From: http://www.wired.com/news/business/0,1367,65631,00.html

quote:

---

09:50 AM Nov. 08, 2004 PT

A Sydney man was imprisoned for more than five years for duping people into sending him millions of dollars in a global internet ruse known as the Nigerian scam.

Nick Marinellis pleaded guilty in the New South Wales District Court to 10 counts of fraud for taking part in the scam promising people millions from Nigerian bank accounts in return for an "administration fee."

Culprits in the Nigerian scam typically present themselves as people who need access to a Western bank account in order to transfer a large sum of money out of a politically troubled country. They promise a cut of the money but ask for a smaller upfront cost before the larger sum can be transferred. Prosecutors said Marinellis fleeced his victims of AU$5 million ($3.8 million).

---

Read this article, and this one, to learn the basics of the current Nigerian counterfit check scams. The stand taken by most US banks, concerning counterfit Certified Checks, Cashier's Checks and Money Orders should be an eye-opener.

These people have created a website dedicated to exposing the email addresses used by Nigerian 419 scammers. The list is in a form suitable for use in email filters, to screen out these email messages from your inbox.

You can also Google for keywords such as: 419 scams, 419 scammers, overpayment counterfit checks, auction payment fraud, advanced fee fraud. You might find some comic relief from any frustration caused by these scammers by visiting 419eater.com, where potential victims reverse the scams against the scammers! These people are known in the anti-419 movement as 419 Baiters. (Proceed at your own risk)

I still urge you all to think about joining SpamCop as Reporting Members, where you can paste the source code (must include Headers and message body) of any spam or scam emails into a text input field, then have SpamCop process it and report the offenders to their ISPs and web hosts. SpamCop supplies a blocklist of reported spammers to many Internet Service Providers, and also makes it freely available for personal use as a Blacklist Check for programs like Mailwasher Pro, which I use to screen all incoming email. Ask me for details if you are interested.

Bobby D. Hunter
Hunting Slimeball Game

[This message was edited by Bobby D. Hunter on 09 November 2004 at 09:23 AM.]

After the source window opens you can use CTRL + A to Select All, then CTRL + C to Copy the selected text, and finally, you can paste it into either a new email to me, or paste it into the SpamCop Reporting textarea, by clicking in the body or textarea and pressing CTRL + V.

Outlook Express also has the means of forwarding an email as an attachment, which is the preferred method of insuring that the headers are delivered along with the message body. Plain Forwarding (using the "Forward" button) will strip the headers from the original message, making it useless for tracking purposes. By Forwarding as an attachment you save yourself the work of extracting the headers and pasting them into a new message.

To do this, simply right-click on the (un-opened) email in your inbox or other folder, and select Forward As Attachment. If your message is already open, click on the menu-bar item Message, then select Forward As Attachment.

Thanks again to all of the Forumites who are helping in the quest.

Bobby D. Hunter

[This message was edited by Bobby D. Hunter on 09 November 2004 at 10:45 AM.]

I use Mailwasher too and its great. Now, when I get a scam-email pretending to be Ebay wanting my personal information I just do a "Forward" to spoof@ebay.com

Could we do the same thing and just forward all this Nigerian stuff to you...or bOb (is that you? I usually delete those but would be glad to take them and send them to you if that's not risky. Thanks.

Okay, I've forwarded two of them, with many more to follow I'm sure. Now do I get compensated for missing out on all those millions in Nigeria?

Greetings and Compliments.

I strongly regret any inconvenience the receipt of this letter may cause you, bearing in mind the nature of its content coming from a person without any referral, but please read and assimilate its content and objectively consider if we can work together.

I am the head of the account department of a Private Bank in Netherlands and I would like to intimate you with certain facts that I believe would be of interest to you.

This involves a client who shared the same last name with you and had an investment placed under our bank\'s management years ago, the circumstances surrounding the investment made by this client who died interstate, with no known nominated successor in title over this investment made with the Private Banking Branch of my bank has made it very difficult to locate anyone who is directly related to the deceased.

With the very strong feeling that no one will ever come forward to claim the funds and the investigation coming to a close after several months, the need for an assistance becomes crucial, as a next of kin to the depositor is earnestly being searched for, I have already developed a foolproof, legal and totally risk free means through which the fund can be released to your
nominated bank account within a very short time after due documentation and authentication process.

The strategy is to use my position and influence as the Head of the branch and Personal Account office of the deceased to present you as a next of Kin and beneficiary of the deposit. I want to assure you that I have concluded all local modalities for the successful completion of this within 10
banking days of your agreement to proceed with me as the required assistance is perfected to be 100% risk free.

I expect your urgent response and if in the affirmative, I shall advice you on what we need to do.

Best regards,
Barry Douglas.

