home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

Classic Spam: Nigerian Credit-Card Scams

The bottom line: Anyone who wants to buy something from your website is going to use your website's order mechanism, or at least will be able to tell you what they want to buy. If they don't do either, your bulls*it detector should be engaged.

Swindlling foreigners via the internet seems to be the number one high-tech industry in the western African republic of Nigeria. I’ve already covered the most famous Nigerian racket, the notorious advance-fee or “419” scam; on this page is a sample of another Nigerian con game, smaller in scale perhaps but no less persistent or annoying.

From sarahmart01@yahoo.com Sun Jun 12 22:36:05 2005
Return-Path: <sarahmart01@yahoo.com>
Received: from zaxxon.io.com (zaxxon.io.com [])
  by mail.io.com (8.13.3/8.13.3) with ESMTP id j5CJIK9Y000134
  for hidden; Sun, 12 Jun 2005 14:18:20 -0500 (CDT)
  (envelope-from sarahmart01@yahoo.com)
Received: from web33713.mail.mud.yahoo.com (web33713.mail.mud.yahoo.com [])
  by zaxxon.io.com (8.13.3/8.13.3) with SMTP id j5CJHZ1x075466
  for hidden; Sun, 12 Jun 2005 14:17:43 -0500 (CDT)
  (envelope-from sarahmart01@yahoo.com)
Received: (qmail 30197 invoked by uid 60001); 12 Jun 2005 19:17:30 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  +v3ng5rzS7JgO4fwE5Km0mvsQVd3TwqDCEEwgAZBfO0s= ;
Message-ID: <20050612191730.30195.qmail@web33713.mail.mud.yahoo.com>
Received: from [] by web33713.mail.mud.yahoo.com via HTTP; Sun, 12 Jun 2005 12:17:30 PDT
Date: Sun, 12 Jun 2005 12:17:30 -0700 (PDT)
From: SARAH MATT <sarahmart01@yahoo.com>
Subject: Order Enquiry..?
To: hidden
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-2120771738-1118603850=:26213"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version 0.85 on zaxxon.io.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on zaxxon.io.com

Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

My name is Mrs Henry Jane. I was opportuned to visit your website and i came across some of your products i will like to purchase, but before i proceed with my order, i want you to kindly advice me on any of listed payment you accept (VISA,MASTERCARD OR AMEX CARD.). I will also want to know if you can ship down to lagos Nigeria, where my outlet is located. However, i also want you give me a price quotation on the shipment to Lagos-Nigeria, via FEDEX. Furthermore, i hope i can place my order through an email. After i am through with all this, i can now list out my choice of items for you. I await for your swift reply on the above inquiries.
Expecting to read from you soonest,
Best regards.

Discover Yahoo!
Stay in touch with email, IM, photo sharing & more. Check it out!

<<HTML version of mail body omitted>>

If you happen to run a website that sells -- or even just displays -- such portable and fungible luxury goods as watches, jewelry, or fine pens, you have probably gotten a bushel of messages just like this one (I myself get at least two or three per month). What’s going on? Nothing but good old-fashioed credit card fraud. Using a variety of brute-force methods, Nigerian crooks are able to get hold of plenty of valid credit card numbers beloging to innocent parties, and they seek to use them — quickly, before the fraud is detected and the numbers deactivated — to buy goods that they can resell for cash.

Here’s what might happen if you decided to bite on such a message: the crook will place an order and give you a credit card number. Or maybe he’ll give you several credit card numbers (asking you to split the total among them). Maybe the numbers will all look the same except for the last few digits — what a coincidence! Oh well, no matter, your POS machine approves them, so box up the order and ship it via express service to Lagos (the principal city and former capital of Nigeria, the city that most of these lowlifes call home). Some time later, after a clearing process that could take days or even weeks, and well after the crook has already made his bucks out of the deal, you will get a chargeback from the bank that issued the credit card. That means that the money they put into your account at the time of sale will be unceremoniously yanked back out again, probably along with chargeback fees. So, you are left with no goods, and no money.

Like the 419 perps, the credit-card scammers all seem to rely upon a template or cook-book approch to creating their mailings. The many, many messages of this sort that I’ve received all seem to adhere more or less closely to a formula:

So, what should you do about these messages?

It’s perfectly OK to ignore them, although one internet merchant actually likes to string the crooks along (“...sorry, there was a problem with the card number you gave me...”), getting them to send him more and more credit card numbers that he then reports to the bank as having been stolen.

You are also entitled to report them to the providers involved. These are actually easier (in some respects) to trace and report than the average spam, since there’s seldom any header forgery.

Whatever you do, you obviously do not want to fill any orders from such a buyer, at least not on his terms. If someone presents a credit card for a suspicious-looking transaction, you are free to ask the buyer to provide all information on the card (including the expiration date, the security code, and the name of the bank issuing the card). If you have an automated order system, you’ll want to make sure that it collects the security code from the card along with the card number (the crook won’t know the security code if he doesn’t actually have the card in his hand). Finally, you might simply want to make it a policy not to accept credit card orders—and perhaps even wire transfers—from Nigeria (or certain other countries where this scam is rampant), instead requiring more secure forms of advance payment.

 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2007, Richard C. Conner ( )

09294 hits since March 27 2009

Updated: Sat, 18 Aug 2007