Snarky replies to spammers and scammers
- TAGS:419, 419eater.com, domain name, e-mail, email, enterprise, fraud, Nigerian, scam, scammer, spam, spammer, spammers
- IT TOPICS:Cybercrime & Hacking, Enterprise Apps, Government & Regulation, Internet, Security
This week on Security Levity, how some Internet users are fighting back against scam artists. This is a followup to two of my previous blog posts: about Nigerian 419 scams and Chinese domain registration fraud.
Â
1. Nigerian 419 scambaiting
In October, I talked about advance-fee fraud (or the Nigerian 419 scam). I didn't have space to talk about one of the funnier aspects of these scams, so let's do that now.
Scambaiting, as it's known, is a long and proud Internet tradition. In essence, it involves scamming the scammers. The idea is to waste these criminals' time and ill-gotten money -- playing on their greed in the same way that they play on the greed of innocent victims.
At its simplest, scambaiters try to persuade a scammer that the baiter is actually a likely victim. A bait often involves replying to a 419 come-on, pretending to be someone who's been taken in by the lies -- metaphorically saying for example, "Yes, I'm very much interested in receiving this inheritance that doesn't belong to me."
As the bait continues, the scambaiter will try to string the scammer along for as long as possible. Often this involves making the scammer send pictures of himself in compromising or degrading situations. Such pictures only go to illustrate how these scammers are blinded by their greed, in the same way that they hope their victims will be.
Scambaiters often hang out in Internet communities of like-minded people (or jokemen, as the scammers often call them). Major baiting sites include 419 Eater, theScamBaiter, and EMM. On these sites you'll find discussions of how to bait scammers, details of baits, both past and in-progress, together with audio, video, and photographs of known scammers.
Warning: much of what you'll find on these sites is rude, crude, and thoroughly not safe for work!
Lest we forget, scammers are criminals. Many are violent criminals. Do not try this yourself.
Some worry that scambaiting is unethical; that 'two wrongs don't make a right.' You must make your own mind up on this score. But consider that scammers usually start from a position that victims are fair game: baiters are merely playing by the scammers' rules. There's more discussion on this at 419eater.com.
Â
2. Fun with a domain registration fraudster
Last month, I talked about the Chinese fraudsters who are trying to con domain owners to register domains under the .cn country code as well as others. It just so happens that I've been in receipt of several of these scam spams recently.
For your amusement, here's one such conversation I had with a scammer (some details redacted to protect the 'innocent'):
Sent: Monday, July 06, 2009 5:56 AM
Subject: Commtouch---Intellectual Property Rights & Trademark Notice ( TO CEO & Principal )
Dear President&CEO,
We are a domain name registration and dispute organization in Asia, which mainly deal with the global companies' domain name registration and internet intellectual property right protection. Currently, we have a pretty important issue needing to confirm with your company.
On July 5, 2009, we received an application formally. One company named " HTMB Holdings Inc." wanted to applied for the domain names" commtouch.com,etc." and Internet Trademark "commtouch"Â through our body.
Now we are handling with the registration of these domain names and find that the keyword of these domain names and internet trademark is identical with your company's. So we have to confirm with you at two points:
1. If your company consign HTMB company to register these domain names and internet keyword, we will send application form to them and help them finish the registration at once.
2. If your company have nothing to do with HTMB company, they maybe have other purposes to register these domain names and internet keyword.
We haven't finished the registration of HTMB company yet, and we have postponed this application of this company temporarily already. In order to deal with this issue better, please contact us by telephone or email as soon as possible.
Waiting for your reply ASAP.
Best regards,
****
Director
------------------------------------------------------
Auditing Department
Tel:Â +852 2297-**** ( Direct )
Fax: +852-2297-****
Â
Pretty standard fare, by the looks of things. Can't find any references to this so-called holding company (except on an Indonesian forum, where some other prospective victim seems to be asking if it's a scam). I'm a bit too busy to play a baiting game, but how about if we were to scare him a little?
