Scammers often come crawling out of the woodwork in all sorts of places you wouldn’t necessarily expect. This is to their advantage when trying to keep suspicion in check; after all, we’re pretty much pre-programmed to think 419 scams will only wander into our inboxes.
Twitter, though? That’s a little different. Oh, and this scammer also wants me to adopt his pretend son in return for 60 million USD, just to keep things firmly in the land of “this can’t be happening.”
Our tale begins with a Twitter DM (direct message) from a sock-puppet account designed to look like a member of the armed forces. This is a common 419 social media tactic during times of natural disaster, as potential victims may be more inclined to believe the fake account really is part of a relief effort—and could you send that $100 via wire transfer a little faster, please?
Our fake army general here isn’t interested in natural disasters; he begins outreach with a quoted message from the Pope, and a request to send a mail about something important:
I fired off a missive and received a reply a few days later from a second email account:
Welcome my dear, I received your letter and well understood by me, Due
to my present condition i am not available to care for my Son, and i
don’t want him to grow up in my family home, Now am facing medical
treatments which i never know if i will get feet from it, I want you
to take good care of my Son , in this case i directed you to receive
the sum of $60 Million usd from Africa development bank of Togo, so
that as soon as the funds entered into your account my Son will join
you. 13 years old boy. dearest I want you to keep this within you to
protect the project.
I will give you full contact information of the bank where the funds
deposited so that you will contact them and have to transfer the funds
to your account.
Provide me your personal details address and i code of your id card,
as i received it i will forward it to the bank and instruct to conduct
the funds to your account.
Best regards I expecting urgent reply as possible as you receive the message.
Yes, they really are offering to send me a 13-year-old. Hopefully not one of those really grumpy ones.
Now, this is pretty unusual as far as 419 scams go, so I had to dig into it a little more. Wasting the time of 419 scammers while waiting for email providers to shut down accounts is a valuable exercise, as every second spent with your own missives is more time spent keeping them away from actual victims. You have to be a little creative though, or they just won’t reply. Years of baiting has meant scammers are quite cautious these days, and anything “sensible looking” seems to send them running for the hills.
With that in mind:
Anyway, baiting a 419 scammer is a bit cat and mouse—you need to keep them interested by pretending to sound like you may conceivably fall for their ridiculous scam, but push it too far and they may realise they’re having their time wasted. As it happens, this guy was surprisingly enthusiastic about the noble sport of Quidditch and replied almost instantly:
Sorry kid, you’re in goal. Do they have goalies in Quidditch? I have no idea. Imagine being given a broomstick but then being made to sit still in front of a flaming hoop or whatever. The point is, I’m going to score a cool 60 million dollars and a 13-year-old Quidditch prodigy. I’m about to become very wealthy, by which I mean, I’m about to become a money mule.
Now the game is afoot. It’s time to confuse things further by making it sound like I think I’m supposed to be sending him the 60 million. Also: #teamsnape or #teamdumbledore?
At the time I’m not sure if the above blows my not particularly stealthy cover, but a little under 24 hours later, it’s a faintly terse “get on with it” response complete with fake legal contact, and also a planting of the flag for Team Snape:
Actually, it’s more like “Yeah yeah whatever, Professor Snape, sure. Show me the money,” but we’re still wasting valuable scammer cycles. When they get a case of the snappy replies, there’s only one thing to do— ignore them for a while. Three days later he’s back and sounding a bit worried. Can’t have the cash boat sailing off into the distance!
Of course, I only went missing because I was busy doing a great job of redesigning the bedroom for my soon-to-be Quidditch superstar. Honest:
I thought he might have Googled Hogwarts Express here, but my luck holds out:
I left him hanging a little while longer. At this point, I’m not entirely sure who is doing the trolling:
To date, most of the accounts in use by “Mark” have been shut down and/or reported for spam, so it’s time to ease off on the Potter gas pedal and slowly cut him out of my life. I’m sorry, Mark: Your kids will never raise the Grand Wizard Cup in, uh, Quidditchbowl 2020 no matter how much you plead.
Tempting, but no. 419 scams are bad and you could get into legal trouble for becoming tangled up in one. Ignore, report, and delete.
Even when it sounds as cool as this:
This is a Security Bloggers Network syndicated blog post authored by Christopher Boyd. Read the original post at: Malwarebytes Labs