Nigerian bankers are from China?

I just can’t help posting one more spam message here, as an example of how spammers run. This time, a very well-known Nigerian 419 spam message where the spammer is trying to collect sensitive information about those whom he’s spamming.

Interestingly enough, many people tend to share this information freely on the Internet already. With sites as Facebook and LinkedIn I would think spammers would not even need this information. Well, except for the bank account numbers, of course. And maybe the phone number.

So let’s look at this message, that seems to be Nigeria. Or China. Or Russia, if I read the mail headers.Nigerian SpamWell, what does it say? It’s about a contract or inheritance file that’s at some desk in Nigeria. I don’t have a clue what it’s supposed to do there, but they have it. Who? Well, The Central Bank of Nigeria, of course. (Yeah, that link goes to the real site!) It seems that I am dealing with some non-officials about this case and that’s supposed to be illegal. The Board of Directors held a meeting to give me a solution, though. They’re willing to pay me the $950,000.00 that’s in some online account which is supposed to be mine. I need to give some details to them which would allow me to log in to my account so I can transfer the money to a different account. And I must stop discussing about this with anyone else, so this post on my blog must be illegal.

Okay, I’m not stupid. The fact that Google dumped this in my spam folder is the first warning. The red warning above the post is the second warning. Even if I’m a complete idiot (and I sometimes am one) then these two warnings should trigger plenty of alarm bells, making sure I won’t respond to this. But I’m interested in the mail header too.

Nigerian Spam HeaderSure, first thing I’ve noticed is another warning: “domain of infocbn@cbn.com does not designate 178.75.0.110 as permitted sender“.

It was sent from Webasto, which happens to be a Russian company that creates air conditioning systems for automobiles. Maybe the Nigerian Board of Directors is in Russia?

And I need to send a reply back to an email address provided by the email services of the Chinese Yahoo website.

Also, even though they knew my email address (helpdesk@example.com), they did not know my name. Or anything else, even. But they seem to know that I’m dealing with non-officials, though.

So, am I dealing here with Russian Nigerians who live in China? Or Chinese Nigerians living in Russia? I don’t know. This is just spam and it’s too ridiculous to even consider believing it. I can’t understand that anyone would be fooled by something stupid like this, yet it happens. At least, it happens often enough for these spammers to continue their attempts. Just send a million of these messages and hope that an Idiot will respond to it. If one in a million people are idiots, they tend to have a reasonable chance of success.

Also interesting is the reference to CBN, which isn’t the Central Bank of Nigeria. It’s the Christian Broadcasting Network. Close enough, I guess.

The true Central Bank of Nigeria has an official warning about 419 scams on their website. A check with RobTex seems to confirm this site is the real website. The fact that it’s a .ORG domain still makes me a bit suspicious but fortunately, there’s also an official gov.ng site, which happens to be a bit slower. All this spam isn’t just annoying for me and other recipients, it’s also bad for the Nigerian government and their bank.

It amazes me that these Nigerian 419 scams still continue for more than a decade. Especially since these emails seem to be so extremely fake that I just wonder if people are just fooled by these spammers simply because they try to scam the spammers themselves. And in trying to do so, they just happen to give away too much real information.

The best response to these kinds of emails is to either ignore them or by warning others about these kinds of emails.

Blog spammers

I’m having a late lunch break and started to check all comments that needed to be moderated for my blog. And as usual, there’s a lot of spam between those comments! Fortunately, this blog is hosted by WordPress.com and they know how to detect those spammers easily! So all I have to do is empty the spam folder once in a while. It’s great! But just for the fun of it, let’s look at a few of those. 🙂

Yeah, there it is… My spam folder. I had 56 spam messages in it and was just deleting them one by one, since it’s fun seeing how spammers tend to operate. (And educational too.) But I decided at one point that it could be educational for others too, so here it is.

One thing you will notice is that most spammers will include hyperlinks to some other site. These could be malicious sites or just some obscure web shop that needs free advertisements. Most of it is in English, which makes sense since most of this blog is in English. But the Russian post in this list is noteworthy!

Another post I’ve noticed says: “Hi there would you mind letting me know which hosting company you’re using? I’ve loaded your blog in 3 different web browsers and I must say this blog loads a lot quicker then most. Can you suggest a good web hosting provider at a honest price? Thanks a lot, I appreciate it!” Definitely noteworthy since it seems to be a valid request. I do wonder why it’s considered spam. But I’m smart so I’ve Googled for that remark and it happens to appear on dozens and dozens of other websites, where webmasters have allowed the comment to pass their filters! That’s not a wise move since approving such messages means that the sender is often approved for sending more comments too. Allowing this message might mean that he will follow-up with all kinds of spam, probably trying to sell Viagra or penis enlargement herbs. So, it’s spam. The spammer tries some innocent-looking message just so I would let my guards down and approve him as a valid commentator. Well, too bad he did not fool the WordPress filter. (Most likely because they’ve recognized his IP address.) The blog he’s included in his profile is most likely just a random blog post that he misuses to make things look even less suspicious.

I also tend to get a lot of compliments from spammers, probably hoping to play with my ego and confusing me to allow those messages. Again, WordPress isn’t fooled by them! One such spam message said: “Hey there, just became alerted to your blog through Google, and found that it is truly informative. I will be grateful if you continue this in future. Numerous people will be benefited from your writing. Cheers!” which sounds nice. It’s linked to this post where I show a CGI image I’ve just created. Didn’t consider that post very informative, though. Just fun, and a follow-up on a earlier post that was more informative. The praise is nice, but just too generic to be considered real.

