Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - An oldie but a goodie - 419 Death Scam InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

An oldie but a goodie - 419 Death Scam

Published: 2016-05-16
Last Updated: 2016-05-16 19:09:16 UTC
by Rick Wanner (Version: 2)
1 comment(s)

Most of us know what a  Nigerian 419 Scam is and no doubt have received numerous emails from Nigerian Princes and others with large sums of money to give us.  But one of our readers sent along a variant of this that I had not seen in many years. This is what one of the ISC Handlers referred to in a diary post from 9 years ago as the 419 Death Scam. 

Below is the typical text of the email:

----------------

From: Serial Killer
Sent: Fri 5/13/16 6:29 AM
To: XXXXX XXXXXXX 

It's sad to inform you that this is how your life is going to end as soon as you do not comply. As you can see we are the members of the Deadly Networks in the world, which is responsible for the bombing of twin towers [ISO-8859-1?] in America on Sept 11th and the bombing of London transport services on July 7th (AL-QAEDA NETWORKS WORLDWIDE).

I do not have any business with you. I have been appointed to KILL you  and I have to do it as I have already been paid for that. Someone who you called your friend wants you dead by all means, and this person have spent a lot of money in this venture. This person came to us and told us that they want you dead and they provided us with your name, pictures and other necessary information we need about you.

I have ordered my men to track you down , these includes bugging of your phones with satellite tracking devices and they have carried out every necessary investigation needed for the operation. If you doubt this, am going to give you all the information about you given to us in your next reply so that you can believe me, and my boys are really on you.  I have instructed them not to kill you for now, that I will like to contact you and see if your life and that of your family is important to you. I notice that you are not guilty of the offence you are accused of, but am still contemplating on consideration. I called my client back and ask for your email address which I did not tell him what I want to do with it. As I am writing you this email my men are monitoring your movement.

Now do you want to LIVE OR DIE? Since all program has been made to kill you. Get back to me now if you are ready to negotiate with us to spare your life or not. We have been paid the sum of $5,000 (Five thousand USD) to carry out this operation and it is going to be swift. Failure to comply to this email, count yourself as good as dead

WARNING: DO NOT CONTACT THE POLICE OR ANYONE ABOUT THIS BECAUSE MY SPIES ARE EVERY WHERE. REMEMBER SOMEONE WHO KNOWS YOU VERY WELL WANT YOU DEAD! I WILL EXTEND THE EXECUTION TO YOUR FAMILY IF I NOTICE YOU TELLING THE SECURITY AGENTS. DO NOT COME OUT ONCE IT IS 8PM UNTIL YOU ARE READY TO NEGOTIATE WITH US. WE HAVE THE TAPE OF ALL THE DISCUSSION WITH THE PERSON WHO WANT YOU DEAD. YOU CAN USE IT TO TAKE ANY LEGAL ACTION ONCE WE REACH AN AGREEMENT.

GOOD LUCK AS I AWAIT YOUR REPLY.

-----------

I am trying to get a hold of the original headers to do more investigation, but I have informed the ISP that owns the return email address.  I do find myself wondering what segment of the population would fall for this?

Swa's advice from 2007 still applies today:

The best possible advice: DO NOT MAKE CONTACT. These guys will just spam you if you do not respond, once you respond they've spotted somebody who might fall for the scam and they'll be much harder and annoying to get rid of.
This is the classic "don't be the easiest target". 

This is becoming known as a "419 death threat", use that term when reporting.

How to report: 

  • contact the abuse contact of the reply mailbox.  Hopefully this will get the reply mailbox removed.
  • report it as an attempted scam with the appropriate authorities for the part of the world you live in.
        In the USA, from the FBI: "If you have experienced this situation, please notify your local, state, or federal law enforcement agency immediately. Also, please notify the IC3 by filing a complaint at www.ic3.gov."  In Canada they can be reported to the Canadian Anti-Fraud Centre

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: 419 death threat
1 comment(s)
Diary Archives