Let me be honest with you. This information is just for you alone [emphasis added]. I would suggest that you try to fix it instead of making any trouble with it as my job might be put on the line here.

Your name has been on an awaiting list of payment roaster submitted by the Nigerian Government For your lottery/inheritance reasons of no banking particulars on which transfer should be made to until two days ago when the paying Bank personnel brought in another payment roaster for the replacement of the former that had your name on it.

The funny part? (Well, aside from the “payment roaster.”) There were about 300 recipients in the To: line.

Gee, I don’t think all 300 people have the same account info…

Most spam doesn’t run into this problem, since it’s generated by special programs that don’t even bother filling in complete headers. But from what I understand, a lot of 419 scams are still sent by people sitting in internet cafes, copying and pasting bits from templates. So it’s easy to imagine someone pasting their list into the wrong field. Kind of like the classic “Reply All” fiascos.

I suppose the scammer could have meant “trusted friend,” which is still odd for an introduction, but makes a little more sense. Of course, if you take “trusting” to the extreme—i.e. gullible—you’ve just described the type of mark they’re looking for.

As a bonus: only two* of the ~270 Google hits for the phrase is not a references to 419-style letters using the same opening. People just don’t write things like that normally, which makes it a pretty good indicator.

*I didn’t look at all 270, but there were only 30 hits by the time Google filtered out duplicates. And most of those were clearly recognizable just from the excerpt on the search results pages. For the record, both of the two non-scam hits used it as a description, not a greeting.

The classic Nigerian scam involves someone claiming to be the relative of a deceased or deposed dictator, general, etc. is trying to smuggle money out of the country and needs to borrow your bank account to do it.

It’s usually a third-world country, often one with political strife, so that the average westerner won’t be too suspicious of the level of corruption implied. You never see this scam claiming to come from, say, France, or Japan, because the process would set off too many alarm bells. Someone needing to transfer that much money would either do it through normal banking channels or through organized crime—not by firing off an email to some random citizen in a foreign country.

The first-world variation, at least up until now, has been the “International Lottery” scam. In this variation you get a winning notice, but of course you need to pay them before they can send you the money, etc. This one generally claims to be based in Europe, often several countries in one message. The idea of a lottery seems much more plausible in the first world.

Someone has come up with a way to bring the 419 scam into the first world. The two samples I’ve seen so far both involve UK-based artists trying to sell their works in the US. The premise is that their customers want to pay by some method that is “difficult to cash” in the UK, so they want you, a US resident, to accept the travelers’ checks, or money orders, then wire them the amount minus a 10% commission.

Right.

I’m seriously waiting for someone to offer a commission on the Brooklyn Bridge.

The setting has changed—instead of a dictator’s widow who has hidden away ill-gotten gains in “darkest Africa,” it’s a happy Londoner living with his or her “two kids” and “the love of [their] life” and selling art on the international market. All shiny, happy and yuppie (with just a hint of bohemian). But the script is the same: Someone wants to clear huge amounts of money through your bank account.

I was going to post some quotes, but as I started looking at them, the similarities really go through the entire message.

The first missive was very long:

Greetings to you,

My name is Susan C.Baker. I am an artist, practicing with my husband Mr. Tony Baker, here in the United Kingdom. We own the SUSAN ART WORK INC., here in London, (United Kingdom). I live in London United Kingdom, with my two kids, four cats, one pet dog and the love of my life, my husband, Mr. Tony Baker. It is undeniably a full house that we keep. I have been doing my artwork since I was a small child, which makes it about 23 years of experience for me in the field. I majored in fine and creative art in high school and in the college I professionalised in the art courses in the advance levels. Most of my works are done in either pencil or art brush mixed with color pencils.

I have recently added designing and creative artwork on the computer, and I have been selling my art works for the past 3 years to my prestigious customers from all over the world. Also, I have had my work featured on trading cards, prints and magazines, I have sold in galleries and to private collectors from all over the world, but I am always facing serious difficulties when it comes to selling my art works to Americans. I have bigger customers from the Americans but most of my America customer’s mostly offer to pay me with TRAVELER’S CHECK or MONEY ORDER or CASHIER’S CHECK, which is difficult for me to redeem into its cash equivalence here in London, United Kingdom.

