Damn. Just as soon as I get rid of one spammer, another one comes along to take his place. Admittedly, this one isn’t “bulk-spamming” me, but wants to rip me off to the tune of several thousand pounds (and maybe my life) – if the Nigerian 419 spam is anything to go by. Yep, this one is also from Nigeria (even though it’s come from a Romania domain), but this one sounds slightly more convincing and even I had to take a second look at “Jerry Duruibe”‘s email…
The email was received to my main Yahoo! Mail account, but – unlike most spam – it was customised with my surname. Even though my name (and, probably, my Yahoo! mail address) are quite well known on the ‘net, I’ve [******] them out here:
From Jerry Duruibe Tue Nov 12 17:55:14 2002
X-Apparently-To: [******]@yahoo.com via 66.218.93.35; 12 Nov 2002 17:54:50 -0800 (PST)
Return-Path:
Received: from 193.230.240.30 (EHLO zerg.codec.ro) (193.230.240.30) by mta573.mail.yahoo.com with SMTP; 12 Nov 2002 17:54:49 -0800 (PST)
Received: (from httpd@localhost) by zerg.codec.ro (8.11.6/8.11.4) id gAD1tEr01965; Wed, 13 Nov 2002 03:55:14 +0200
Message-Id:
From: “Jerry Duruibe”
To: jerry.duruibe@email.ro
Subject: [******]Urgent
Date: Wed, 13 Nov 2002 03:55:14 +0200
MIME-Version: 1.0
X-Originating-IP: [216.139.170.12]
X-Mailer: freemail 0.9.8
X-User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6)
X-Organization: ASTRAL FreeMail
Content-Length: 938Attn: Mr.(s) [******],
How are you today?, I am barrister Jerry Duruibe a lawyer, and the
personal attorney and trustee to Mr. Albert [******], I believe a
relation of
yours, who used to work in several oil companies in Africa but finally
worked
with Santa-Fe oil exploration company, here in Nigeria. Herein after
shall be
referred to as my client. I am now contacting you based on the
desperate
situation to find a relative of his before properties of his will be
seized and
confiscated, I implore you try to understand the urgency and respond as
soon as
possible.On the 21st of April 1998, my client, his wife and their two children
were involved in a car accident with a stationary fuel tanker along
sagbama
express road in River State. All occupants of the vehicle burnt to
ashes. Ever
since then I have made several enquiries to your embassy to locate any
of “my
clients extended relatives this has also proved unsuccessful.After these several unsuccessful attempts, I decided to track his last
name
over the Internet, to locate any member of his family hence I contacted
you. “My client” left a lot of money in cash with a vault security
deposit
company as well as bought many other valuable properties worth millions
of
dollars.I have contacted you to repatriate his money and properties before they
get
confiscated or the security company declares the deposit unclaimed.
I have all documents to this deposit and property all I require is your
assistance to relocate especially his huge cash deposits.Your soonest response is anticipated.
Best regards,
Jerry Duruibe Esq.
jerry.duruibe@email.ro______________________________________________________________________
Do you want a free e-mail for life ? Get it at http://www.email.ro/
Now, if it didn’t address me by name I would have instantly binned it and reported it to Yahoo’s mail abuse team. But it sounds plausible (I am aware that I may have a distant relative called Albert), a search on Google for “Jerry Duruibe” doesn’t show anything up, AND it doesn’t have any signs of faked headers – so I gave it a second look.
But…
- It’s been sent from a free email address (see Email.ro)
- It mentions Nigeria (which should set off warnings for anyone that’s heard of the Advanced Fee Fraud)
- Doesn’t actually tell me any information about my “distant relative” (so I can’t correlate the date of birth with known records, or even see if I am related)
- It stops mentioning “my” relatives name after the first paragraph (indeed, the third paragraph has “My client” – include the quote marks!)
- Has reference to old events (1998 – he says he’s been trying to track relatives down since then, but I’ve been on the internet for much longer than that and I’m not that hard to find) – making it hard to find mention of the events on any news sites
- Expresses urgency (“before they get confiscated”)
- Doesn’t actually mention the value of the cash or property (except “other valuable properties worth millions of dollars” – so no exact figure, but enough to make “greedy people” accept the claim)
- Is vague how they found my details (“several enquiries to your embassy” – which embassy? And surely they would give my snail mail details instead of a seldom used webmail account that I’ve never used for sending out bound mail apart from to 3 friends?).
Most of that is just common sense checking – no technology involved. But let’s get a bit techy and do a search on the IP address shown at the top (most webmail systems now inject a line in the header reading “X-Originating-IP” to help track down spammers). Usually I would use SamSpade.org for this, but they have had to disable the lookup facility due to high traffic. But just download “SamSpade for Windows” from the same site and plug the IP address (216.139.170.12) in. We get:
whois -h whois.arin.net !net-216-139-160-0-1 …
OrgName: Pan Am Sat
OrgID: PNAMNetRange: 216.139.160.0 – 216.139.191.255
CIDR: 216.139.160.0/19
NetName: PANAMSAT-COM-2
NetHandle: NET-216-139-160-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.PANAMSAT.NET
NameServer: NS2.PANAMSAT.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-07-24
Updated: 2002-08-08TechHandle: ZP65-ARIN
TechName: Panamsat Corporation
TechPhone: +1-404-381-2828
TechEmail: DOC@panamsat.comOrgTechHandle: LV109-ARIN
OrgTechName: Villaroel, Lisa
OrgTechPhone: +1-404-381-2828
OrgTechEmail: DOC@panamsat.com
Which doesn’t really help. PanAmSat just resells connectivity via satellites to ISPs: whilst they are mainly based in the USA, they do have offices all around the world.
So is it real? Did I have a distant relative that was a millionaire and I stand to inherit it all (despite the fact that my still living parents would probably be first in line)? Let’s do a search on Google for some words and phrases that appear on the email. A search for “On the 21st of April 1998, my client, his wife and their” reveals two search results. Wow, it appears that there is also a barrister called “Samuel Savimbi” who had a client who used to work with “Shell Development Company” (mine worked with a poxy unnamed “Santa-Fe oil exploration company”) in Nigeria who died on the same date with his wife and their three children (one more than mine). Other people on the that mailing list also had similar emails from a Chuks C. Chukwuma (Shell, 3 children – but this time included the telephone number 234-803-3036332) and Chief Taye Coker (Shell, 3 children).
Another blogger received a similar email, this time from a “Olufemi Peters” whose client worked for Shell and died with (yep, you guessed it) his wife and three children on 21st of April 98.
So it’s spam. Question is – what do I do about it? I could just report it to the relevant people and let it go… Or I could wind them up… I’ll let you know what i decide and how I’ve done it 🙂
4 Comments
While tracking the user ” m u g u ” w/o spaces, your reference to Villaroel, Lisa caused google to point my browser to your excellent blog, and your efforts against spam/UCErs earns this newly blocked URI …
216.250.221.75 – [13/Jan/2003:16:35:53 -0600]
“Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit.”
– Chief Justice Berger, U.S. Supreme Court.
I’m a big fan of David Sorkin, for his good service of spamlaws.com, and make use of samspade and netcraft daily in my efforts; taking action often results in retaliation, but “zero tolerance” requires more than merely reporting their conduct.
Warmest Regards,
Daniel Adrian Keeney
Have just been introduced to your blog page it’s excellent. I will visit you again.
PS apologies for my ignorance what is BLOG an acronym for?
i do not understand what is this and why they keep sending e-mail scence 98 could u tell me the reason …
i do not understand what is this and why they keep sending e-mail scence 98 could u tell me the reason …
Comments are closed.