Home eLibrary Computing Nigerian 419 Scam
Nigerian 419 Scam
Thursday, 09 March 2006 00:00

The 419 scam also know as the Advanced Fee Fraud has been around for a long time now and it is still active (recently seen in Russia, Southeast Asia, Australia, and New Zealand, as well as the US).

 The number "419" refers to the article of the Nigerian Criminal Code (part of Chapter 38: "Obtaining Property by false pretenses; Cheating") dealing with fraud. The American Dialect Society has traced the term "419 fraud" back to 1992.

An advance-fee fraud is a confidence trick in which the target is persuaded to advance relatively small sums of money in the hope of realizing a much larger gain.

The 419 scam originated in the early 1980s as the oil-based economy of Nigeria went downhill. Several unemployed university students first used this scam as a means of manipulating business visitors interested in shady deals in the Nigerian oil sector before targeting businessmen in the west, later the wider population. Early variants were often sent via letter, fax, or Telex. The spread of email and easy access to email-harvesting software made the cost of sending scam letters through the Internet extremely cheap. In the 2000s, the 419 scam has spurred imitations from other locations in Africa and Eastern Europe.

Insa Nolte, a lecturer of University of Birmingham's African Studies Department, stated that "The availability of e-mail helped to transform a local form of fraud into one of Nigeria's most important export industries."

Here is a sample of a letter a victim may receive:

(Note: The letter that is sent is all in capital letters.)

LAGOS, NIGERIA.

ATTENTION: THE PRESIDENT/CEO

DEAR SIR,

CONFIDENTIAL BUSINESS PROPOSAL

HAVING CONSULTED WITH MY COLLEAGUES AND BASED ON THE INFORMATION GATHERED FROM THE NIGERIAN CHAMBERS OF COMMERCE AND INDUSTRY, I HAVE THE PRIVILEGE TO REQUEST FOR YOUR ASSISTANCE TO TRANSFER THE SUM OF $47,500,000.00 (FORTY SEVEN MILLION, FIVE HUNDRED THOUSAND UNITED STATES DOLLARS) INTO YOUR ACCOUNTS. THE ABOVE SUM RESULTED FROM AN OVER-INVOICED CONTRACT, EXECUTED COMMISSIONED AND PAID FOR ABOUT FIVE YEARS (5) AGO BY A FOREIGN CONTRACTOR. THIS ACTION WAS HOWEVER INTENTIONAL AND SINCE THEN THE FUND HAS BEEN IN A SUSPENSE ACCOUNT AT THE CENTRAL BANK OF NIGERIA APEX BANK.

WE ARE NOW READY TO TRANSFER THE FUND OVERSEAS AND THAT IS WHERE YOU COME IN. IT IS IMPORTANT TO INFORM YOU THAT AS CIVIL SERVANTS, WE ARE FORBIDDEN TO OPERATE A FOREIGN ACCOUNT; THAT IS WHY WE REQUIRE YOUR ASSISTANCE. THE TOTAL SUM WILL BE SHARED AS FOLLOWS: 70% FOR US, 25% FOR YOU AND 5% FOR LOCAL AND INTERNATIONAL EXPENSES INCIDENT TO THE TRANSFER.

THE TRANSFER IS RISK FREE ON BOTH SIDES. I AM AN ACCOUNTANT WITH THE NIGERIAN NATIONAL PETROLEUM CORPORATION (NNPC). IF YOU FIND THIS PROPOSAL ACCEPTABLE, WE SHALL REQUIRE THE FOLLOWING DOCUMENTS:

(A) YOUR BANKER'S NAME, TELEPHONE, ACCOUNT AND FAX NUMBERS.

(B) YOUR PRIVATE TELEPHONE AND FAX NUMBERS -- FOR CONFIDENTIALITY AND EASY COMMUNICATION.

(C) YOUR LETTER-HEADED PAPER STAMPED AND SIGNED.