My main reason for sending you this email is that I am looking for a representative in the UNITED STATES OF AMERICA. I am looking for someone who will be working for me, and with me, as a par time worker and I will be willing to pay 10% for every transaction the person assists me in making. Following your antecedent from the Internet, I decided that you should assist me in handling this situation. I decided upon you because my confidence reposed on you as someone that is responsible and reliable. Presently, I am working on setting up a branch in the states so, for now, I need a representative in the UNITED STATES OF AMERICA who will be handling the payment aspect for our company. The work you would be doing for me would not have to affect your present business or work. The work I would like you to do for me is simply to receive from me the TRAVELER’S CHECK or MONEY ORDER or CASHIER’S CHECK that my customers are paying me with. Because the cost of coming to the UNITED STATES OF AMERICA constantly to redeem this payments is becoming too expensive, time-consuming and inconvenient for me. When you receive the check payments from me or my secretary through the postal service, I would like you to cash the checks for me as soon as you receive them. So when you cash the check, I would like you to subtract your 10% and the transfer charges and send the balance to my cashier in the United Kingdom through Western Union Money Transfer.

These payments, once again, are in the forms of TRAVELER’S CHECKS or MONEY ORDERS or CASHER’S CHECK and they would come to you in your home with your name on them. If you are willing to assist as a representative, all you need to do for me is to cash the CHECK PAYMENTS, deduct your percentage and the WESTERN UNION Transfer Charges, then you should wire the balance back to my cashier.

However, the problem I have is trust. And as a result of that, I have made arrangements with the FBI in Washington and the secret service agents that if anybody representing me gets away with my money they have assured me that they will definitely get hold track the person down, and the person will go to JAIL for LOOTING my funds. You are to receive the TRAVELER’S CHECKS or MONEY ORDERS or CASHER’S CHECK PAYMENT very soon. IT WOULD BE SENT TO YOU THROUGH A TRUSTED POSTAL SERVICE AGENT. AND AS SOON AS YOU RECEIVE THEM I WOULD LIKE YOU TO IMMEDIATELY CONTACT ME, SO THAT I WOULD DIRECT YOU ON WHAT TO DO WITH IT AND HOW TO GET THE BALANCE TRANSFERRED TO MY CASHIER IN THE UNITED KINGDOM.
NOTE: All charges of the WESTERN UNION MONEY TRANSFER will be deducted from my total sum, so you are rest assured that you wouldn’t spend a CENT out of your own personal money. You just have to deduct your interest and send the balance to my cashier for accountingand bookkeeping.

If you are interested in assisting me in this venture pending when our branch would be ready in the UNITED STATES OF AMERICA for us to work closely together, please kindly get back to me immediately via this my mailbox.

N: B, Please send to me the listed information below:
1. Your Name in Full
2. Your Full Contact Address(where i can send the cheque).
3. Your Occupation
4. Your Age
5. Your Marital Status
6. Your Direct Phone Number and Fax Number

I eagerly await your prompt response, so that I can send the CHECK PAYMENTS to you immediately. I appreciate your fervent dedication and your decision to assist me.

Thanks for your assistant and God bless,

Thanks for your assistance and God bless you for your anticipated dedication,
Director of SUS ART WORK INC,
Susan Baker.
London, United Kingdom.
Reply to …
<ADDRESS REMOVED>

The second one was considerably shorter, but tells much the same story. Pay close attention to the introductions. This one reads like someone took the previous letter, changed the names, and cut it down to half the length.

My name is David Arjen and I am an artist.I live in the United Kingdom,with my two kids,and the love of my life.I have been doing artwork since I was a small child. That gives me about 23 years of experience. I majored in art in high school and took a few college art courses. Most of my work is done in either pencil or airbrush mixed with color pencils. I have recently added designing and creating artwork on the computer.I have been selling my art for the last 3 years and have had my work featured on trading cards, prints and in magazines.I have sold in galleries and to private collectors from all around the world.I am always facing serious difficulties when it comes to selling my art works to people in the United States,some of my customers offers to pay with a UNITED STATES POSTAL MONEY ORDER,which is difficult for me to cash here in United kingdom.

I am looking an individual in the states who will be working for me and i am willing to pay 10% for every transaction,which would’nt affect ur present state of work,someone who will recieve payments on my behalf,from my customers in the states.These payments are in form of a money order and it will be made payable to your name, so all you need do is cash the money order deduct your percentage and wire the rest back to me via western union money transfer.

I want you to know that you will not be investing any money from you r pocket in this venture,you are to receive payments which will be sent by my customers to you via express mail.

If you are interested,endeavour to send your reply through my alternative e-mail address: <ADDRESS REMOVED>

Regards
David Arjen

I’m assuming the names are fictitious, given that the biographies are virtually identical.

Case in point: I did a Google search for the phrase, “nigerian scam,” and saw the following ad:

Wow, when they say, “Whatever it is, you can get it here.”—they really mean it!

