Thursday, March 13, 2014

SPAM Tennis Anyone?

By Michael Seese

Normally when I get a SPAM email, I share it in this space, give it the MST3K treatment, and move on. Also, since I work in infosec, I try to throw in a few helpful hints on detecting and investigating the email.

A few weeks ago, I got this rather mundane ploy.
 


A few noteworthy points:

- Though it's hard to see, the "From" ends with .br   That's the top-level domain code for Brazil.
- The "Reply to:" email address ends with .sg   That's Singapore. OK, he got that right.
- The email was sent to "undisclosed-recipients." Note the plural.

Initially, I discarded it. But then I got a notion to have some fun. So I created a fake email account using a free service provider -- in this case Microsoft -- and sent the following:

 Dearest Mr. Soon --
 
 Yes, this would be acceptable. Please to send all funds to
 the PayPal account associated with this email address.
 
 Best,
 DJ


Fans of revisionist literature may have picked up on my use of the dialect of Quadling Country.

He responded a little over 12 hours later. Naturally, his email went on and on. The germane points were:



Before the plane crash of Macedonia's President and his aides on February 26th, 2004, our client, Mr. Dimka Ilkovska-Boskovic, who was a member of President Boris Trajkovski's cabinet advisers, and also a business man, made a numbered fixed deposit for 18 calendar months, with a value of €105,000,000.00 EUR (One Hundred &  Five Million Euros Only) in my branch.


...
 

After further investigation, it was discovered that Mr. Dimka Ilkovska-Boskovic did not declare any next of kin in his official documentations including the paper works of his bank deposit. And he also confided in me the last time he was at my office that no one knew of his deposit in my bank. So, €105,000,000.00 EUR is still lying in my bank and no one will ever come forward to claim it. 

...


my suggestion to you is that I will like you as a foreigner to stand as the next of kin to Mr. Dimka Ilkovska-Boskovic, so that you will be able to claim the funds in question.


...


There is no risk involved at all in the matter, as we are going to adopt a legalized method and the attorney will prepare all necessary legal documents. Please endeavor to observe utmost discretion in all matters concerning this issue. Once the funds have been transferred to your nominated bank account, we shall share in the ratio of 60% for me and 40% for you. I have attached herewith a comprehensive detail of this business venture for your perusal in MS WORD.
As soon as I hear from you, I will go ahead to do the needful.


So I replied:

Hon. Mr. Soon --

To be certain, My name and address are:

Dmitri Jakov
100 Lihacheva str.
Kiev Ukraine 09355

But, since the banks in Ukraine are corrupt, please deposit all funds in my PayPal account, which uses the name dmitrijakov@outlook.com

Kindest,
DJ

 

(Yes, I intentionally gave my alter-ego a name which would make a teenaged boy snicker.)

He started asking for more (reasonable, if this were legit) info:

Before we proceed further, I will need you to re-affirm your full names, mobile number and a copy of any legal form your identification (Driver's license or International Passport). I hope you understand why I need all these, the money in question is huge, and I have to ensure that I know you well enough before I furnish you with all the details to execute this project. As soon as I get the above information from you, I will forward it to my hired attorney to commence the necessary legal paper works.
 

He also added a "security code," which probably is the "Unique Sucker ID" in his database.

NOTE: that for security purpose, I would appreciate that you input this code: [UOB-X1H] in all email messages directed to me.



I googled "Ukrainian passport," and actually found an image of a (I assume) real one. I copied down the number -- changing the last digit -- and sent that along with a phone number I found. If memory serves, it was the fax number of the Kiev Tourist Bureau.

Since we're now partners and buddies, he sent me a copy of his passport, along with a link to the website of his bank. (Suffice to say, I did not click on it.)





 















He looks pretty good for a 72-year-old, don't you think?

He asked that I reciprocate with my passport. I thought, Uh-oh. What do I do now? Then it hit me. Since he (obviously) isn't who (or where) he says he is, I can use that to my advantage. I replied:

 Mr. Soon --
 
 I have mailed a copy of my document via parcel post, with necessary expediency, to your attention at the bank's address.
 
 Please let's get started.
 
 DJ


Take that!

Later that day, he answered:

    I am glad to note that you are a noble and trustworthy person whom I can rely on to handle this transaction. I have received your ID and I want you to know that I have forwarded your data to my hired Will & Probate Attorney who will put together the perfected legal paper works to be sent to my bank for the release of the funds. This should take no longer than two working Days.


Wow! The Ukraine Postal Service sure is efficient! (And kudos on the proper use of "whom.") He also sent me a copy of my benefactor's death certificate:






I don't know about you, but it almost had me fooled. And you know, purple is a nice color for death certificate.

My "friend" is traveling now, and said he'd get back to me in a few days. I suspect that it won't be too long until he asks for the de rigueur "good faith" money from me. I have my initial response, which I'm sure is the same idea that everyone who reads about some poor soul falling for one of these scams has: "Why didn't you just say, 'Please take these funds from the €105,000,000.00 EUR. That should cover it.' " I'm sure he has a stock response. I've got a few of my own.

Stay tuned, crime stoppers!

2 comments:

  1. This is HILARIOUS. Holy crap, how mad will he be when he figures out that it's all fake!?! Ahaha!!!!!!

    ReplyDelete
    Replies
    1. I have something even better planned for the next one.

      Delete