However, after receiving some outside 419 and ebay scammers' messages I was able to trace some of them to previously unknown satellite services who resell IPs to Nigeria.

Many more of these scam emails originate, or appear to originate in the Netherlands and Denmark, which is a bit of a problem since we have members in those countries.

I would really like to find out if any of our European members are using any of these ISPs:

• Tiscali BV (www.tiscali.nl),
  
• Easyway BV (www.easyw.nl),
  
• IMAGEDK (Tiscali Denmaerk A/S) (dk.tiscali.com),
  
• World Online Denmark A/S, in Frederiksberg Denmark,
  
• Concepts ICT BV (CONCEPTS-CUST-ADSL-DHCP) (concepts.nl), located at St. Ignatiusstraat 265, 4817 KK Breda, The Netherlands
  

If anybody knows of any SGF members using any of these services, please email me about it.

------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game

[This message was edited by Bobby D. Hunter on 18 December 2004 at 06:41 AM.]

.pif ??

Obviously I am not going to answer it.

I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.

Them Message was from "Mike Forst Talent Agency [mft1@msn.com]"

The Subject Line is "Thinking about A PEDAL STEEL GUITAR the ASSOCIATION"

quote:

---

I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.

---

quote:

---

quote:I'm using Outlook 2000 and I don't see the header/routing info referenced for Outlook Express.

Double click the message to open it in its own window. Then click View-Options and you can view the data in the "Internet headers" pane. You can copy that data and paste it into another email.

---

Thanks for that info Jim! I didn't know that.

David;
An attached file with a .pif extesion is a link to an executable on the sender's Domain, or to a file he is hosting on his own machine, with an ftp server to send it to you if you are foolish enuf to double click it.

Here are some of the hostile file extensions that I currently block from incoming email (there are others also):

• exe
  
• scr
  
• vbs
  
• com
  
• pif
  
• cmd
  
• cpl
  
• bat
  
• zip (I virus check these in case they are legitimate attachments I need)
  
• rar (I virus check these in case they are legitimate attachments I need)
  

You also need to look carefully for double extensions, with long spaces before the last one, used to try to fool people into thinking they are opening an image, when it is really an executable. Sometimes your default folder-file settings will hide extensions of known file types. This is a dangerous setting, because you may not see a .exe, or .scp extension that can cause you to be fooled into thinking the file is a harmless image or text file. I advise everybody to change that so all extensions are displayed, for all file types.

I hope this helps

------------------
Bob "Wiz" Feinberg
1983 Rosewood Emmons D10 Push-Pull, with 8 pedals and 9 knee levers, Wallace TrueTone E9 and Lawrence L-910 C6 pickups and aluminum necks. Nashville 400 amp with Peavey Mod. Emmons pedalbar mounted, and Goodrich LDR floor volume pedals.
I use and endorse Jagwire Strings and accessories.

Keep Steelin' but don't get caught!

[This message was edited by Wiz Feinberg on 19 December 2004 at 01:57 PM.]

It took my bank a couple of weeks to figure it out and get some news coverage to warn people.
I've also had plenty of similar emails since, usually from banks and institutions I don't deal with, some I've never heard of.
Lottery winnings to be claimed, that's another one.

However, the banning work is not finished. We have not discovered all of the IPs (Internet Protocol addresses) assigned to and being used in these countries and still need to be made aware when a scammer makes it through our defenses. New Skies worldwide Satellite Services, and certain Israeli, Norwegian and Danish Internet Services resellers are making even more IP blocks available to these Slimeball Vermine who sit in Internet Cafes and calmly scan the internet for forums and auction sites where people are hoping to sell their goods quickly.

As of February 14, 2005, I have still been receiving odd reports of Nigerian, and other African scammers attempting to rip-off members of the SGF who have posted items for sale on our forums. It is important that any member who receives what they believe may be a fraudulant offer to purchase their goods, should immediately forward that email to me, with the full incoming headers intact. Forward Inline with full headers displayed, or as an attachment with full headers.

quote:

---

See my posts above for details about displaying the headers and properly forwarding them to me.

---

By doing this you will help me to protect the steel guitar community (on the SGF) from being preyed upon by these vermine.

At this time I prefer to only receive forwarded messages sent to SGF members regarding items posted for sale on the SGF, not on eBay, or some other trader's forum.

If you are unsure of what constitutes an attempted scam offer to purchase, here are some clues (your milage may vary):

• Poor grammer and punctuation
  
• Abbreviated words, like "u" instead of "you," and "pls" instead of "please."
  
• Requests for "pix" or "pics."
  
• Odd usage of the name of the item you are selling, in the subject and message body.
  
