Aus Flag

Home    Victim´s Story   Fraud Prevention    Project GSO   Hall of Shame   LINKS  

Global Scambaiting Forum  










Help Prevent Consumer Fraud!

by Global Fellow Scam Baiters


How The Scam Works?

by Frodo (Australia)

If you're not familiar with 419 fraud, you may think an Internet scammer is just one man in an Internet Cafe, trying his luck with a cheeky grin and a letter he scribbled down in 5 minutes. In reality, the majority of successful 419 Fraudsters are part of international organised crime. Most of the gangs originate from Nigeria. Estimates vary from 150,000 - 250,000 scammers involved in Internet Fraud. Many of them use email harvesting software to steal email addresses from websites. They then send millions of scam letters to people around the world. The letters themselves are based on successful templates that are written by a smaller number of University-educated scammers.

The templates used by scammers are circulated amongst the gangs and are known as "formats", since each scam letter adopts a particular style. A scam featuring a widow of an assassinated dictator is one format. A scam featuring a dying man who wants to donate his fortune before he dies is another. Some formats play on sympathy by claiming to be gathering money for a church fund or to help sick children.

Fraud gangs organise into different groups and they specialise in particular types of scams. These types of scams are known as "levels". The "levels" hierarchy features a crime boss at the highest level and a scam worker at the lowest level. In a standard 419 advance fee fraud there may be 3 levels. (Though there are other levels.)

The 1st level:  is the "Format level" - usually run by low ranking scammers called "Guymen". It is the job of the "format level" to send out scam letters and "catch" the replies from anyone who falls for the scam and responds. Often they will reply to the victim's first email as a way to gather more information. Part of their job is to try to find out whether a victim is potentially a high payer or a low payer. These low-ranking scammers usually pretend to be Barristers so as to appear trustworthy. They use fictional aliases like "Martins" or "Williams" or "Smith". Email accounts that the scammers refer to as "catchers" are opened as a collection point for replies to scams... operating much like fishing nets.

The 2nd level:  is the "bank level", the scammer from the first level will instruct the victim that he needs to contact "the bank" to progress his claim to the fortune. The bank level is staffed by better educated scammers, frequently European based. Their job is to persuade the victim that they need to open an account in order to receive their fortune. This account could be at a fake bank website or simply a fictional account. The so-called "bankers" often ask for scans of passports, drivers licences, social security numbers and credit card details. Many victims happily supply any and all personal information requested. The info is requested more to verify that a victim is serious than for use in identity theft... but it does happen.

The "bankers" trick is to demand a fee for opening the account, usually in the thousands of dollars. Once the bank fee has been paid, the bankers pass the victims to the third level.

The 3rd level:  is the "security company". They usually outsource this role to fellow scammers who operate from a foreign country. An agreement is made between the scammers to divide the money taken from the victim. This split is usually on a 50/50 or 60/40 basis... though 70/30 is not uncommon. The largest share goes to the 2nd or 3rd level, rather than the scam worker who originally "harvested" the victim.

The 3rd level security companies usually operate from London, Amsterdam, Madrid or Toronto. Their job is to convince the victim to travel to a foreign country to "take delivery of the consignment". The reason it must be a foreign country is to complicate the jurisdictional issues relating to police forces, and to disorient the victim by taking him out of his native environment. Typically, the victim will have travelled to the foreign country for only a few days or a week. This reduces the amount of time they have to search for the fraudster if they should ever wake up to what is really happening.

The "security company" has the role of discussing the mythical "consignment". This fictional treasure is claimed to be either cash, precious metals or gemstones. This is where the "wash-wash" scam is used. Typically, a box full of what appears to be American dollars is shown to the victim. This money is blackened with a chemical to disguise the fact that only the top layer is real. The rest is blank paper cut to the same size & shape as dollar bills. The victim is told he will need to purchase a special chemical to remove the ink and thus make his "money" spendable. The scammers then charge a fortune for the special chemical. The victim pays and the scammers disappear never to be seen again by the victim.

