March 24, 2005

1003 words 5 mins read

Phishing is fun!

I have an email address at yahoo, one which I have used for years (But still check from time to time) because all it does now it collect spam and other crap. Today I decided to log in and flip through the recent emails, I found two that caught my fancy. #1 was a paypal phishing scam and #2 was a 419 scam (nigerian money). In the body I included the text of the nigerian scan along with screen shots of the paypal scam. (PS. I do love phishing scams because I get to fill in crap data into their systems, makes them have to work harder digging out my info and getting the real sukers data – Especially when i hit submit 200 times or so)

Ahhh. Nigerian 419’s. So much fun. Sometimes I reply back and string them along for a while, but unfortunetly today I dont have time. Below is the text of the email I recived (email address included so everyone can spam them):

FROM THE DESK OF ALHAJI (Dr) SALIF DIALO

AUDITING AND ACCOUNTING UNIT.

BANK OF AFRICA (BOA).

OUAGADOUGOU BURKINA-FASO.

{WEST AFRICA}

ATTENTION REQUIRED: DEAR FRIEND,

I am ALHAJI (Dr) SALIF DIALO, the director in charge of auditing and accounting section in Bank of Africa ouagadougou-burkina faso in west Africa with due respect and regards I have decided to contact you on this business transaction that will be very beneficial to both of us at the end of the transaction.

During my investigation and auditing in the bank, my department came across a very huge sum of money belonging to a deceased customer, a foriegner who died on September 11, 2001 in the U S Trade Center mayhem and, the fund has been dormant in his account with the bank without any claim of the fund in our custody either from his family or relation before my discovery to this development. Actually, the late customer was a big merchant who trades on Gold, Diamond, Elephant tusks and crude oil from Africa to Asia and Europe and this money he deposites in our bank to pay for his purchases.

Although personally, I kept this information secret within myself to enable the whole plans and idea be profitable and during the time of execution ( Two is secret). The amount involved is $14 Million usd (Fourteen Million united states dollars).

Meanwhile all the whole arrangement and directives needed to put claim over this fund as the bonafide next of kin to the deceased, will be forward to you upon your acceptance. Information will be relayed to you as soon as you indicate your interest and willingness to assist me and also benefit your self to this great business opportunity.

In fact I could have done this deal alone but because of my position in this country as a civil servant,we are not allowed to operate a foriegn account and would eventually raise eye brow on my side during the time of transfer because I work in this bank. This is the actual reason why it will require a second party or fellow from a foreign nation who will forward claims as the next of kin with affidavit of trust of Oath to the bank and also present a foriegn account where he will need the money to be retransfered into on his request as it may be, after due verification and clarification to designated bank account.

I will not fail to inform you that this transaction is 100% risk free. On smooth conclusion of this transaction, you will be entitled to 30% of the total sum as gratification, while 10% will be set aside to take care of expenses that may arise during the time of transfer such as telephone bills etc, while 60% will be for me. Please,you have been advised to keep top secret as I am still in service and intend to retire from service after I have concluded this deal with you.

I will be monitoring the whole situation here in the bank until you confirm the money in your account and ask me to come down to your country for subsequent sharing of the fund according to percentages previously indicated and further investment, either in your country or any other country you may advise me to invest in. All other necessary information will be sent to you when I hear from you. I suggest you get back to me as soon as possible stating your wish in this deal and asking any questions that are not cleared by you for a good follow-up. Best regards,

ALHAJI (Dr) SALIF DIALO,

Alternative email:([email protected] )

Please contact me on this email id for more privacy.


Now for paypal. I’ll admit these guys did a really decent job pulling the fake. Of course I didn’t fall for it, and their address bar tricks didnt work for me (firefox 1.02) but it was entertaining. First thing is that the email looks authentic-ish – but as usual the text is poorly written. When you get to clicking the “link” (its actually an image) it brings you to what looks like a real login screen.

The part I liked about this login screen was the fact that if you didnt type in something looking like a valid email address (aka [email protected]) it would kick back – Nice touch. After “logging in” it would ask you if you wanted to buy several difference services, and tell you about intresting features and things. Then it would ask you to aprove the new changes to the paypal TOS (text galore). After all that is where it gets real fun.

They asked for all of the usual Phishing information. The part I really like was that they asked you for your credit card number, Verification number (3 digits on the back), Pin number and Bank Name. Wow. I’ve never had anything ask for my Pin number from my credit card – Mainly because most credit cards (mine included) dont HAVE Pin numbers. But oh well.