Monday, September 24, 2012

Scammers get personal with your friends

Like a efficient biological virus, spam and online scams continue to evolve and take on new forms that elude even the discerning person.
From: "Friends name"
Subject: "Vacation Problems..."
My Family and I are currently on vacation to Madrid (Spain),and we got mugged last night in an alley by a gang of thugs on my way back from shopping, everything i had on me including my cell phone, credit cards were all stolen,quite honestly it was beyond a dreadful experience for me but looking on the bright side  i was not seriously hurt or injured and i am still alive so that is whats important.

I've reported to the cops here and canceled all my cards,it appeared I had acted quickly enough or they almost would have succeeded in cleaning out my bank account. I'm really having some difficulties clearing my hotel bills and also need to pick up a voucher ticket at the counter for us to catch a flight back home in a couple of hours.

I was wondering if you could please loan me some money pending when i get things straighten out and I promise to refund as soon as we arrive home safely. All i need to get back is €1,300Euros.

Write me back and let me know how soon you can get it to us asap.

Your friend in the business
[my friends personal email signature]
Nigeria scam shirt from Deceptology.com
To be honest, my initial reaction was one of concern.  I'm not very familiar with my friend (more of an acquaintance) but it wouldn't entirely surprise me that they are on vacation and that this could happened.  Being a kind person and subscribing to the idea that I look for opportunities to deeply help my connections, I give it a thought.  Fortunately my better sense of suspicion sets in... so what to do?

Obviously I could just ask my friend if this is legit, but an email response only puts fuel to this fire.  I decided to play along to see how far this would go.  Here is a follow up response that the scammer sent me in another case:
I need a quick loan of $790 to get the Hotel bills settled and get a cab to the airport as soon as I get back home would def refund it back to you immediately...You can have the it wired on my name via Western Union.Here's my info below

Name: Daniel H***** Location:  63 Cannon Street
London, EC4N 5AA, UK

As soon as it is done, kindly get back to me with the confirmation number. Let me know when if you are heading to the WU outlet now???
In another case they tell me to wire money to a Western Union located in this dumpy looking neighborhood in Spain.  I suggest to help my friend by traveling out and getting them.  But after doing a little dialog, the scammer gives up or senses that I'm onto them and stops responding.

So how can you know for sure that this is a scam?

Fortunately most email service providers properly maintain the source IP address of the sending machine.  To view this, you must look at the raw original email message; in GMail do this by selecting "Show Original" in the message actions.  The raw message headers can be difficult to read, but look for something that looks like this:
Received: from [197.242.108.159] by web122905.mail.ne1.yahoo.com via HTTP; Sun, 16 Oct 2011 00:50:13 PDT
This directive identifies that Yahoo's mail server accepted the message to be sent via HTTP (web browser) from the IP 197.242.108.159.  You can run a reverse IP check at and it

The IP is delegated by Nigeria and currently allocated to a company called Cybercity Ebene on the African island of Mauritius.  So, unless my friend says that she being held as a Nigerian hostage, we can safely dismiss the authenticity of the message at this point.

WHOIS

I don't always dissect emails from my friends, but when I do.. I use whois.sc (aka domaintools).  Whois is a service that can retrieve information about the ownership of an IP or domain name.  It's very easy to type in the browser address bar, here are the two primary ways its works:
  http://whois.sc/[IP_address] i.e.: http://whois.sc/197.242.108.159
  http://whois.sc/[domainname.com] i.e.: http://whois.sc/esold.com


You just need to remember to use 'whois' and think about USC Football (my alma mater!)

Stay internet savvy my friends.

Share Links