Interestingly, if you search for “419 scam,” you get the same type of ad, but not if you search for “advance fee fraud.”

I tried a few random search terms, and from what I can tell, eBay’s ad shows up on many—but not all—two-word searches. I’m not sure what the pattern is, but I can’t imagine someone at eBay deliberately asked to buy ad space for some of these phrases.

But in a show of accuracy, if you search for “random stuff,” you’ll find it!

There’s only one problem. Since SpamAssassin and ClamAV do such a good job of catching the phishing scams before they reach my inbox, Thunderbird has yet to catch any actual phish. But there’ve been a lot of false positives. It’s hit LiveJournal reply notices, newsletters from IEEE and Golden Key, a Spam Karma notice from my own blog, and I’ve seen it on both outbid notices and updates to saved searches from eBay.

I found myself wondering just how Thunderbird’s phishing detection decides that a message is suspicious—and how to teach it that the next LJ notice isn’t a scam.

The Thunderbird support website doesn’t seem to have been updated yet. Most of the articles I’ve found only talk about TB adding the feature, not how it works. The best information I found was this Mozillazine forum thread, which included a link to the actual code that makes the decision, in phishingDetector.js. Thunderbird looks at the following:

• Links that only use an IP address, including dotted decimal, octal, hex, dword, or some mixed encoding.
• Links that claim to go to one site, but actually go to another. (Phishers do this to fool you into going to their site. Legit mailing lists sometimes do this with redirectors for tracking purposes.)
• Forms embedded in the email. (This explains the LiveJournal notices.)

It also appears to trap text URLs containing HTML-escaped characters, which explains the Spam Karma reports. In this case the report includes a spammer’s link with ​ in the hostname. The message is plain text, so Thunderbird leaves the entity as-is when displaying it…but decodes it when it creates the link. Result: a link where the text and URL don’t match.

The easiest way to prevent it from freaking out over the next message? Add the sender to your address book. I’m not sure that’s a great idea, since a phisher could guess which addresses you have saved and spoof them, but it’s at least simple. I guess I’ll find out whether it works the next time I get a reply notice from LJ. Update: Adding the sender to your address book doesn’t seem to have any effect.

Update 2 (July 12, 2006): The comment thread’s gotten long enough that I can see people might miss this, so here’s how to disable it:

1. Open Options or Preferences (this will be under the Tools menu on Windows, Thunderbird on Mac, or Edit on Linux).
2. Click on Privacy (there should be a big padlock icon).
3. Click on the E-mail Scams tab.
4. Disable the “Check mail messages for email scams” option and click on Close.

That’s it.

I’ve seen 419 scams with religious trappings for months. These are the usual “Help me smuggle $20 million out of my country” ploys with the added twist of “Oh, I’m a missionary” or “I’ll donate it to an orphanage” or “You can trust me, I’m a Christian,” usually tied to a middle-eastern nation where Christians are in the minority (because Nigeria is so passé). Of course the only thing the scammers really worship is the almighty X-MILLION US DOLLARS. It’s a cheap sympathy ploy, nothing more, made obvious by the fact that, well, it’s a scam!

Today I saw a new variation on that tactic: instead of appealing to Christians, this one was appealing to Muslims. It was all about some Muslim convert in Cuba who had been abandoned by his Catholic family and just needed to transfer $12 million out of the country… all sent from a UK-based email account.

On a side note, I’ve found myself wondering lately why so many of these seem to come from European ISP Tiscali, particularly Tiscali UK. (One came through yesterday with 119 copies of the standard footer!) I assume they must provide easy-to-get email accounts, or perhaps connectivity for a lot of Internet cafés. It also suggests that quite a few of these scammers aren’t anywhere near the (mostly) third-world nations where they claim to live.

Subject: Truth of the matter

Dear Sir,

This letter can only define Nigeria Scam, a.k.a. 419. If this mail look like scam to you delete it, we are looking for serious minded person.

As we all know, top officials do loot funds out of the country with non-residence foreigners. When they try and fail, the world hears it as fraud/scam, but when they go through, nobody or a newspaper writes it.

This trade is huge here and people are making lots of money out there in most foreign countries. Though the government are mapping out sophisticated strategies to checkmate unauthorized dealers. From the president to the cleaner in the house, they are all into this trade.

And so on.

This has got to be the most brazen variation I’ve seen — and the first one that admits what it is up front. Of course it goes on to try to convince you that no, this one’s the real thing, we’re only trying to cheat other people, not you, because you wouldn’t fall for that sort of thing, would you?

I’m trying to figure out whether the proper response to this is “WTF” or “O_o” or just “Unbe-flipping-lievable.”