One more, as a comment on my post about Stupid Spammers: “In the event you suffer from any of these circumstances or injuries, it is worth taking the time to seek advice from your physician or physical therapist concerning the use of [SNIP! Spam-link!]” I don’t see any relation between this comment and the topic of my post, except that this too happens to be a dumb spammer. Many spam comments are like this. They are often not related to the topic you’re discussing or very generic by nature. When the comment isn’t on-topic, be aware!

Anyway, one thing that most of those comment spam have in common is that they’re trying to promote all kinds of medication. Then again, that’s also true for many normal spam. But if you want to fight blog spam in your own blog then make sure that any commentator is moderated for at least a month, or 10 comments, whatever is more. Be aware of  their posts and if those comments are too generic, it’s most likely that he commentator isn’t really reading your blog but just wants to get more rights to comment without moderation. (And once they can do that, they will fill your blog with a lot of spam, just before you’ll notice what they’re doing and can put a stop to them!)

Blog spam can destroy any blog, make them unreadable for the regular visitor while also helping spammers to have their spam be found by various search engines. If I would allow spam in my blog, people who would look for common words in my blog (CGI, Poser, Grepolis, etc.) will find my blog but when visiting it, they would see just spam. So, bloggers should have a very good reason to block blog spam, or else no one will follow their blogs…

Fighting spam

Spam is annoying us all and many people are looking for a solution that will reduce the amount of spam in their mailbox. Plenty of solutions exist, but I myself chose a very simple solution that will allow me to “name & shame” those companies that leak my email address to those spammers. And my solution also comes with a nice spam filter too, although it’s not free. I pay about 60 Euro’s per year for my solution, which is reasonable simple, provides me with web mail and a good spam filter plus nice, additional features that are very practical.

It starts by registering a domain name. In my case, it’s wimtenbrink.nl but for this discussion I will use the name example.com since this is a special domain name reserved for these kinds of examples. Registering a domain name costs between 5 Euro’s and 20 Euro’s, depending on your registrar. Since I live in the Netherlands, I chose VIP Internet to register this domain, since they provide me some easy options to set up my domain, allowing me to adjust several settings and changes I do to my domain name there are handled quite fast. Unfortunately, they’re also a bit expensive (EUR 19,95 per year) but they offer a good quality.

Next, I’ve purchased a Google Apps for Business account for my domain name. This is free for individuals and small teams but I decided to buy the more expensive package which costs US $ 50 per year per user. With just one user, this costs me $ 50 per year. And it removes the advertisements in my mailbox. Plus, my mailbox is 25 GB in size instead of the standard 10 GB for individuals.

Next, the technical part. You’ll need to connect your domain to your Google Apps account. This will require some knowledge and experience with the Domain Name Service of the internet, or short: DNS. Using the tools provided by your registrar you will have to set up Google Apps as your mailbox. This probably means that you will have to remove a few DNS entries and add a few new ones. This isn’t very complex but if you mess it up, your domain cannot be reached anymore. So, be careful, try to get some basic knowledge about DNS first. (Although you can always fix problems later.)

You can also connect more things from Google to your domain name. You could, for example, generate special URLs on your domain name that will point to your Google Calendar or your Google Drive. And Google provides plenty of other practical tools that you can use and connect to your domain, including the hosting of a few simple webpages.

Once you’ve connected both, you will have your own, personal domain name with a single email address. Let’s say you’ve registered example.com and your new address is admin@example.com. Your Google Apps account will provide you with a web mail interface that is very similar to GMail itself. But without the advertisements for me. But Google Apps will allow you do even more, like creating multiple aliases for your email address. In my case, I could create the alias wim@example.com and use that as a mail address that I share with friends and family. For companies, I generally create an alias on the fly starting with the name of the company and ending with my domain name. Thus, if I provide Microsoft with an email address of mine, that would be microsoft@example.com.

And yes, creating email aliases on the fly is simple. Someone asks for an address, I just think of some random code to put in front of the @ sign and then append my domain name. It does require me to do one more thing, though. I need to set Google Apps up to use my admin@example.com address as a catch-all for all incoming email addresses on my domain name. Once I’ve done this, it doesn’t matter what’s in front of the @ because anything will be sent to this single email address.

But how does this stop spammers? Well, it doesn’t stop them but it tells me where the spammer retrieved my email address. For example, my email address for LinkedIn was something like linkedin@example.com. However, earlier this year LinkedIn was the victim of a hacker who managed to collect a whole database from their user database, including a lot of email addresses. One of those addresses was mine. And when I noticed that I started to receive spam at linkedin@example.com I immediately realized that LinkedIn had a huge problem with their security. It gave me a very early warning and told me who was responsible for leaking my email address.

There have been more companies who have leaked my email address to spammers, but because those email addresses tell me which company leaked my email address, I can just change my address for that company to e.g. linkedin-2@example.com and create a filter in my Google Apps account which will just drop anything that is sent to the old email address. Thus, the spam is gone but my contact with the company is still available.

I still receive about 10 spam messages every day but the Google spam filters are excellent in recognizing them, although they do have the occasional “false positive”. Checking my spam filter is therefore still important. But those addresses that are ‘contaminated’ by spammers are just filtered away, thus keeping my mailbox very clean. Only drawback is that some spammers realize that my domain has a catch-all mail account and thus they make up random names to get past the filters that I’ve set up, only to be caught by the Google spam filter.

As I said, Google Apps is also available in a free version and registering domain names can be done a bit less expensive. Finding a good domain name to use for this purpose is a bit more complex though, and I was lucky that my name was still available for me. Other people who happen to share my name will have to look for something different. I’m just paying more because of some additional bonuses provided by my registrar and by Google, which I use a lot.