The so-called "419" scam (aka "Nigeria scam" or "West African" scam) is a type of fraud named after an article of the Nigerian penal code under which it is prosecuted. It is also known as "Advance Fee Fraud" because the common principle of all the scam format is to get the victim to send cash (or other items of value) upfront by promising them a large amount of money that they would receive later if they cooperate. In almost all cases, the criminals receive money using Western Union and MoneyGram, instant wire transfer services with which the recipient can't be traced once the money has been picked up. These services should never be used with people you only know by email or telephone!
Typically, victims of the scam are promised a lottery win (example) or a large sum of money sitting in a bank account or in a deposit box at a security company. Often the storyline involves a family member of a former member of government of an African country, a ministerial official, an orphan or widow of a rich businessman, etc. Here is an example. Variants of the plot involving the Philippines, Taiwan, China, Hong Kong, Korea, Iraq, Kuwait, UAE, Mauritius, etc. are also known. Some emails include pictures of boxes stuffed with dollar bills, scans of fake passports, bank or government documents and pictures of supposedly the sender.
Back in the 1980s and 1990s (for this is nothing new!) the main vehicle for this scam were fax machines.
The victims are promised a fortune for providing a bank account to transfer the money to. Then - if they fall for the scam - they are made to part with thousands and sometimes hundreds of thousands of dollars in "bribes" for local officials or other "fees" (taxes, insurance, legal fees, etc) before the "partners" finally disappear without trace. Here are some typical examples of advance fee demands.
Sometimes fraudulent cashier's checks are issued to the victims, who are asked to wire funds for various charges after the bank says funds are "available" from the check, but before the check has actually cleared. Any transaction that involves cashing a check for a third party and then forwarding funds from it to another person you don't know is almost guaranteed to be a scam.
Fake lottery win: You won a lottery prize, but to receive it first you must pay various fees.
Company representative scam: Some company in East Asia, Europe or Africa needs help receiving payments from customers. They need to use your bank account for cashing checks and money orders sent to you. You get to keep about 10% for forwarding the funds by Western Union or MoneyGram. Later you find out that checks had been either stolen or counterfeit and you're suddenly tens of thousands of dollars in debt to your bank.
Dead foreigner scam: Some foreign owner of a bank account in Africa or Asia died without heir. If you pose as a relative, you'll get to keep a slice of this, but first you must pay various fees.
Unpaid contractor/Overcharged government contract: There's an unpaid contract with an African government. If you pose as the contractor, you'll get to keep a slice of this, but first you must pay various bribes.
Ex-kleptocrat scam: A family member of a former head/member of government somewhere in Africa or Asia has stashed away a few millions and seeks your help in moving it, promising you a slice of it, but first you must send money to a securities company or lawyer.
Murdered businessman scam: A family member of a rich businessman in Africa who stashed away a few millions before being killed seeks your help in retrieving the inheritance, promising you a slice of it, but first you must send money to a securities company or lawyer.
Zimbabwean farmer scam: A farmer or opposition politician from Zimbabwe has stashed away a few millions and seeks your help in moving it, promising you a slice of it, but first you must send money to a securities company or lawyer.
Dying widow scam: A rich widow is about to die from breast cancer and wants to give you millions to use for charity, but first you must send money to her lawyer.
Dying rich merchant scam: A rich merchant or oil contractor is about to die from cancer of the esophagous and wants to give you millions, but first you must send money to his lawyer.
Iraq scam: A US or British soldier in Iraq has come across money or gold that Saddam Hussein had stashed away. He/she seeks your help in moving it, promising you a slice of it, but first you must send money to a securities company or lawyer.
Yukos oil scam: Russian tycoon Mikhail Khodorkovsky has been arrested, but before that a few millions were stashed away. An associate seeks your help in moving it, promising you a slice of it, but first you must send money to a securities company or lawyer.
Diplomatic delivery scam: Some money or valuables which you have been promised in one of the above scam formats (fake lottery, inheritance, etc) will be delivered to you by a diplomat who travelled to your country, but first you must pay money to this person (by Western Union or in cash).
Rich investor scam: Some investor with lots of money wants to invest into your business or wants you to manage some funds but first you must send money to a lawyer to draw up a contract or set up a trust fund.
Loan scam: Some person in Europe or Africa will lend you money at favourable conditions, but first you must send money to their lawyer or bank.
Credit card order: Someone claiming to live in the USA or UK orders goods on a credit card and asks you to send them to Nigeria.
Oversized cashier's check: Someone wants to buy your car, bike, horse, boat, trailer, etc. and will send you a check larger that the sticker value, asking you to wire the balance to a "shipping agent" or some other person. Other examples include appartment or holiday home rental, purchasing land, hiring a wedding photographer, getting violin lessons, sending kids to a nanny, etc.
Money recovery: A law enforcement officer (in Nigeria, FBI or elsewhere) asks you to contact them about scammers you've been dealing with. They promise to help you recover your stolen money, but first you need to send more cash.
Wash wash / black money: Like "money recovery" this is not usually a scam format by itself but an element in a larger scam to maximize the amount of money stolen. You will be shown bundles of black paper the size of dollar bills, which is supposed to be cash promised in the main scam. Supposedly it was colored with black ink for security purposes and some special chemicals will restore it to its normal state and make the "money" usable, but first you need to send more cash to buy those chemicals.
ATM card payment scam This usually shows up as part of anther scam, such as a fake lottery or an "unpaid contractor" scam. You will be promised an ATM card via which you can withraw millions dollars (up to at several thousand dollars per day) at any bank worldwide, but first you need to send cash to have it mailed to you. If it arrives at all, it won't work (because there is no bank account, it's just a piece of plastic) and you'll be offered a replacement card, for a few thousand dollars more. Any money sent to the criminals by Western Union or MoneyGram is lost.
Job scams: You're being offered a well-paid job in another country, but you need to start very soon and before you can do that you need to send cash to a fake immigration official or lawyer.
Immigration scams: They're very similar to fake job scams. You're being told there is an easy way to immigrate to the USA or Canada (or some other country), but first you need to send cash to a fake immigration official or lawyer.
Here are some of the fake reasons given to victims why they should send money:
Legal fees: Many 419 scams involve a fake lawyer (usually a person who calls himself a Barrister or claims to work for a firm whose name includes the word "Chambers"). Beware of anyone using a @lawyer.com, @justice.com etc. free webmail account who gets introduced in such emails.
Insurance: Any lottery prize that is supposedly insured is fake.
Shipping: Real parcel services do not charge $800 and more for delivering a letter. Real lotteries don't ask you to contact a parcel service to arrange for shipping of a check or a winnings certificate that you will have to pay for.
Wire transfer charges: Real banks charge about $40 for an international wire transfer, not several $1000.
"Drug free certificate", "Anti Money Laundering certificate", "Terrorist Free Certificate": No such certificates exist in the real world. They are 100% sure evidence of a scam.
The people who receive the scam emails and fall for them often are not the only victims of the scam. We have come across a few cases where people who lacked the funds to cover the advance fee demands committed crimes to get money. They misappropriated often huge amounts from their employers, from charitable organizations they worked for or from other acquaintances they defrauded, hoping they would be able to repay them from the promised millions before anybody would notice. In this way one crime begets another.
Spam emails for advance fee fraud differ from "normal" spam in several ways:
Most "normal" spam uses bogus sender addresses. For 419 spam existing mailboxes at legitimate mail providers are used. When such mailboxes get cancelled for abuse, often similarly names mailboxes are created at the same provider. Most 419 scams originate from about a few dozen freemailer domains (netscape.net, yahoo.com/yahoo.*, tiscali.co.uk, libero.it, telstra.com, bigpond.com, indiatimes.com, 123.com (Chile), zwallet.com, fsmail.net, hotmail.com, etc., see addresses by domain). A small minority uses throw-away domains registered via Rediffmail, MSN (see example), XO/Concentric, Yahoo/Geocities or other webhosters (ns.sign-on-africa1.net) as the sender instead of a freemailer service, particularly for fake companies and fake banks (e.g. firstcapitalft.com).
Recently PHP-Nuke installations with a webmailer are abused for sending mail via a webbrowser. In these cases the sender addresses can be fake.
Virtually no effort is made to hide the source of the spam though technical means. These spammers rely on the lack of efforts by the respective providers to stop their abuse of the service. The spams often trace to servers based in African countries (Nigeria, Côte d'Ivoire, Togo, South Africa, Senegal, Cameroon, etc.) and are often routed through Europe, Israel, Australia or South America. Some "419" mails originate from Europe, particularly from the Netherlands, UK and Spain. This is untypical for common spams (Viagra, penis enlargement, etc.), which are often routed through China, South Korea, Brasil or Russia or are sent from hijacked servers (e.g. broadband hosts infected with stealthware) in the United States. The relative absence of common cloaking techniques on the sender side means that "419" spam can only be distinguished from legitimate email from Africa or Europe by analyzing the text of the message, looking for typical phrases and features.