• The persons claims to be in Great Britian, or is "out of the Country" on business, and will take care of shipping themselves (they have their own "shipper")
  
• They want to pay by certified check or money order, in an amount way in excess of what you are asking, and have you refund the balance via Western Union, or some other wire service.
  
• A friend, or customer owes them money, and he will pay you by certified check or money order (excess amount with refund expected), and pickup the item at your location.
  
• They claim that they have been looking for this item for months and want to buy it for their Son or Daughter, but are out of the Country temporarily.
  
• They ask if you ship to Nigeria, Sierra Leone, Ivory Coast, or some place in Africa, or South Africa, where your common sense tells you that there are no Steel Players or Country music.
  
• They want to know your "final price" and "its condition" along with a request for "pics."
  
• They have a strange name and sign the message, "Regards"
  

These are just guidelines. The actual words and phrases will vary, as will the ISPs through which they relay their scams. Outblaze and yahoo (us and uk) are commonly used, as are ISPs in Norway and Germany (where we do have members). Your job is to be suspicious and on the lookout, and report these activities to me. My job is determining if the message is a scam, then tracking down the perps and rendering them incapable of having further access to the SGF.

Please be aware that once they have obtained your email address they will still be able to contact you, to try to scam you again. They won't know about any new items you post for sale though. If your email address has been scraped by these Slimeballs they may try to sell it to other scammers, in which case you will get all manner of financial (419) scams and lottery spams. If you are being deluged with this kind of spam/scam email you should consider joining Spamcop, as a reporting member.

Keep Steelin' but don't get caught!

------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 15 February 2005 at 02:24 PM.]

---------------------------------------------

I am Trisha Emde from Belgium, I am interested in the
above subject item and will like to purchase it, if available for pick up.

Therefore, kindly supply the following informtion
for its purpose.

1. Brief Discription of its present condition with
picture(s) if available.

2. Bottom Line Cost of it without shipping cost.

Thanks for your co-operation, while awaiting for
your quick response.

Thanks,

Trisha

---------------------------------------------

As usual, if you receive such an email, forward it to me as an attachment, so I can track it using the headers info.

Thanks again, BDH

------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 18 February 2005 at 03:54 PM.]

Return-Path: 
Received: from [216.49.224.7] (HELO neo.ckt.net)
  by ckt.net (CommuniGate Pro SMTP 3.5.9)
  with ESMTP-TLS id 205615785 for xxxxxx@ckt.net; Fri, 22 Apr 2005 10:23:32 -0500
Received: from web41109.mail.yahoo.com (web41109.mail.yahoo.com [66.218.93.25])
 by neo.ckt.net (8.13.1/8.13.1) with SMTP id j3MEM8Wj011192
 for ; Fri, 22 Apr 2005 09:22:08 -0500
Received: (qmail 36672 invoked by uid 60001); 22 Apr 2005 15:23:31 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys 
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  b=21iAugMEqWxYK0+4xjJGOFHZX8TVZvVoQzAr7wt
Q6U7zmk5YGCk8Ye3osZ26cl3HQzM+5V5orWexjzt3lf
Io5LM4ojodJ2g/26JIGS8LV5i9YFX6RXstuuJgepakS
g7pkrAwBxoYohFfgg5NIuFVsuqbKv9LSjTQuJonda7S
FDU=  ;
Message-ID: <20050422152331.36670.qmail@web41109.mail.yahoo.com>
Received: from [81.199.85.91] by web41109.mail.yahoo.com via HTTP; Fri, 22 Apr 2005 08:23:31 PDT
Date: Fri, 22 Apr 2005 08:23:31 -0700 (PDT)
From: peter anderson 
Subject: price needed
To: xxxxxx
--------------------------------------------

Bobby D. Hunter
Hunting down Slimeball Game

[This message was edited by b0b on 25 April 2005 at 09:26 AM.]

To obtain a copy send me an email telling me who you are and what access you are allowed to control your server files. If it appears that you are able to apply my solution, and are Whitehat, I will send you a link to download the list from my server.

If you are a Webmaster, or own, or lease a server, and don't know how to install and test a .htaccess file, I can do it for you, for a small fee.

Addition of Sky-Vision.net Satellite Services to our Blocklist.

To all members in Europe, Africa, or Asia

As you all must know by now I am doing security for the Steel Guitar Forum, tracking down the Nigerian criminals (and others) who are trying to scam you out of your money and instruments you are trying to sell on our forums. Most of these scams involve overpayment with counterfeit certified checks or money orders, with you sending the cash refund to the scammer or his agent, via Western Union, to Nigeria.

