with scammers for awhile. I was supposed to deposit checks into my bank account and wire 90% (or some amount) of the payments from their customers. I have over a million dollars in fraudulent checks now. One time I received a few large checks that looked legitimate; so I deposited them in a new account in a new bank. The total amount was so large that the bank gave me an account with a large interest. It took so long for the checks to bounce that the bank actually gave me $125 in interest. That was a profitable game for me.
—
Amazing! -rc
Even if an organization knows that phishing is happening, it can still be helpful to send examples for analysis to their fraud team or to a group like the Anti-Phishing Working Group. Some of them (eBay for instance) even request that you report phishing messages and websites to them.
It helps them keep up with the latest techniques being used (it’s a lot more sophisticated than it used to be!), identify URLs being used so that they can be added to the blocking lists used by most major web browsers, in some cases can provide clues to where the messages are coming from (though botnets make that hard to track these days), and can help with both law enforcement and technical countermeasures.
A few years ago, I received one asking for my phone number. I replied back with the phone number of my local police dept. They actually called it and then emailed me to ask why the phone number was wrong and told me it went to the police. I just emailed back that there’s a message in that. No more responses!
I always keep in mind what a lawyer friend of mine said: “If it seems too good to be true, it probably is.”
That simple principle would have protected people from everything from phishing scams to Bernie Madoff.
—
You got that advice free, from a lawyer? That seems too good to be true…. -rc
I’ve gotten tons of e mails where I’ve inherited millions of dollars. I even had one that came from a relative with my same last name. I’ve got so much money waiting for me out there that I’ll be able to support everyone living in North America. ;-p
I used to keep a folder with all of them in there so that I could add up the millions every once in awhile. But, then my computer got a virus. There went my millions…. sniff
Regarding sending to large organisations — I work for one and yes we know about these scams, and despite what Randy may think large orgs do go after the sites, etc and get them closed down or blocked where possible.
Reputational damage costs business a huge amount, so even if it seems futile, it pays to at least be seen to try and minimise the impact of these scams and as a result most large organisations have teams dedicated to exactly that.
Please do forward details to the organisations they supposedly come from to deal with — and Randy — keep up the good fight!
—
I didn’t say that large organizations don’t do anything. On the contrary, I know that you do. What I said was, don’t spend a lot of effort to let the large organizations know, since you are watching out and dealing with the criminals already. -rc
Thanks for the Twitter ‘reminder’ of this story. You say: “And by the poor spelling and grammar, lack of personal details, and other clues, they are generally very easy to detect as frauds.”
Exactly! — but as I discovered recently, the poor grammar and spelling is deliberate — this ‘weeds out’ those smart enough not to be taken in by the scam.
—
Which just goes to show how important education really is. -rc
Tony, Kenya:
That is quite interesting. It had not occurred to me that the awful spelling & grammar could actually be a specific technique to ‘qualify’ subjects as being more likely to be gullible enough to fall for such obvious traps.
I have often wondered how there can still be people who fall victim to such scams because they have been around for so long and seem to get so much publicity. I guess it comes down to a combination of greed and gullibility.
I wonder if someone could set up a mail server (butthole of the universe @nowhere.hell) that would receive forwarded scammails and strip the intermediate addresses out of the emails and then send those emails back as undeliverable to the originators. I might remedy the problem of where to send the scams without registering as a valid email address.
This copied from the above comments made me think of it:
“Jack in Maryland
January 21, 2012 at 1:08 am | Reply
I started collecting the spams for about 18 months and analized them. My favorite are the ones from the FBI saying I will be prosecuted for not collecting my funds.”
—
Sounds like it would be effective — but it wouldn’t be. Most of the time they’re sending from a fake (or innocent victims’) address, and they wouldn’t scrub their list of bounced addresses anyway — why bother, when you’re stealing the resources to send the email in the first place? Only legit emailers, like newsletter publishers who pay for the service, really care. -rc
There is a great scambaiting site that has been around for over 10 years who makes fools of these people. My only warning is that you’ll get hooked once you start reading the correspondence. The funniest parts are where he says he’s flying in and needs a photo of the scammer holding a sign so he can recognize him. Then he gives the scammer a (usually) very lewd wording, or something that makes fun of the scammer. If you have time to waste, I suggest it.