Tuesday, November 18, 2008

Oh brother...another 419 scam

The 419 scam is also known as the Nigerian Letter Fraud and the Advance Fee Fraud. This posting from the FBI discusses this and other common e-mail fraud schemes.

Here we go again...

Yesterday I received a letter via e-mail from a sad sack called Mrs. Susan Morgan. Basically, she's a wealthy widow who lives in Kuwait (with an e-mail address from Yahoo! China and a mailing address from the Ivory Coast{Côte d'Ivoire}), and she's a born-again Christian. Apparently she's dying, and she has no heirs except her late husband's relatives. She doesn't want to leave the money to the late husband's relatives because they're heathens (my words, not hers). Well, it's my lucky day! She wants to leave her money to me (she thinks I'm a church) because she knows that I'll use it for Christian causes.

Scam baiting is a way that people try to scam the scammer by pretending to be a victim in order to waste the scammer's time or to gather information about the scammer so legal action can be taken.

The site 419 Eater contains accounts of people who engaged in scam baiting. Dateline NBC on US network NBC has done investigative pieces on Advance Fee Frauds by performing scam baiting.

I would think that by now, people would realize that these e-mails are ludicrous and they would either disregard the e-mails or (if they're in a playful mood) engage in a little scam baiting. Unfortunately, there are still people who let their greed override their common sense, as demonstrated in this recent story about a woman who lost $400,000 to scammers.

Why am I discussing this on a technical education blog? As an IT professional, you may have to play the role as "police officer" to your company's IT resources. In that role, one of your job duties will be to warn your user base of viruses, security threats, hoaxes, and e-mail scams. It may seem like it's a waste of time to send warnings about e-mail scams to your user base because most people would realize it's a scam, but the warnings are for those who will throw common sense out the window for an imaginary chance at the big prize.

Although you are doing someone a favor by warning them about potentially losing their money, you are actually practicing due diligence for protecting your company's IT infrastructure. Someone who's corresponding with these scammers (whether the person is making serious inquiries or if the person is scam baiting) using your company resources can put your infrastructure at risk since SMTP requests are traceable.

Note: When you tell your users to ignore the "advance fee fraud" e-mails, also tell your users not to engage in scam baiting using the company's resources. You don't want your servers and network clogged with traffic not related to work.

No comments: