Nigerian Style Fraud Via Facebook

Edited 2020: Consumer Reports “archived” the articles referenced here when they stopped publishing Consumerist in 2017. Since they didn’t bother to put in redirects for their old URLs, the links have been broken for some time. Better yet, with the latest reorganization of this site, the internal link didn’t work because I didn’t bother to put in redirects either. Sad face. Now they all work again.

Since my Skype Fraud post is one of the most popular here, I thought I’d throw in a few references to some other similar tricks. This one is particularly funny:

Bad Luck Facebook Scammer, You Picked A Target Who Reads Consumerist with the wonderful phrase “Once I deposit the funds, you can print it out of any colour printer and it’s real money!”

Then there’s the original article referenced in the one above: Nigerian Scammers Break Into Your Gmail, Ask Your Friends For Money.

We can only hope that one of these days the scammers just go out of business because everyone has enough information to spot them and waste their time. Not likely, but one can hope.

Is the “Astronautics/astrospace” Definition of Professional in Wiktionary?

Possibly the Internet’s most valuable contribution to society is it’s ability to foster dialogue. Unfortunately that dialogue is frequently not constructive. Among the least constructive techniques is the “attack and run” method, because there really is no way to control another person’s ability to communicate. The attacked person merely opens another channel. This is a case in point.

Earlier today, the nameless writer behind a seemingly useful site,, known as “Astronautics” (formerly “astrospace”) on Twitter, decided to communicate information about a mail server security problem. He or she posted several tweets on the subject (many now absent). This is the remaining one:

Astronautics: JSC mail server may have been hacked. If you get an HSFNEWS email from NASA check that the urls in the email are not Chinese

Then some time later, this tweet:

Astronautics: I lost many followers making that public service announcement – it’s strange how so many people have no sense of duty.

I thought I’d offer an explanation. Honestly I thought I was polite:

alan_langford: @Astronautics You assume all your followers are affected and/or can’t recognize spam. You flooded twitter with what amounts to noise. Not good

Just in case, I added (fixed a typo):

alan_langford: @Astronautics I happen to think your “regular” feed is interesting enough to tolerate the odd lapse, but obviously not everyone else does.

The public response was:

Astronautics: I do my duty and make public service announcements. I make a difference. I will not bend to court popularity.

Which is all well and good, but it seemed to me that the author was trying to understand why many followers left, which is unrelated to one’s sense of duty. Maybe it was my sense of duty to try to offer an explanation in the first place. Then I got this rather shocking direct message:

DM from Astronautics: It is not a ‘lapse’ and I do not care what some loser like you thinks. I am a professional journalist with a sense of DUTY. Go to hell.

The individual subsequently blocked me, removing the opportunity to respond as well as depriving me of his “journalistic” feed and forcing me to respond in a public way. I suppose in hindsight that’s not much of a loss.

So here’s my response: this person is clearly using a definition of “professional” with which I am not familiar. Maybe I’m out of touch. If anyone has a link to a credible reference that lists name calling, not identifying yourself, and telling people to “go to Hell” as professional, please send it to me. Considering the increasing meaninglessness of “professional” when attached to “journalist”, I am now questioning the credibility of anything on this site. That’s too bad, because credible news on space and astronomy would have been a good thing.


Malware Injection: More Fun With Skype

Skype screen capture
Skype screen capture

This one probably isn’t new, but it’s worth noting. An associate recently got this bogus “security warning”. Appropriately named “irony”, the message warns the user that “Security Center has detected Malware” and directs the user to a site where they can download a patch. Click on the image for a full sized version.

The “patch” will install malware on the user’s computer. At least they can’t forge the link as belonging to Microsoft, but this could easily fool an unsuspecting user.

The Single Best Way to Bust a Telephone Scam

This is simple and effective. If you suspect that the company who is calling you is not legitimate, ask the caller for their web site address.

If the call is a fraud attempt, the “agent” probably won’t be able to give it to you. One of these things will happen:

  • They won’t “remember” it. For extra bonus fun, ask them if their sales manager knows it.
  • They’ll give you a legitimate site that isn’t theirs. Ask them to hold on while you pop it up. If that doesn’t make them hang up, ask them where the information relating to their offer is. They might tell you it’s an exclusive offer that’s not available on the web, but if the site has nothing that seems to be related to the offer, it’s a big warning that they’re not telling the truth.
  • They’ll give you a fake site that is theirs. This would be pretty stupid on their part, since it would provide the authorities with a path back to them. Do a search on the site to see what the world has to say about them. If they’re not in the search index, then the site was probably set up a few days ago. More sophisticated users can do a whois lookup on them… look at the registration date. Also if the site owner is masked for privacy, you can be sure it’s not a large established company. Either way, report the site to your local authorities as soon as possible.

These fraud schemes depend on leaving the smallest possible trail back to them. Legitimate businesses want to open as many possible channels of communication with their potential customers as possible.

So it’s as easy as this: no web site equals no legitimacy. Protect yourself.

Criminalize False Caller-ID Messages

Here’s a crime for modern times: make the transmission of an intentionally false Caller-ID message a minor criminal offence.

There’s an established mechanism for blocking identity through caller ID, namely the “Private Number” message. Therefore the only conceivable use of false information is to mislead the person being called. Most of the fraudulent calls I receive use bogus, rather than private numbers.

But what should the penalty be? How about something proportional to the impact on the victim? In and of itself, direct victim impact is pretty small, so how about three hours in jail per occurrence?

What, you say that’s ridiculously low? Well then how about this: mandatory consecutive terms, no concurrent sentences. Fraudsters have to make a large number of calls in order to find victims (see footnote). Three hours in jail works out to about a year for every three thousand calls. These guys need to make tens of thousands of calls a day, so in a month or so they could easily rack up a sentence in excess of their entire lifespan.

A slap on the wrist for people who flirt with the idea, major hard time for the fraudsters. Works for me.

Footnote: One operation I led on started with an automated dialler, transfered to a “qualifier” who made sure I had a credit card, and then transfered to a “closer”, who was none too thrilled when I finally admitted that I was deliberately wasting their time, eight minutes in.