Nigerian scams are indeed getting smarter

A few days ago we posted about Nigerian scam that is trying to get smarter. I was saying that they are trying without success to avoid common mistakes which are being done by the other scam authors. Well, it happened sooner than I imagined: I’ve seen two emails today, both overcoming these problems in different ways.

1. Scam with text and image

Usually, the scam emails do not contain images because they are just too expensive to be sent. This is why most of the filters have a kind of whitelisting system in place which reduces the spam score if they encounter large pictures (for example >= 200KB) attached to a message.

In the plain text part they still make use of some known words, like “Dear sir”, “seek your assistance”, “business opportunity”, etc. So, this text is easier to detect as a scam but not trivial. Still even so, there is no “story”, which makes the email useless. The real story behind the scam is attached in a JPG picture with the size of exactly 200KB. Did the scammers know about this limit? Of course they knew because there are a lot of antispam tools which can be downloaded and they can test with them.

Fig. 1: The scam mails try to circumvent email filters by using image attachments with the "hole story".

Fig. 1: The scam mails try to circumvent email filters by using image attachments with the "hole story".

The text in the picture is a typical scam-text with references to real facts and so on. The email is sent via Gmail. Again, it is very unfortunate that Google doesn’t scan outgoing emails against spam, as they do for malware.

2. Bilingual Scam

This email is a 3K plain text message using the UTF-8 character set. Because of this, it comes encoded in base64. There are two text paragraphs in the body, the first one written in French and the second in English. They are different formulated, but basically they express the same idea: transfer of money to your account. There are some important differences between the two texts.

The English text is

  • making use of the word “millions” while the French one is writing the sum in numbers
  • not telling the story of the money, specifying a simple “lying dormant for eight years” when the French one is specifying that the money belongs to a dead relative of a customer of the bank.
  • using the first name of the women when the French one is using the formal addressing with the full name.

The subject of the email is written only in French. I assume that the reason for this is the fact that the email has been sent from a free email provider from France (ifrance.com).

Fig. 2: Another twist is sending bilingual scam mails.

Fig. 2: Another twist is sending bilingual scam mails.

Both messages show a very clear trend in the Nigerian scam business: They are adapting to the fast changing rules of the game. They have to do this because we are in a deep economic crisis and now is the perfect moment for them to recruit new “customers”. In such hard economic times people are more susceptible to this kind of methods of gaining easy money.

Never respond to such requests no matter if they are written in your language or not, how credible and how well documented they are presented.

Sorin Mustaca
Manager International Software Development