Sponsored by..

Tuesday, 8 April 2008

419 Scams and Social Engineering

One key element that scammers use when carrying out their business is social engineering. Usually, the approach is to make the victim believe that they are getting something for nothing.. it's even better when they can persuade the victim that the VICTIM is actually scamming someone else.

Take this recent example:

From: eze_john1@aol.in
Date: Tue, April 8, 2008 9:15 am

My Dear Friend,
This is to thank you for your effort.I understood that your hands were tied.But Not
to worry.

I have succeeded,the money has been transfered into the account provided by a newly
found friend of mine in Australia. To compensate for your past assistance and
commitments,i have droped an International Certifie Bank Draft cheque worth of
$1,200,000,00 for you.
I am in London with my family presently.I do intend to establish some business
concerns here,and possibly buy some properties.Contact my Secretary in
benin-Republic? job_mike20@yahoo.fron his email below ( job_mike20@yahoo.fr) Forward
my mail to him,then ask him to send the cheque to you.Take good care of your self.
Best Regards,

Even though the English is very poor, the concept here is a bit more sophisticated than your average 419 scam. The email has been designed to look as though it has been misdelivered in some way - so the victim thinks that this should have been sent to someone else. But there's a dangling carrot of $1.2m here, and some people will see an opportunity to try to bilk "Eze John" out of the money.

Of course, there is no money.. but there will be a whole set of mysterious "fees" and expenses to try to get the money out, that at least is standard for a 419 scam. The twist is here that the VICTIM is also attempting to perpetrate a fraud, and this makes it very unlikely that the victim will ever go to the police to report it. It is also possible that the scammer might try to blackmail the victim to keep it quiet.

This approach offers a great deal of protection for the fraudsters. The original email is rather vague and might not be obvious to law enforcement. And if anyone takes the hook, then the victim too appears guilty.

This attempt is a bit of a lame one, but a truly successful con artist can use these techniques with a great deal more polish. So although you would never follow up on a misdirected email like this, it is easy to see how people can fall for it.

No comments: