A Fraud email Dissection, c/o Robert S. Mueller, III
I received an email today from Robert Swan Mueller, our current FBI Director entitled “RE:FEDERAL BUREAU OF INVESTIGATIONS SEEKING TO WIRETAP THE INTERNET”. Apparently, thousands of other people did as well.
I received a message with about the same theme from Henry M. Paulson, Jr., Secretary of the United States National Treasury a year or so ago as well. I sent that message to the FBI, and let them do their thing. From the headers on that message, it was sent from a Blackberry in Canada, my first Canadian 419 scam, eh? . Today’s message, which is quickly filling up space on Web Servers all over the planet began with the greeting:
|
WE BELIEVE THAT THIS NOTIFICATION MEETS YOU IN A VERY GOOD PRESENT STATE OF MIND AND HEALTH. |
Not what you would expect in email from an FBI director. Here’s the rest (and here is a reference to “Janet White from Arizona”, apparently on the radar before now).
I’m impressed, in comparison to most 419’s. Very polite, exceptional attention to client issues, assurances of a smooth transaction, even a warning to be skeptical of correspondence from scammers and especially others with more sinister objectives. Bonus points for the confidentiality notice. Official pictures, especially the crew just hanging out, and even the FBI emblem. International collaboration, communication, and exchange of information involving Egypt, the United States and others. Vendor neutral as well, using both aol and live.
The email address fbialertaction@aol.com looked official, and Government employees have been known to use free public email accounts for official business. The FBI address, even referring to the honorable J. Edgar Hoover, was correct. The National Bank of Egypt (NBE) is a real bank, in fact “the oldest commercial bank in Egypt, established on June 25th, 1898″ with a Main Branch located at 24 Sharif Street in Cairo. The phone number wasn’t the same as the main number for the branch, but was a number from Egypt. And there are many women named Janet White located in Arizona.
I decided to take a look at the message headers just in case it might not be from Robert S. Mueller III himself despite the authenticity.
The message originated from User unknown, IP address 196.205.200.188, location: Somewhere in Cairo, Egypt. Looking through the headers, the email passed through smtp21.orange.fr (France acting as an international mediator) and directly from there to Junk/Spam email folders throughout the United States.
Here’s where France stepped in and helped out with the transport:
domain: orange.fr
identified: N
holder: ORANGE (france holding)
address: 41-45, rue Romain Rolland
address: 92120 Montrouge
country: FR
phone: +33 1 45 29 81 93
e-mail: beatrice.leopoldfenu@orange-ftgroup.comregistrar: FRANCE TELECOM
anniversary: 14/06
created: 02/02/2001
last-update: 01/02/2008
status: ACTIVE
IP Address information:
inetnum: 80.12.242.0 – 80.12.242.65
netname: MAIL-ESSENTIALS-FRANCE
descr: Mail Essentials Project
country: FR
remarks: abuse@orange.fr
Below is some information pointing to User unknown, IP address 196.205.200.188, location Somewhere in Cairo, Egypt:
inetnum: 196.205.56.0 – 196.205.205.255
netname: LINKdotNET
descr: Link Egypt
country: EG
parent: 196.205.0.0 – 196.205.255.255person: Marian Badie
address: 3 mussadak st.
address: Dokki-Giza
phone: +2023367711
fax-no: +2023364910
e-mail: marian.badie@link.net
nic-hdl: MB3-Afrinic
The company that owns and operates that territory of the Internet is actually LINKdotNET.
Here’s a higher level profile (notice Mauritius east of Mozambique and Madagascar – click the link for the map).
Mauritius is really just a small barely noticeable island hundreds of miles east of Madagascar. And they have a Cyber Tower/Cyber City? Unless this is all wrong, the whole 196.0.0.0/8 network starts right there, covering a significant chunk of Africa and the Middle East.
In that territory, I’d expect to see Pirates, Giant Squid, Sharks about the size of a School Bus, and even Moby Dick – not an Internet Hub for an entire continent.
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 – 3rd Floor – Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
PostalCode: 0001
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NETComment:
RegDate: 1993-05-01
Updated: 2006-04-27
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net
OrgTechPhone: +230 4666616
OrgName: RIPE Network Coordination Centre
Address: P.O. Box 10096
City: Amsterdam
PostalCode: 1001EB
Country: NLReferralServer: whois://whois.ripe.net:43
NetRange: 196.200.0.0 – 196.207.255.255
CIDR: 196.200.0.0/13
NetName: RIPE-ERX-196-200-0-0
NetHandle: NET-196-200-0-0-1
Parent: NET-196-0-0-0-0
NetType: Early Registrations, Transferred to RIPE NCC
RegDate: 2004-08-30
Updated: 2004-08-30
So the trail is actually Mauritius (surrounded by Sea Monsters), Africa/Middle East, Amsterdam, France, and then US Spam/Junk folders.
Anyway, after reading the whole message, my first thought was simply “what’s that supposed to mean?”. A basic scam best practice is to clearly explain that the idiot/moron is getting something good, and what they need to do. On my 401K, there were allocation choices for Stocks, Bonds, Funds, but no option for the “3.5 Billion Dollar Egyptian Investment Deal”. The way things are now, there just aren’t too many Americans with heaps of cash ready to fly to Cairo and be swindled. But there are plenty who have $200 in cash, and a credit card just $500 short of being maxed out. And they won’t be coming to claim “that 3.5 Billion dollar thing I completely forgot about”. They’ll just start out by asking “hey, do you know where I can get a Job over here?”. In other words, don’t look for an organ transplant donor in a graveyard.
If you’re completely outraged by 419 scams and similar spam, remember that 99% goes straight to Spam/Junk. Then you can use the delete key, mouse, up/down arrow keys, etc. Keep in mind that the average Nigerian yearly income per capita is $330. Of course we like their oil production too. And from time to time, the ugly side of the disregard of human life in Third World countries comes out in reports like this one, and this. Maybe we shouldn’t complain too much or not at all.
