Nigerian Internet Scam - bibanon/bibanon GitHub Wiki
This article is concerns the dubious practice of moneymaking via Internet phishing.
Nigerian Internet Scams are a variety of e-mail phishing or fraud where you use a variety of fake e-mail addresses to extract banking information and other valuable nougats of interest from unsuspecting grandmothers. The basic practice is broken down into three basic steps:
- Accumulate e-mail addresses
- Spam a form letter asking for information based on a slightly plausible cause
- ????
- PROFIT!
This article will delve into not just Nigerian E-mail Scams but also some general phishing knowhow, I assume you know by now how to make a fake e-mail, and hide your hostmask and IP, but we will cover the basics just in case.
Generally this is a product of the third-world; namely Nigeria and the .RU internet wasteland.
Literally millions of these e-mails go out each day, and with somewhere around a 1% reply rate, this is an easy way to take your scamming and increase its productivity using the magic of the internets. Usually those who take on these efforts do so from the relative safety of a nutty African or Eastern European nation where they are safe from the laws of Amerikkka, but oh-so-vulnerable to the AIDS. Clearly this get rich quick scheme makes a great deal of sense when you have a lot of time on your hands, a third grader's grasp of the English language, and a Russian mob boss' boot on your neck.
The first thing to do in order to scam some grandmas and other internet washouts is to collect a list of e-mail addresses. sometimes these can be purchased cheaply, but these can also be snagged by hunting and finding a mass-mailer address. Colleges and some companies have these sorts of e-mails that can literally hit thousands in one send. Also never underestimate the power of information gathering. Try setting up a booth in front of your local safeway or other generic shop asking for people to sign a petition on saving cute puppies. collect names and e-mails, and maybe even signatures (which can prove useful later).
You will also need a slew of unused, unmarked, and vaguely official-sounding e-mail addresses. this can be accomplished by registering a bunch of shitty hotmail accounts with such usernames as "[email protected]" or some other kinda-real e-mail. You can also try to find an SMTP server that will allow you to peddle your shit through it, because that way you can falsify your headers and they can see the e-mail as coming from "[email protected]." You will need a scam. Remember this is a scam to take money from people, so you should try to give them a good reason to trust you.
Your typical Nigerian e-mail scam is something written by a monkey on a typewriter, since monkies type better than the nigras. They are full of massive misuses and abuses of the English language. You have some advantage here. Typically the letter will say you are representing some rich prince or businessman in Nigeria who needs a state side contact to help launder their blood money into a safe bank. They usually ask for your bank account and a bank account that they can add their money to, and then they promise to add a payment to you into your account. To do this they need full access to your account, at which point they take your identity and drain your bank account to the cayman islands. They then apply and get a whole slew of credit cards which are promptly drained to their cayman island account. You should have a similar story, promising a few thousand dollars in exchange for assisting you. You will need to ask for their name, address, phone number. After they reply as interested gain their social security number, mother's maiden name, and a bank account number to "deposit" to. Access to their electronic banking will make this process go much smoother.
You now can e-mail out your new form letter to thousands of unsuspecting e-mails. Most sane people will not even notice this e-mail and will not report it. Those who do will find that no one cares about phishers, and [email protected] will never get back to them, or even do anything to you. This is because after you send out the e-mail you will want to only use it until all ability to gain information runs dry. Some will reply if you send the e-mail to enough people. You may need to continue to keep the facade up to gain more information and to reel your mark in. Once you finally have what you want, act on the information immediately. You need to clean them out before they realize what they did or talk to anyone else about their new financial move. Saying things like "assisting my client in getting this money out is technically a crime, but our lawyers in the US will keep you perfectly safe" while promising lots of money will keep them from going to the cops.
Keeping separated from this crackpot idea is advisable. This means you should do things like never showing your face to the mark's bank unless you absolutely need to, never accessing your mark's online bank site from your home internet, and never draining your mark's bank account directly into your bank account. Ideally for the e-scam parts to this method one level of separation is fine. Accomplishing this is as simple as a cheap laptop and a park bench next to an insecure "SSID:linksys" network. Get a cheap 802.11G wireless card and surf away. If you're especially cheap, you can just get a PSP or other internet-enabled device. Those who enjoy posing CP to any chan should already be pretty familiar with this drill.
The banking separation is a little trickier. you want to have at least three accounts in addition to your own personal account. NEVER use your own name, usually for a few hundred dollars you can get the necessary documents for a fake identity (preferably of a dead man so that no one notices the credit irregularity) and create the accounts with those documents. At least one should be Swiss or Cayman Islands, and at least one should be overseas. You may choose to put money in your overseas account for safe keeping and schedule small thousand dollar payments every week to your bank account so as not to arouse suspicion. Be aware that suddenly moving 100 grand into your account when you barely kept a $200 balance will trip bank anomaly alarms. If the shit hits the fan and your scam gets big enough that you are being investigated, be prepared to simply dump all the stolen information and bank logins you have onto a slew of forums and sites so that a bunch of B&-year-olds can help cover your tracks and spread the cash.
Risk is minimal in this escapade, but it is illegal, so if you fuck up and register a bank account in your name, you will get caught. The Cayman Islands and Switzerland both will not give up any details so it is relatively safe to use your name, but you still shouldn't. Also US banking regulations have started to tighten down regarding "mysterious sourceless money" mostly because of drugs. Be prepared to have a backup story to account for this money, and remember that international business is your friend. if you say the money came from a sale of a property in Germany, and you can somehow validate this, the bank will probably believe your $300,000 one day transfer since they don't want to sort through five hundred pages of Deutsch-speak deeds to validate your claim. As long as no one doubts you and your business operates on a fairly predictable schedule like any other business, suspicion will be low.