A couple of days go, I received the following email from a college friend of mine who lives in Sri Lanka. It read:
I Hope you get this on time ?
Am sorry I didn’t inform you about my trip to Spain for a Program, I’m presently in Spain and I’m having some difficulties here because i was robbed on my way to the hotel and the thieves made away with all my cash, cell, passport and other document, presently i have limited access to internet, I will like you to assist me with a loan of ($4,100) to sort-out my hotel bills and to get myself back home,or any amount you can lend so i can make arrangements and return back. I have spoken to the embassy here but they are not responding to the matter effectively, I will appreciate whatever you can afford to assist me with, I’ll Refund the money back to you as soon as I return, let me know if you can be of any help. I don’t have a phone where I can be reached. Please let me know immediately.Regard
(Signed with my friend’s name)
I knew at once that this was a scam because I had read an article by James Fallows in the November 2011 issue of The Atlantic describing his own experience with it.
These scammers are quite clever. The sender’s name and email address exactly matched my friend’s information and I wondered how this scam would work since it seemed like the only way to contact him to send any money was by email and it would go to him. But I looked more closely and found that the “Reply to” address was almost exactly the same except for a single letter that would be easy to overlook in a quick reading. So if I hit the reply button, it would go to the scammer who would then presumably email back asking me to wire the money via Western Union, which seems to be their preferred carrier.
I also noticed that this occurred just one day after the reporting of the hacking of Yahoo email accounts and passwords and my friend uses that service, so I suspect that was the source of the problem.
A mutual friend of ours who got the same appeal tracked down the IP trail of the email and found that it originated in Nigeria, which explains the poor grammar of the message. This is a common feature of the people who run the Nigerian 409 scams. You would think that after all these years they would have hired someone to write correct emails. It is true that readers might make allowances for mistakes thinking that their friend is upset at having been mugged and stranded in a foreign country. But these errors are of a different kind and would have immediately raised suspicions in my mind even if I had not known about the scam.
A friend of mine in the US got a similar email a year or so ago, apparently from a friend of his stuck in London after a robbery. Of course it turned out to be a scam — my friend managed to contact the guy’s family, who confirmed that the email could not be from him.
I received one from a “friend” facing a similar situation in Spain. Her Yahoo account had been hacked.
I agree with you about the lack of English skills. With all the money these hucksters are making, one would think they would hire someone with better language skills.
With all the money these hucksters are making, one would think they would hire someone with better language skills.
There are actually people who do that for a living -- they write phish emails and scam letters, in proper English, for scammers who cannot, in return for a flat fee or a slice of the action. I’ve long wanted to write a short story about an English lit grad student with the skills of a Shakespeare, gone horribly wrong…
I got one of these last year. They are particularly spooky, especially since the English is impeccable, not like the usual word salad nonsense
People who fall for these scams are typically unaware that e-mail is insecure by design. The protocol does not provide any mechanism to verify that the sender is who they say they are. E-mail headers are effectively arbitrary and can be directly forged with typically no consequence at all to delivery.
There are a few ways to check whether an e-mail is legitimate…
1.) Contact the sender via a different communications channel and ask whether they actually sent this. (Probably the easiest method, especially for the lay people.)
2.) Use a challenge-response mechanism. Require that the person you’re communicating with prove their identity by supplying some form of information that only the two of you would know. Or similarly, a piece of information that only they know, but which you can independently verify once you have it. An automated way of doing this would be to use public key cryptography, but that requires parties to understand how to use it.
3.) Trace the entire transmission of the message, machine by machine, back to the real source. This can only be done with the co-operation of internet service providers on both ends, and is really only realistic for law enforcement.
Maybe these scammers are making enough money from badly worded emails that it isn’t worth their while to improve them. The fact that this stuff almost all these scams seem to originate in Nigeria makes me think that they might be boosting the Nigerian economy by now.
From what I know that’s pretty much it. It doesn’t take a lot of effort to actually send the emails, and only a small percent of them need to fall for it to be profitable.
I had one of these supposedly from my cousin and another purporting to be from a business colleague. There was one character difference in the email addresses which took me a minute or two to spot. Since they were both ‘overseas’ I advised them both to go to the nearest Consulate where they can get any emergency help they need.
The poor grammar is a feature, not a bug. It weeds out the well-informed recipients, ensuring that only ignorant people reply to the emails.
You’re thinking of a 419 scam. A 409 scam is where the Beach Boys challenge you to a drag race and you lose your car to them.
A couple of years back a friend of mine’s Facebook account was hacked and the culprit turned out to be British.
A scam letter in Shakespearian English – now that should be worth seeing! Actors are renown for falling on hard times, of course, so that could be a profitable line… (Not that I’m suggesting any such illegal, immoral and downright religious activity for real, of course, but some examples for fun might help to while away the hours, forsooth.)
I think everybody should check out the Scam Detector app. I believe they’re online as well.
and, the state of spelling and grammar is so much better in ‘certain’ english nations that it’d be easy to tell there’s something iffy?