My Experiment with Scam Baiting

Posted by Sahana Sarkar at Jul 15, 2011 01:45 PM |
Today, as I am sure many of you have experienced, Internet scams are widespread and very deceptive. As part of my research into privacy and the Internet, I decided to follow a scam and attempt to fully understand how Internet scams work, and what privacy implications they have for Internet users. Though there are many different types of scams that take place over the Internet —identity scams, housing scams, banking scams— just to name a few. I decided to look in depth at the lottery scam.

Day 1: July 4, 2011

On July 4, I received a spam mail from Shell BP Manchester England ([email protected]). The e-mail informed me that my e-mail address had won a sum of $550,000 which was held on July 3, 2011 in England. In order to claim my prize the e-mail instructed me to confirm the receipt of the mail by submitting a few of my personal details to one Dr. Mohammed Al Maliki. This is an extract from the letter asking for my information:

Information Requested: 

  • Your full Name: 
  • Contact address: 
  • Your Telephone: 
  • Your Age: 
  • Your occupation: 
  • Your country of origin:

Congratulations.
Yours Sincerely, 
Mrs Roseline Lott
Shell Prize announcer, England.

Deciding to reply to the email and see what happened, I responded to Dr. Mohammed Al Maliki ([email protected]) with the information that the e-mail had asked, only I substituted my real information with the following fake information: 

  • Shaiza Sarkar
  • B-196, CR Park, New Delhi - 110019
  • 09916000603
  • 23 yrs old
  • India

To my surprise he replied to my mail the same day at 4:59pm.  In this mail he informed me that he had sent my details to Lloyds Bank who would be responsible for the payment of my prize. He asked me to inform him after I receive a mail from the bank. The e-mail contained a phone number for me to call.  I tried to call the number mentioned in the mail but there was no reply. 

Again to my surprise, I received a mail from Lloyds Bank at 6:58 p.m. the same day with a list of documents and details that I was supposed to send them to claim the prize money. Lloyds Bank had also attached a deposit certificate to ‘prove’ that Shell Petroleum Development Company had deposited the prize money in the bank. Below is an extraction of the e-mail I received from Lloyds Bank.
 
"FROM THE DESK OF DR. MOHAMED MALIK
REGIONAL CLAIMS AGENT, 
SHELL PETROLEUM INTERNATIONAL LOTTERY PROGRAM.
Regional Office:
St James Court, Great Park Road,
Almondsbury Park, Bradley Stoke,
Bristol BS32 4QJ, England
Contact: +447035974608
 “LLOYDS BANK PLC 
ADMINISTRATIVE HEADQUARTERS.
LONDON, ENGLAND, UNITED KINGDOM.
REF...FILENOS2345/LTB
 ATTENTION: SARKAR SHAIZA
  *REGARDING YOUR PRIZE FROM SHELL PETROLEUM DEVELOPMENT COMPANY*
PLEASE SEND US THE DOCUMENTS BELOW;
1. A CERTIFICATE OF AWARD FROM SHELL PETROLEUM CONTACT DR MOHAMED MALIK
2. A SCANNED COPY OF EITHER YOUR DRIVERS LICENSE OR YOUR INTERNATIONAL PASSPORT OR WORK I.D CARD.
3. A SWORN AFFIDAVIT OF CLAIM FROM THE CROWN COURT HERE IN LONDON,YOU ARE REQUIRED TO CONTACT [DR MOHAMED MALIK]YOUR AGENT FOR ALL THIS.
SIR PAUL WISCONFIELD.
HEAD OF OPERATIONS.
LLOYDS TSB BANK PLC
 

Nigerian Scam 1

Day 2: July 5, 2011 

The next day I informed Dr. Mohammed Al Maliki of the above letter from the bank, as instructed to at 8:58 p.m.  At 9:45 p.m., Dr. Mohammed Al Maliki emailed me back with the certificate of award from Shell Petroleum Development Company with my fake name printed on it. 