Often the "419" scammers include phone numbers in the email, especially in fake lottery scams. Typically these phone numbers are in the Netherlands, the UK, Spain or in Nigeria. "419" scammers in the Europe tend to use mobile phones with prepaid phone cards. Country code 31 (0031 or +31) is the international country dialling code for the Netherlands. All Dutch area codes starting with the digit 6 are mobile phone numbers (e.g. 0031-630-835-750, +31-630-354-500). Nigerian "419"-numbers are either fixed line or mobile numbers (e.g. 234 8043281627, +234 1 4717291). The scammers there are part of or closely connected to the political and economical elite of the country. Country code 234 (00234 or +234) is the international country dialling code for Nigeria. All Nigerian area codes starting with the digits 80 are mobile phone numbers:
Nigeria mobile phone prefixes
Econet Wireless Nigeria Ltd
802
MTN Nigeria Communications Limited
803
Nigerian Telecommunications Limited (NITEL/M-Tel)
804
Globacom
805
The only other type of spam that tends to include a phone number is the fake "diploma" spam.
Most "419" spam uses plain text while most "normal" spam uses HTML.
Usually no domains are advertised as no websites are involved, except in some cases media articles about political events in Africa (the BBC website is a popular source) that are meant to give credibility to the background story. The initial communication occurs by email, followed by phone and fax communication.
The text of the messages varies very little. Often the message body or mail subject line uses all capital letters. In many cases the senders make religious references, such as belief in God or Allah.
Report the email to the abuse department of the domain used by the scammer (see abuse contact list). Normally you get the email address of the abuse department by changing the left hand side of the scam email address to the word abuse. For example, if the mail originates from [email protected] then write to [email protected], if it's [email protected] then write to [email protected], etc. Please quote the full text of the mail including message headers (in Outlook Express you get the full message source via Ctrl+F3; use cut+paste to insert that into your email). Even more important than sender addresses are contact addressed in the message body, such as "claims agents" of fake lotteries. Make sure you report these to the matching abuse department too.
If you have lost money you can report the case to law enforcement in your country (if you haven't lost money, law enforcement will not usually be interested at all). In the United States (and in most other countries), contact your local police.
US residents can also file a fraud report at the website of the Internet Crime Complaint Center (IC3).
If you need to contact law enforcement in Nigeria, the Economic and Financial Crimes Commission (EFCC), a body set up by the Nigerian government in 2002, may be helpful:
In most cases, law enforcement in your country will do very little once they have confirmed that the criminals are based in Africa. As long as international online fraud is considered a low priority item this situation will not change. The tide will only turn if the media create public awareness that international fraud is largely ignored by law enforcement even though it provides hundreds of millions of dollars in revenue to foreign criminal groups every year. It takes political will to change that. Write to your Member of Congress or member of parliament. Write to a newspaper or a TV station. Unless you complain about the problem it won't get fixed!
You can "ping" the scammer (bounce a message off his contact address to get him to reply) to give them work to do and to help provide evidence to us. Please use a disposable Yahoo email account for this.
You can get yourself a spamfilter. If you run a Linux-based mailserver you can use SpamAssassin, which recognizes many 419 scam emails.
Some people write to 419 scammers, trying to get them to exchange emails that ultimately lead nowhere, so the scammers waste time. It can be very entertaining :-) Just don't use your real name and use a disposable email account created for the purpose. Visit 419 Eater for examples and advice.
Most 419 scam emails contain phone numbers. When you call such numbers, please carefully check the time zone in Nigeria or wherever the criminals operate from. I am sure you would not want to accidentally wake someone at 3am, just because you got confused about the time zones ;-) Make sure you disable caller ID or call from a public payphone so as not to leave your home or office number on their mobile phone display. Calls to Nigerian mobile phones cost as little as €0.20/minute (US$0.25/minute) via SkypeOut. Be careful with +44 70 redirection numbers, they cost as much as US$0.90/minute, so keep it short.
Other people mail large files such as digital snaps to the contact addresses listed in the emails. This can fill up their mailboxes pretty quickly, preventing emails by potential victims from reaching the criminals. While it's quite effective, it also uses resources of companies who provide free email services, potentially affecting their other customers. It's vigilante justice. We don't condone it :-)
The following is a list of senders and domains received over the last couple of months. In some cases there are duplicates because we received more than one copy in our mailboxes.