419 scams hit the Web
This week a group of alleged fraudsters will appear in court on charges of running a scam backed by extensive online resources.
The Scorpions police unit on Friday arrested 15 suspects, a large number of whom carried Nigerian passports, in early morning raids on eight premises in the Johannesburg area.
The group, and more individuals based in Nigeria, are thought to have been operating a 419, or advance fee, fraud scam using South African Web sites for about a month, possibly extracting money from European victims before the arrests.
419 scams are named after the section of the Nigerian criminal code that specifically deals with the offence that has become synonymous with Nigeria. It is known to many South African Internet users who have grown accustomed to receiving "bait" e-mails, promising large profits in exchange for help in a shady money transfer.
"Within the Department of Minerals and Energy we ... discovered and have in our possession as overdue payment bills totalling sixteen million, two hundred and fifty thousand US dollars (US$16.25 million)," reads a recent e-mail.
This version has a South African theme with the sender claiming to be a Dr Frank Fish, a member of a governmental tender committee. More often the letter-writers will claim to be related to a recently deceased African strongman - Mariam Abacha and "Mrs M Sese-Seko" are popular cover personalities.
As different as the purported writers are, the theme of the e-mail is always the same. A large amount of money has been gathered by corrupt government officials and must now be moved to a foreign account. For inadequately explained reasons, doing so requires the help of a foreign national. In return for this help, the recipient is offered a significant percentage of the money, often running into tens of millions of dollars.
In reality, marks identified after responding to the e-mail are separated from their money in an elaborate dance where the perpetrators claim that a "small fee" is required to facilitate the transfer of the loot. The fee grows increasingly larger, or other problems need smoothing over, until the victim balks and is abandoned.
Alternative forms have seen dupes lured to Nigeria, where they are held to ransom, or bank accounts are cleaned out once enough details have been supplied to do so.
The group arrested last week stands accused of operating a 419 scam, but it is the sophistication and extensive use of Web sites that set it apart.
"We became involved because of the corporate identity hijacking," says Scorpions spokesman Gerrit Nel.
The unit first received a complaint that the group was using a Web site similar to that of the SA Reserve Bank. The site, www.sarb.org.za, contains nothing but a single "access denied" page. Yet e-mail addresses from that domain were apparently used to convince victims that the sender was an employee of the Reserve Bank, which uses the addresses resbank.co.za and reservebank.co.za.
In the unlikely event that an outsider stumbled across sarb.org.za, its innocuous nature would not arouse suspicion, although the name of the company it supposedly belonged to, Sarel Antiquities & Renovation Bureau, may have raised a snigger.
Far more impressive are the Web sites established by the same group for the supposed law firms Sithole & Associates (www.sithole-attorneys.co.za) and Moloko-Khoza & Associates (www.molokokhoza.co.za). Both sites were still available at the time of publication.
The two sites profile each firm as well as the handful of lawyers that supposedly work for them, using a number of images apparently culled from the Web as illustrations.
Although similar, the design of the two sites is different enough, and close enough to what a small legal firm could muster, to pass casual inspection. The only note of worry for local visitors would be the 073 or prepaid cellphone prefix to all telephone and fax numbers, while all the lawyers' e-mail addresses are hosted with either Webmail or Ananzi Mail, both free Web-based e-mail services.
Combined with fictional street addresses, those behind the sites could be reached but never traced, something exacerbated by the fact that many of the prepaid cellular numbers simply diverted calls to lines in Nigeria or elsewhere.
Also established by the same group was a Web site for an "Eagle Private Bank Limited" that uses an image of a whirlpool on its front page at www.eaglebanklimited.com. The front page conceals only a login page for the supposed bank, and it is not known whether the site was ever used to back up the scam.
It is not only the depth of the false information on the sites that is remarkable but also the amount of planning behind them. The site for Sithole & Associates was registered by a hosting company on behalf of the group almost a year ago, in September 2001.
The Scorpions believe the main movers behind the scam remained in Nigeria with only low-level syndicate members present in SA.
The suspects are to appear in court this week.
Nigerian Web site counters e-mail fraud