In another twist, the victim pays and when the chemical doesn't work, the scammers launch a fake investigation into their own scam and charge the victim ongoing fees to fund their fake investigation... eventually claiming fake arrests and fake overhauls of their companies to reassure the victim that everything's back on track... Reassured, the victim starts paying again.
That just leaves the boss scammer to talk about... sometimes called "Chairman" or "Oga". Obviously he's in charge and allocates "jobs" to each format level scammer - known as a "Guyman" or "Guy". A "job" is their name for a scam that has hooked a victim who needs to be "worked". The boss also distributes "formats" to each Guyman and there is often specialisation - especially in the area of cheque fraud. eg. One guyman might be better at sending fake checks to automotive dealers, while another targets art dealers.

The boss scammer will coordinate the scams amd urge the scam workers to meet his deadlines. He decides how the takings are divided up. Sometimes the boss will "sit" the victim. Sitting means talking to them on the phone and using his powers of persuasion to build a rapport and encourage continued payments to be made. The boss will be more eloquent and skilled in improvisation. Sometimes a less talented guyman will appeal to the boss to make a phone call if they have a victim who's showing signs of waking up to what's really happening. The boss then smoothes things over.

The goal of all such scams is to ensure a regular income from the victim by getting him to pay and pay and pay... over a period of several years or more. At every stage of the levels I mentioned, fictional delays and hitches are introduced by the scammers, which can only be resolved by yet another victim payment. When the victim's money runs out, the scammers vanish. Each gang will have half a dozen or more victims being put through this process at any given time. This figure varies and may be much higer or lower, depending on how successful they are.

The larger gangs will run check fraud, online bank fraud, advance fee fraud and lottery fraud at the same time. In each fraud, a number of gang members become "actors" in that they play the roles of apparently unrelated individuals... assuming names and identities as the need arises. The aim is to weave a convincing illusion where each "actor" supports what is said by the others in the scam. In this way, the victim is tricked into thinking progress is being made - and will continue to pay the fees put in front of them.

Sometimes the victim will argue that they cannot make a payment... but the scammers show no mercy and demand their fees be paid. The cold-blooded way these gangs will take every last dollar from someone, regardless of how it may ruin them, is also typical.

After a period of six months to a year, wealthy ex-victims are often contacted by the same scammers. The scammers call these victims "old jobs". Their plan is to convince the victim that they are investigating the ones who originally cheated the victims... and thus begins another round of fake fees relating to this ongoing "investigation" by the same criminals.

I hope this article demonstrates how easy it is to be fooled by organised fraudsters. It's based on a similar article I posted in the Scampatrol forum at If any victims would like to discuss their experiences, please visit the above address.

by Lord Vader (UK)

Very elaborate description of their operations, but let me add a few comments:

2nd and 3rd level can't always be clearly separated from each other. Sometimes there is no more than 2 levels for a "job", as sometimes the people running the "security company" will also pose as the "bank director", depending on the nature of the format. Many scammers use multiple formats and thus have to play different roles, according to each format.

In many cases there won't be a personal meeting at any point, as they are considered to be quite risky as this exposes the scammers and the chance of a trap and arrest are much higher than for simply operating out of the anonymity of an internet cafe.

The "no meet" formats usually include the catcher level and the bank level, whereas the bank level scammers are the ones that operate the fake banks. The original catcher will usually play the roles of the person in need of help and their barrister.

After they prepare the victim (called "maga") they are handed up the line to the bank level. The victim will be required to set up a "bank account" at the fake bank, often having to pay between 5,000$ and 10,000$ to "activate" the account, which is then "credited" with the original sum as mentioned in the initial mail by the catcher.

Of course the money is never there, it is just an imaginary figure on a website. The problem is that many people have very limited knowledge of internet technology and they don't realize that the cheap, insecure java applet that they use to log into their "account" has nothing to do with the secured and encrypted login to their real online banking. It looks similar and that is enough for them to believe it is legitimate.