ALTERNATIVELY WE WILL FURNISH YOU WITH THE TEXT OF WHAT TO TYPE INTO YOUR LETTER-HEADED PAPER, ALONG WITH A BREAKDOWN EXPLAINING, COMPREHENSIVELY WHAT WE REQUIRE OF YOU. THE BUSINESS WILL TAKE US THIRTY (30) WORKING DAYS TO ACCOMPLISH.

PLEASE REPLY URGENTLY.

BEST REGARDS

Needless to Say

If you ever see anything like this in your email inbox or through your letterbox you know what to do with it!
 

Latest Virus Alerts

  • Net-Worm.Win32.Kido
    Kaspersky Lab has detected that multiple variants of Kido, a polymorphic worm, are currently spreading widely.

    Net-Worm.Win32.Kido exploits a critical vulnerability (MS08-067) in Microsoft Windows to spread via local networks and removable storage media.

    The worm disables system restore, blocks access to security websites, and downloads additional malware to infected machines.

    Users are strongly recommended to ensure their antivirus databases are up to date. A patch for the vulnerability is available from Microsoft.

    Detailed descriptions of Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.dv and Net-Worm.Win32.Kido.fx are available in the Virus Encyclopaedia. A dedicated removal tool is available here.

  • Virus.Win32.Gpcode.ak
    Kaspersky Lab has detected a new version of the ‘malicious blackmailer’ Gpcode - Virus.Win32.Gpcode.ak.

    The new Gpcode variant encrypts files with extensions DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. on hard drives using an RSA algorithm with a 1024-bit key.

    After encrypting files, the virus leaves a text file in the folder next to the encrypted files with following message:

    Your files are encrypted with RSA-1024 algorithm.
    To recovery your files you need to buy our decryptor.
    To buy decrypting tool contact us at: ********@yahoo.com

    Currently, we detect the new variant, but we are unable to crack the 1024-bit key. Our analysts are continuing to work on both the key and the virus to resolve this issue.

    Kaspersky Lab recommends that all Internet users enable maximum protection from malicious code and network attacks on their computers, refrain from executing suspicious programs received from untrustworthy sources and back up any important information on their computers.

    Detection of Virus.Win32.Gpcode.ak was added to Kaspersky Anti-Virus signature databases yesterday, on June 4th, at 15:39 GMT. Please make sure to update if you haven’t already.

    If you have fallen victim to Gpcode.ak, try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine. Contact us by email stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected: which programs you have executed, which websites you have visited, etc. We'll try and help...

  • Email-Worm.Win32.Warezov.nf
    Kaspersky Lab has detected mass mailings of a new variant of Warezov, Email-Worm.Win32.Warezov.nf. At 8.00 Moscow Standard Time, 19 April 2007, 70-85% of the malicious content in mail traffic consisted of various forms of a new modification of Warezov - the Warezov.nf worm.

    A few hours before this point, there was a noticeable increase in mail traffic of an earlier modification of Warezov - Warezov.do which featured in the October 2006 Top 20.

    If you are using Kaspersky Anti-Virus 6.0 or Kaspersky Internet Security 6.0 with Proactive Protection turned on, new variants will be detected without the need to update your antivirus databases.

    A full description of Email-Worm.Win32.Warezov.nf is now available in the Virus Encyclopaedia.

  • Email-Worm.Win32.Warezov.mx
    A new version of Warezov, Email-Worm.Win32.Warezov.mx has been mass-mailed.

    The worm spreads as an attachment to infected emails. Once launched, it may terminate antivirus and firewall programs and download other malware.

    An urgent update to antivirus databases has been released.

    If you are using Kaspersky Anti-Virus/ Kaspersky Internet Security 6.0, enable Proactive Protection, and new variants will be detected without the need to update antivirus databases.

Related Articles

Shopping Basket

Your cart is empty

Who's Online

We have 7 guests online