Sponsors

Tuesday, September 29, 2009

Anatomy of A Failed Nigerian Email Fraud Scam







On Monday, September 28, 2009, I received an email from what first appeared to be a prospective client responding to my Craigslist.com ad for IT Services. It did not take long for me to verify that the individual on the other end was an Internet Cyber Criminal attempting to commit fraud, and decided that I would be their next careless victim. So to educate the public and to have a little fun, I put on my Information Security Professional hat and played along so I could write a really cool Clark Thought Leadership blog on Email Frauds and Scams.


Anatomy of A Failed Nigerian Email Fraud Scam

  Clark Thought Leadership Security Work Blog


9/28/2009 10:00 PM

Information Security Professional receives email solicitation from an individual responding to a Craigslist.com ad for IT Services. Information Security Professional performed screen captures of all email correspondence with solicitor to be used as evidence and saved in this blog. See below.

(To enlarge, click on image)





9/28/2009 10:02 PM

Information Security Professional performed a Google search of the following line contained in the solicitor's email: 
"I got your contact On Craigslist.org and i was just checking if you will be available to repair and install some applications"


Information Security Professional saved the information obtained by the Google search in a screen capture and saved as evidence in the blog. See below.

(To enlarge, click on image)


Information Security Professional inspected the web page of the first link retrieved in the Google search:

  • http://www.blackgate.net/blog/scam-warning-computer-repairer-installer-needed/.

 Information Security Professional observed that the web page link was a blog called Black Vituperative with an article titled:

  • Scam warning: “Computer Repairer & Installer Needed”.
After Inspection of the web link mentioned above, Information Security Professional determined that web link was a blog article warning about a particular type of email scam. Additionally, Information Security Professional concluded that the sentences from the inspected web page and the information in the email received by the solicitor matched and contained similar information.



9/28/2009 10:06 PM

Information Security Professional responds to solicitor's email.



9/29/2009 10:08 PM

Information Security Professional receives reply from solicitor. Information Security Professional inspected the email and determined that the solicitor replied using an email address, which was different from their initial email solicitation. See below.

(To enlarge, click on image)





9/28/2009 10:20 PM

Information Security Professional replied to solicitor in an attempt to have them visit the Clark Leadership Blog, which could be used as a detective control to potentially determine the solicitor's true location.

Note: The Clark Thought Leadership blog uses the StatCounter.com service to track Internet visitor statistics. The data stored on StatCounter.com is secure from unauthorized access. See below.

(To enlarge, click on image)






9/28/2009 10:25 PM

Internet Security Professional receives reply from solicitor acknowledging that they visited the Clark Thought Leadership blog. See below.


(To enlarge, click on image)


9/28/2009 10:21 PM

Information Security Professional replied back to solicitor quoting a price for their service request.



9/28/2009 10:35 PM

Information Security Professional receives reply from solicitor agreeing to the quoted price. See below.


9/28/2009 10:21 PM

Information Security Professional logged in to the StatCounter.com dashboard page to inspect the tracking information for the Clark Thought Leadership blog. Information Security Professional performed screen captures of the StatCounter logs and saved them to the blog as evidence. See below.

(To enlarge, click on image)
StatCounter Image 1


(To enlarge, click on image)
StatCounter Image 2


(To enlarge, click on image)
StatCounter Image 3




Information Security Professional created a table called Visitor Analysis and placed the StatCounter data into it. See below.


Visitor Analysis
Date
September 29, 2009
Time
10:21 PM
IP Address
41.189.0.139
Continent
Africa
Country
Nigeria
Region
Lagos
City
Lagos
ISP
Swift Networks Ltd.
Visitor Path
Julius-clark.blogspot.com


Information Security Professional created a table called Visitor System Specifications and placed the StatCounter data into it. See below.



Visitor System Specifications
Browser
Firefox 3.5
Operating System
Microsoft Windows XP
Monitor Resolution
1024 x768
Javascript
Enabled

  9/28/2009 10:40 PM

Information Security Professional received reply from solicitor agreeing to the price quoted. Additionally, the solicitor requested that my personal information was needed to send a Certified Check to me. See Below.

(To enlarge, click on image)



After Inspection of all the information contained in table above, Information Security Professional determined that the solicitor gave false information in the email about their location being in Panama City, Panama. Inspection by Information Security Professional determined that solicitor was operating from within the city of Lagos, Nigeria, which is located on the continent of Africa.


9/29/2009 2:56 PM

Information Security Professional performed a search of the Arin.net Who Is search database and performed a screen capture and saved it to the blog as evidence. See below.

(To enlarge, click on image)



Information Security Professional created a table of the Who Is data and the information for the scope of this blog into a table. See below.

ARNT.net Who IS Data of Email Solicitor
Domain
Afrinic.net
Registration Date
April 12, 2005
Registration Last Updated
May 5, 2009
Address 1
03B3 3rd Floor Ebene Cyber Tower
Address 2
Cyber City
City
Ebene/ Mauritius
Phone Number
+230 4666616
Email to Report Abuse
abusepoc@afrinic.net


Findings

After inspection of the evidence from above, Information Security Professional has determined that the solicitor is an Internet Cyber Criminal, who was attempting to commit a fraud for monetary gain. Information reported in this blog article will be reported to the proper legal authorities.



9/29/2009

Internet Security Professional reported the attempted criminal activity to the Internet Cyber Crime Center (IC3). IC3 is a partnership between the Federal Bureau of Investigations (FBI) and White Collar Crime Center (NW3C).


Note: IC3 was established as a partnership between the NW3C to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.


(To enlarge, click on image)

Enjoy,

Julius, MBA, MSIS, CISSP, CISA

Thanks to my boy Lawrence Belton, CISSP, for providing some Thought Leadership for this blog article!


Below is the email sent by solicitor in ASCII format



Greetings,

I got your contact On Craigslist.org and i was just checking if you
will be available to repair and install some applications on(13) PC ..
Get back to me for details if you'll be available.As soon as possible.


Thanks.


Kind Regards.




++++++++++++++++++++++++++++++++++++++++++++++++++++





Hello ,




How you doing?  


I read your description and i am highly impressed in your services,I have some Hp PCs(Intel Pentium IV) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance.(I will be providing the software needed).Below are the things needed to be done one on each laptops:


1 Format Hard Drive
2 Install Win Xp with Service Pack 2
3 Microsoft Office Package
4 AVG Virus Software (Free Lifetime Updates)
5 Adobe Acrobat
6 Laptop Cleaning of the keyboard, screen and other case.
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.


I will like You to know that my mode of payment is by US certified check mailed and address to you from my employer company since I am presently on a business workshop in Panama city,South American and i want you to know that i will handle the shipment myself since i have a shipper from the state here that will bring the laptops to your place,and will come pick them up as soon as you are done with them.


I should have make this a phone order but i have a network problem of where i am and my shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .


However,get back to me with your last asking price for the 11 laptops. I await your urgent response so that i can put the arrangement in order.


Thanks and hope to read from you soon.

2 comments:

  1. Really good post. Did not know about ic3.gov. This goes on my FB page today to help raise awareness.

    ReplyDelete
  2. Lorrinda, I appreciate the feedback and that you chose to share this blog on your facebook page to raise security awareness.

    ReplyDelete

Get Expert Advice!