Stupid FBI threat scam email

« previous post | next post »

I recently heard of another friend-of-a-friend case in which people were taken in by one of the false email help-I'm-stranded scams, and actually sent money overseas in what they thought was a rescue for a relative who had been mugged in Spain. People really do respond to these scam emails, and they lose money, bigtime. Today I received the first Nigerian spam I have seen in which I am (purportedly) threatened by the FBI and Patriot Act government if I don't get in touch and hand over personal details that will permit the FBI to release my $3,500,000.

I wish there was more that people with basic common sense could do to spread the word about scamming detection to those who are somewhat lacking in it. The best I have been able to do is to write occasional Language Log posts pointing out the almost unbelievable degree of grammatical and orthographic incompetence in most scam emails. Sure, everyone makes the odd spelling mistake (childrens' for children's and the like), but it is simply astonishing that literate people do not notice the implausibility of customs officials or bank officers or police employees being as inarticulate as the typical scam email.

The one I just received is almost beyond belief (though see my afterthought at the end of this post). The worst thing I can think of to do to the senders is to publish the message here on Language Log, to warn the unwary, and perhaps permit those who are interested to track the culprit down. I reproduce the full content of the message source below, with nothing expurgated except for the x-ing out of my email address and local server names. I mark in red font the major errors in grammar and punctuation, plus a few nonlinguistic suspicious features.

Among the nonlinguistic points, note that the alleged FBI officer Mark A. Morgan is in El Paso, Texas, but has sent his email from Japan, out of an account in the name of Aaron Smith, who has GOOD DAY set as his real name, and then gives a Vietnamese personal email address in the signature block. Agent Morgan mails not to me but to "undisclosed recipients", and gives a Reply-to address at rocketmail.com. Five different identities? The sender could hardly have advertised his spuriousness more clearly, short of including a header line saying PLEASE NOTE, I AM A TEENAGER TRYING OUT NIGERIAN-STYLE SCAMMING FROM A STOLEN JAPANESE ACCOUNT. I wish our parents and grandparents and technically uninformed friends could be taught enough to see inconsistencies of this kind as hallmarks of scamming; but the fact is that such simple giveaways are missed by most email users. Help them; they are in danger.


Return-Path: <AaronSmith@stussy.jp>
Received: from xxxxx.xxxx.xxx (xxxxx.xxxx.xxx [000.000.00.00])
   by xxxxx.xxxx.xxx (8.13.1/8.13.1) with ESMTP id r7IMenuA006628
   for <xxxxxxx@xxxxx.xxxx.xxx>; Sun, 18 Aug 2013 23:40:50 +0100
Received: from mogw0539.ocn.ad.jp (mogw0539.ocn.ad.jp [118.23.178.181])
   by dalziel.ucs.ed.ac.uk (8.13.8/8.13.4) with ESMTP id r7IMegJD024811
   for <xxxxxxx@xxxxx.xxxx.xxx>; Sun, 18 Aug 2013 23:40:49 +0100 (BST)
Received: from mv-osn-hkg004.ocn.ad.jp (mv-osn-hkg004.ocn.ad.jp [122.28.14.147])
   by mogw0539.ocn.ad.jp (Postfix) with ESMTP id 4A2912EC123;
   Mon, 19 Aug 2013 07:40:41 +0900 (JST)
Received: from vcshore.ocn.ne.jp (mv-osn-hkg004 [122.28.14.147])
   by mv-osn-hkg004.ocn.ad.jp (Postfix) with ESMTP id 5311672C1A3;
   Mon, 19 Aug 2013 07:40:09 +0900 (JST)
Received: from User (unknown [109.199.240.95])
   by vcshore.ocn.ne.jp (Postfix) with ESMTP;
   Mon, 19 Aug 2013 07:40:08 +0900 (JST)
Reply-To: <firstcontact001@rocketmail.com>
From: "GOOD DAY"<AaronSmith@stussy.jp>
Subject: Check Your Email and Respond within 48hours!
Date: Sun, 18 Aug 2013 23:40:39 +0100
MIME-Version: 1.0
Content-Type: text/html;
   charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20130818224009.5311672C1A3@mv-osn-hkg004.ocn.ad.jp>
To: undisclosed-recipients:;
X-Spam-Score: 5
X-Spam-Level: *****
X-Spam-Status: hits=5.326 tests=FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY version=2.64+local
X-xxxxxxx-Scanned: at xxxxx.xxxx.xxx
   with MIMEDefang 2.60, Sophie, Sophos Anti-Virus, Clam AntiVirus
X-Scanned-By: MIMEDefang 2.60 on 129.215.13.80
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
<FONT size=2 color=#000000 face="Arial">
<DIV>
Special Agent in Charge</DIV>
<DIV>
Federal Bureau of Investigation</DIV>
<DIV>Intelligence Field Unit</DIV>
<DIV>El Paso Federal Justice Center</DIV>
<DIV>660 South Mesa Hills Drive</DIV>
<DIV>El Paso, TX 79912 USA</DIV>
<DIV> </DIV>
<DIV></DIV>
<DIV>URGENT ATTENTION</DIV>
<DIV> </DIV>
<DIV></DIV>
<DIV>
I am special agent Mark A. Morgan, from the Intelligence Unit of the Federal
Bureau of Investigation (FBI). We just intercepted/confiscated,a parcel at
the united state courier parcel track unit and after cross examination we
discovered that the said parcel belongs to you and was scheduled be
deilivered
to your residents with your full information,we discovered the
parcel contained an ATM CARD valued US$3.5M as these fund are entitled to
you
, been Contract/Inheritance over due payments,packaged from the central
bank of Nigeria{CBN}.</DIV>
<DIV>
 </DIV>
<DIV>
Furthermore, after cross checking all the information we found in the parcel
backing you up as the beneficiary of the fund, it became known to us that one
of the documents is missing. This document is very important and until we get
the document, the parcel{ATM CARD} will be temporarily confiscated pending
when
you will provide it. The much needed document is the Diplomatic Immunity
Seal of Delivery Certificate (DISDC). This document will protect you from
going against the US Patriot Act Section 314a and Section 314b. This delivery
will be tagged A Diplomatic Transit Payment (D.T.P) once you get the
document.</DIV>
<DIV>
 </DIV>
<DIV>
You are therefore required to get back to me on this email
(intelligencefieldunitfbi@zing.vn ) within 72 hours so that I will guide you
on how to get the much needed document. Failure to comply with this directive
may lead to the permanent confiscation of the funds and possible arrest. We
may also get the Financial Action Task Force on Money Laundering (FATF)
involved if do not follow our instructions. You are also advised not to get
in contact with any Bank in Africa, Europe or any other institution, as your
fund are
here now in the United States of America.</DIV>
<DIV> </DIV>
<DIV></DIV>
<DIV>Agent Mark A. Morgan</DIV>
<DIV>Special Agent in Charge</DIV>
<DIV>Federal Bureau of Investigation</DIV>
<DIV>Intelligence Field Unit</DIV>
<DIV>El Paso Federal Justice Center</DIV>
<DIV>660 South Mesa Hills Drive</DIV>
<DIV>El Paso, TX 79912 USA</DIV>
<DIV> </DIV>
<DIV>
Email:intelligencefieldunitfbi@zing.vn </DIV></FONT></BODY></HTML>

If you are the real Aaron Smith at the real stussy.jp, or the real Mark Morgan in El Paso (the message seems uncertain about who is its sender), I'm sorry about all this; but there is nothing I can do about it: you are going to have a very bad day.

One other point: I am grateful to David Seidman for pointing out to me this lovely paper by Cormac Herley, which tackles mathematically the question of why a scammer would be so stupid as to write such an atrocious email, and even mention Nigeria in it. The answer is: to reduce the "victim density". He has to make sure that only the most utterly gullible and stupid recipients will respond. If we all wrote back to the scammer and he had to try and correspond with millions of us to see if we were going to supply the details he wants, his work would be unending and his profit would shrink to nothing. Strange though it may seem, the scammer's best interests are served if the email doing the phishing is ludicrously incompetent and transparently suspicious. He isn't after you or me; he's after the poor, lonely, gullible, housebound pensioner next door, the rare uninformed shut-in who has never heard of Nigerian scams and for whom the dream of a windfall will be attractive enough to justify handing over a bank account authorization password.



Comments are closed.