In the course of this Hunt I have uncovered tens of thousands of Internet Protocol (IP) addresses from which the scammers send their emails to you all, and have applied them to a blocklist, which denies them further access to the SGF. The scammers seem to have gotten wise to this tactic and are beginning to use new sources of Internet Services to view the forums, to get around the Nigerian blockade. However, when I trace the emails you good folk have been forwarding to me, they almost all come from Internet Cafes in Nigeria.

In my efforts to block access to all of these low-lifes I have had to expand the reach of the blocklist to include entire Satellite Internst Services, the most recent of which is Sky-Vision.net. This company supplies millions of persons with Internet connectivity, in Africa, Eastern Europe, and parts of Asia. They are one of the main suppliers of Internet services to Nigeria.

I am posting this notice so that members living in Africa, Asia, and Europe can check with their Internet Service Providers to see if they are receiving their signal from sky-vision.net satellite services. If any of you are, you may find your access to the SGF blocked once the new list goes into effect. If you are blocked you should contact me at - wizardodelasteel@hotmail.com, using your regular ISP to send your email. I will read the headers of your email and poke a hole in the blocklist, to let you back in.

I sincerely hope that we don't block any of our members in Europe and chances are good that we won't. I just want you to be aware that it could happen, and give you the means of contacting me outside of the SGF, so I can allow your ISP back in.

There are literally hundreds of thousands of IP addresses covered by our blocklist, and it is growing every week. With your co-operation we can rid the SGF of these Nigerian scammers and any copycats who follow them. Please read my previous Posts in this thread to learn how to Forward As Attachment any scam emails you receive, to me.

Thank you all.

------------------
Bobby D. Hunter
Security for SGF
Hunting down Slimeball Game
Reporting member of SpamCop

[This message was edited by Bobby D. Hunter on 16 July 2005 at 02:03 PM.]

This new twist on the old kited check scam was just sent to several members of the SGF. It now involves "depositing" US Postal Money Orders in your bank, taking out 10% for your "commission," and wiring the balance of the money to Nigeria, as a favor to the sender, yada, yada.

I have traced the sender to Lagos, Nigeria. If any other members receive one of these please forward them to me as attachments, or copy and paste the entire source code into a new message and send it to me.

The original message is pasted below.

Hello Dear Friend,

Good day to you, my name is Susan Bryant,I am an artist with my husband James Bryant,and we are the owner of Sus Art World .I live in London United Kingdom,with my two kids, four cats, one dog and the love of my life my husband James Bryant. It is definitely a full house.

I have been doing artwork since I was a small child. That gives me about 23 years of experience. I majored in art in high school and took a few college art courses. Most of my work is done in either pencil or airbrush mixed with color pencils. I have recently added designing and creating artwork on the computer. I have been selling my art for the last 3 years and have had my work featured on trading cards, prints and in magazines. I have sold in galleries and to private collectors from all around the world.

I am always facing serious difficulties when it comes to selling my art works to Americans, they are always offering to pay with U.S POSTAL MONEY ORDER, which is difficult for me to cash here in London United Kingdom.

I am looking for a representative in the states who will be working for me as a partime worker and i will be willing to pay 10% for every transaction, which wouldnt affect ur present state of work, someone who would help me recieve payments from my customers in the united states.i mean someone that is responsible and reliable,cause the cost of coming to the untied state and getting payments is very expensive, I am working on setting up a branch in the state, so for now I need a representative in the united state who will be handling the payment aspect.

All the payments are in U.S POSTAL MONEY ORDER and my customers will issue the U.S POSTAL MONEY ORDERS in your name and post the U.S POSTAL MONEY ORDER to your doorstep, so all you need do is to take the U.S POSTAL MONEY ORDER'S to your bank and cash them, then deduct your 10% and wire the balance back to me. This business will not cost you any amount of money, my customers will send you the U.S POSTAL MONEY ORDER'S through a courier company and the courier company will deliver the package to your doorstep, as soon as you receive the package from the courier company, just take the U.S POSTAL MONEY ORDER'S to your bank and cash them.

If you are interested, please get back to me as soon as possible via mail:susanartworld_uk01@yahoo.co.uk

I shall be waiting for your quickly response, Thanking you in advance and God be with you.

Friendly
Regards.

Susan Bryant

Because Nigerians are now counterfitting US Postal Money Orders, I strongly advise SGF members who accept UPSP Money Orders to cash them at your local Post Office branch. Do not take them to your bank and deposit them. If they bounce you will have to pay penalty fees. All Postal clerks have equipment to check the validity of Postal Money Orders. If good they cash them on the spot. If forged they may be able to launch an investigation, provided you have the original envelope in which it arrived, if it came via US Mail. If it arrived by courier contact that courier and report that you were sent a counterfit monetary instrument through their delivery service. Keep the forged money order until you are sure that no authorities want to have it for evidence.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 19 June 2006 at 07:09 PM.]