Once they access their "account", they will see the millions apparently waiting for them. This is where the real problems start. When the victim tries to transfer money out of the account, they will be told that the money can't be transferred before certain requirements are met. There will be certificates to be obtained, like a "drug free money" certificate (whatever that is supposed to be!) and a "anti-terrorist clearing certificate".

The scammers will come up with new requirements to be met as long as the victim is able and willing to pay and the fees will be higher and higher. When it finally dawns on the victim that they were duped, it is too late. Their money will be irretrievably gone.

by swamismurf

Not to be a rain on anyone's parade, but I have further information to provide.

One recent "invention" of the fake bank scammers is the use of SSL security certificate awarded by Thawte or Verisign (Similar to what online merchants use to handle credit cards securely, hereafter reffered to as the "Verisign Seal" or simply "Verisign") to lure victims into the belief that all transactions are legitimate and accountable. This couldn't be further from the truth.

There are innumerable combinations of this deception, ranging wildly in complexity:

1) "Simple Spoof" of the Verisign "lock" on the page, without any actual Verisign encryption being in place. This typically is used in the very low-end fake bank websites. This "Simple Spoof" is simply an image of a padlock, appreaing near the bottom of the page, designed to look like the "Secure SSL Connection" icon that appears in Internet Explorer (IE)'s window during "Secure Http connections" (HTTPS). One can distinguish between a real SSL connection and a "Simple Spoof" by noting that the standard location of thier SSL connection icon in IE or another browser differs from the position of the image on the webpage.

2) "Complex Spoof" of the Verisign seal and logo. Fake banks employing this technique typically abuse Verisign's logo, placing it in a prominent position on thier page to give the appearance of security. Additionally, the Verisign Logo has the added behavior of mimicing the real Verisgn Logo's coded behavior. The real verisign logo, when clicked upon, takes the user to a website showing the details of the Verisign seal awarded to the previous website. These details include whether or not the seal is valid and actually belongs to the bank. The fake seal is an mimiced copy of this real webpage.

3) "Phishing Spoof" of the Verisign "lock" using Javascript/ActiveX code. This trick is often used by Phishing scams mimicing real banks, simply due to the fact that most 419 Fake Bank designers are not as s killed in Web Design and Coding as the Phishing scamsters are. The trick employs Javascript or ActiveX code to replace the Address Bar as well as the SSL icon with phony data to both convince the victim of security and hode the actual location of the site.

4) "Generic" Verisign seals are often given out like candy to new domain owners by certain unscrupulous web-hosts.
These seals are generally awarded to the entire "family" of websites the Web provider hosts, and so and could both have the /same/ seal and /both copies/ would be valid. These seals are /real/ seals, and so your browser /will/ display the SSL secure connection icon!

5) "Real" Verisign seals awarded to fraudulent companies.
These represent the "pinnacle" of fraud. The 419eater and aa419 bank busters have come across this scam at least once. Verisign and Thawte both take pains to verify the individuals applying for a Verisgn seal are who they claim to be, however, the Verisign and Thawte companies are not infallable, and have awarded Versign seals in error to fraudulent companies.

With these 5 types of Verisign scams out there, how can one be reasonably safe from financial fraud on the internet?

NEVER take a Verisgn seal on it's word alone. Always verify that a truly secure connection exists whenever you enter personally identifiable information.

ALWAYS confirm that the details provided by the bank match those provided by the bank regulators in the bank's country of origin. Does the given contact phone number match that stored by the bank regulator? Is the mailing address the same? If these facts do not agree, then most likely, you are on a Fake bank website and it is advised you do not enter any of your personal details there.

And finally, NEVER put your money in a bank without a real "brick and mortar" address in which to direct your inquiries to, should you have any questions.

Advance Fee Fraud

With a Link Video Report by Netwerk TV
-  How Nigerian Scammers operated their frauds in Amsterdam

-  EFCC bust Nigerian 419 scammers

Many thanks for your contributions.

View: Scam Letter of Dr (Mrs) Mariam Abacha




© by GSO •  Contact