Date: 2009-07-06 11:41:14
To: ****
Dear Mr. ****,
Thanks for your email – it arrived in a perfect timing.
Last week we got a call from the Chinese Police Department of Shenzhen saying that they are investigating domain registration fraud cases and asked for our help as an internet security company.
Specifically they asked that we fax their Shenzhen office any details we have on such cases. I immediately sent them your email but they said they cannot find "HTMB Holdings Inc". Can you please send us more information on this company?
Any details on such other cases? If so – please forward them to me so I can send it to the Shenzhen police.
Many thanks,
Amir Lev
Â
I heard nothing for a few days, and assumed that my reply had scared him off. But, no, what's this? It's almost as if he's just emailing from a pre-prepared script...
Sent: Friday, July 10, 2009 4:38 AM
To: Amir Lev
Good morning :
About the dispute of your company's domain names and Internet trademark,we have not received a definite reply from you.
Now, I need to confirm with you if you want to register these domain names or give up. If you choose to register, we will send you the dispute application form. If you are not willing to protect these domains and internet trademark, you can choose to give up and we will complete their registration. Once this registration have been done, we will not bear any legal responsibility anymore as a domain name registration organization. Please send me an email to confirm that if you want to register or give up. Thanks for your cooperation.
Please get your decision ASAP, so that we can handle the next step.
If you have some other questions,please contact us as soon as possible.
Â
Hmm, he doesn't seem to have picked up on my veiled police threat. Perhaps it's too subtle for him? Interesting that he's changed domain names, though. Anyway, let's try and drive the point home...
Date: 2009-07-12 17:02:21
To: ****
Hello ****,
I consulted with the Chinese police office that approached us.
They recommend that you do allow HTBM to register the domain names they asked for and that you forward HTBM’s contact details and any other information to us (or directly to them) so they could follow up and approach HTBM directly.
Thanks for your cooperation,
Amir Lev
Â
Then, within hours, a reply. Looks like he's still following the script...
Sent: Monday, July 13, 2009 3:14 AM
To: Amir Lev
Dear Sir,
Â
HTMB is a HongKong company, I am sorry I can't provide you more information about them, cause registration in fair and just. I give you an advice, if you believe these domain are important for you, the only way is to register them in prior, if you are late, I can't do anything because they will put in application to many register institution, we inform you, but other institution may not, so they will register for Jinfeng company.
We had discussed the case about your company's domain names. You have never registered these domain names and internet brand, and I had told you that the domain name registration is open registration. The auditing period is coming soon. Have you made a decision? If you decide to protect these domain names. We will send the application form to you to fill in. If your company do not register these domain names, we will finish aforesaid company's registration within 3 workdays. HTMB company will become the legal owner of these domain names in the world.
Â
We had notified you, so we are not responsible for any dispute question about intellectual property right and trademark after they succeed in registering.
Â
If you have any further questions, pls contact us within 3 workdays.
Â
He really doesn't seem to get the message, does he? Interesting to see how these fraudsters play on their victims fears though. But I'm losing patience, so here goes one last try...
Sent: Monday, July 13, 2009 10:04 AM
To: ****
Hello ****,
As I said in my prior email: we are not looking to protect those domain names. We are now working with the Chinese authorities that are looking to solve internet fraud cases.
They suggest you let this company register the domains that they are asking for. I will ask the Chinese authorities to contact you directly as we have no direct interest in this issue now.
Thanks,
Amir Lev
Â
Unsurprisingly, I never heard from our friend after that!
Â
I want to make this an interactive place: where I can answer questions and cover topics that you suggest. Feel free to add comments and ask Amir!
Â
When he's not laughing at the antics of jokemen, Amir Lev is the CTO, President, and co-founder of Commtouch (NASDAQ:CTCH), an e-mail and Web defense technology provider. MORE...
Free Insider Guide