Though the first two documents that Lloyds Bank required me to obtain were standard enough, the turning point in this entire scam was the third document that Lloyds Bank asked me to acquire. The third document asked me to present a sworn affidavit of claim from the Crown Court in London. Following the instructions given by the bank, I again emailed Dr. Mohammed Al Maliki. He replied with instructions for me to contact Barrister Wilson Burrows (ESQ) of Wilson and Co. Law Chambers for this document. I tried to search for Wilson and Co. Chambers on the Internet and found that no company with such a name exists.

This is the certificate of award provided to me by Dr. Mohammed Al Maliki:

Nigerian scam 2

Day 3: July 6, 2011 

At 1:47 p.m. I mailed Wilson and Co. Law Chambers informing them about the sworn affidavit that I required in order to claim the lottery prize. The same day at 8:25 p.m. the Law Chambers sent me the following mail with an application form, and asked me to transfer 520 pounds through a Western Union Money Transfer to the Chamber’s Accountant Mr. Preston Doyle. I checked the address provided in the mail to see if it existed. The Google map showed that the given pin code “L14JJ”- London  - was a pin code for  Liverpool, Merseyside UK,  which is not London , and not where Wilson and Co. Law Chambers claimed to be based. Additionally, the Law Chambers attached a form for the affidavit in this mail.

Below is an extract from the email I received from Wilson and Co. Law Chambers:
“The Principal Attorney
Wilson and co Chambers
#18 Harms Road Manchester
L14JJ - London.
Supreme Solicitors, Principal Attorneys and Property Managers
Kind Attention: Client,
As stated in the attached form, the completed form should be returned with the Court Oath Fee. For further processing, see below fees;
Court Oath Fee:    250 Pounds
Attorney Fee:        270 Pounds
------------------------------------------
Total Fee:             520 Pounds
-----------------------------------------
To send this money, go to any WESTERN UNION MONEY TRANSFER OFFICE nearest to you and make the payment to the Chamber's Accountant - Mr. Preston Doyle with the following details -
Receiver's Name: Mr. Preston Doyle
Receiver's Location: London, United Kingdom.
Receiver's Address: #18 Harms Road Manchester, L14JJ – London
Amount: £ 520.00 (Five Hundred and Twenty Pounds)
Regards,
Mrs.Wilson Burrows(ESQ)
(Registrar)
Mrs. Ivon  Samuel (KBE) (Secretary)”

 
Nigerian Scam 3

Day 4: July 7, 2011 

After receiving the e-mail asking for a money transfer, I was curious and wished to probe more. Thus, I wrote to Wilson and Co Law Chambers and explained that  a Western Union Transfer was not available in my village. The same day at 6:48 p.m. the Law Chambers sent me a mail saying that the Honourable Chamber recognizes only Western Union Transfer as the safest mode for transactions. I did not reply to this mail, as I knew I would not be able to go any further with my investigation. Though I was disappointed because this was the end to my investigation into lottery scams, and I still had questions that I wanted answered, the last e-mail the Law Chambers sent me was very interesting. In the last email sent to me by the Law Chambers requested (in a very pushy tone) that I should not tell anyone about my prize money, and that it was in fact in my best interest not to tell anyone.

Below is the extract of this mail:

“So do not discuss your winning with anybody until your prize has been transferred to you. It is for your own good. And it is at that time alone that you can be used for advert purposes by our company. So the success of this transfer lies sorely in your hands. These are the exact words from the Director this morning.”

Regards,
Mrs.Wilson Burrows (ESQ)
(Registrar)
His Lordship, Justice Ivon  Samuel (KBE) (Secretary)

Day 5: July 8, 2011 

Originally I wrote to the Law Chambers telling them I did not have access to a Western Union for the purpose of seeing if they use other mediums to receive money. Surprisingly, at 1:47 p.m. Wilson and Co. Law Chambers emailed me. The e-mail said that they would grant me the privilege of using a direct deposit of the 250 pounds into their correspondents account in India. In the mail they asked me to confirm that I would use this method of payment, and that once confirmed, that they would furnish me with their correspondent’s account details. Interested, I confirmed. After my e-mail confirmation at 9:47 p.m. they emailed me the details of their correspondent in India. 

Below are the details of the account that I was supposed to transfer the money into: 

This is the account details you will deposit the money into:
Account Name: L. MOHAN SINGH
Bank name: HDFC BANK
Branch: DELHI
Account number: 0609190004391
Ifsc Code : HDFC0000609
Pan Card: DDMPS9075M

Day 6: July 11, 2011

I did not deposit the money (obviously) and I did not e-mail the bank or the Law Chambers, I did receive a mail from Wilson and Co. Law Chambers informing me that their reputable organization would not tolerate my laxity. Unfortunately, because I could not pay the fee to their correspondent and obtain the affidavit, I was unable to follow the scam any further.  Despite this dead end I was curious to know if they would provide me with the phone number of their Indian correspondent. Thus, I wrote them a mail to humbly apologise for the delay. I further asked them to provide me with the correspondent’s phone number claiming that the bank was rejecting his profile due to security protocols. 

Day 7: July 12, 2011 

The Law Chambers responded, informing me that they did not wish to give the correspondents number.  In their e-mail they made it quite clear that for online banking all that is needed is the IFSC code. Therefore, I had to stop here.

This is the extract of the mail they sent me when I asked for the phone number:

The Principal Attorney
Wilson and co Chambers
#18 Harms Road Manchester
L14JJ - London.
Supreme Solicitors, Principal Attorneys and Property Managers

Kind Attention: Client,
This Honorable Chambers is in receipt of your mail. It is very important for you to know that laxity will not be accepted anymore. For the online transfer of this payment, you do not need any phone number, all you need is the IFSC Code already supplied to you. Once more, the IFSC Code is HDFC0000609. That is all you need to make an online transfer.

While I stopped following the scam at this point, many people might have continued with the process without any knowledge of it being a scam. Thus, one should be very sceptical about individuals or organizations who ask for personal and banking information. 

Conclusions

In my experiment with scam baiting, I realized that:
  1. They introduced me to various parties to make this entire scheme look professional. I initially assumed that I would have to carry out the process with the Shell Petroleum Development Company alone.
  2. In the beginning of the experiment I initially thought the scam was about taking my account number and hacking into it. During my experiment I realized that the scam was not designed to make money by emptying my bank account, but instead was designed to profit off of the various admission fees such as the Sworn Affidavit.
  3. Due to the speed by which they were able to respond to my emails, I realized that they had pre-prepared fake documents – ready to send to anyone who emailed them regarding claiming the offered lottery prize.  
  4. Throughout all of our e-mail exchanges I noticed that the individuals behind the scam only used a G-mail account. Curious, I checked their IP address – hoping to find out more information and possibly track their location – but found that Google does not reveal senders IP address information (which is in fact a very good thing in terms of privacy protection!)  
For a detailed understanding of different types of scams visit here.

Document Actions

http://trailofpapercuts.wordpress.com/
http://trailofpapercuts.wordpress.com/ says:
Oct 01, 2011 08:00 AM
Shahana, your experiments with spam baiting made for an intriguing read. I have always been tempted to 'investigate' the nexus between legitimate manufacturing / service provider companies and the dime-a-dozen marketing executives that the former hire to disseminate promotional messages. Of course, the spurious side to this is spam, where customers and email users are sent hundreds of automated and unsolicited messages every day. The social side to this whole 'business' is that spam can be considered to be a barometer of sorts reflecting the collective aspiration of our society, what's currently trending in the gray underground... Barely five years ago, we used to be spammed with ads for pharmacological products, including pills and the ubiquitous Viagra. These pills weren't available over-the-counter and customer pill manufacturers found an easier way to push these drugs online. Today, it's about winning $500,000 and being willed an estate in the Cayman Islands by a Good Samaritan, or winning a lottery from BBC. It is this pursuit of desire that spammers play into, knowing full well that of the billions of people online, a good percentage dream of making it rich, quick. http://blogs.pctechmagazine.com/[…]/#more-609
Commenting has been disabled.