Search This Blog

Saturday, November 10, 2007


We were formally introduced to Nigerian ID thieves with the ChoicePoint breach in February of 2005, when 163,000 of your personal records were heisted from CP by Oluwatunji Oluwatosin, a Nigerian living in Los Angeles. He was sentenced to 16 months for this back in 2005, and the FTC has recently announced they have identified at least 3,800 ID theft victims from the fraud. (See article) But the latest scam involves puppy love, and the Nigerian clones’ ability to con you by using a cute little dog that needs a home that only you can give it by sending your money that will also save it from a “horrible” death. As Helen Popkin reports on, the Nigerians are able to adjust to just about any need or lifestyle to get your money. And, unfortunately there have been suckers, which I fault not only for the fact that by now the public should be aware of this method of swindling people, but also because—as Popin indicates others have voiced—why not help dogs, and cats, in this country by adopting through the SPCA or your local humane shelters? The 419 is a straight-forward pitch that takes no pains to achieve grammatical accuracy, and wants to give you a huge amount of money for your bank account number, and they could take the approach of a missionary, religious appeal, the love of your life, and now the puppy of your dreams. I receive them regularly in my e-mails, 20 in the last five months, one in bold caps, and one purportedly from Publishers Clearing House. Some even clearly state their Nigerian origin, which means some people either don’t read the whole message, or they just don’t get it. Or maybe some of us are too greedy to overcome the realization that the crooks have found a goldmine in the stealing of our names and personal data. In one case Popkin recounts an occurrence where a hitman offers to cancel the hit on you if you pay him enough. And her doctor fell for it. So where do the crooks get the names of their potential victims? According to some experts, names are obtained from industry trade journals and professional directories, newspapers, libraries and mailing lists. In the latter case, it is obvious the junk mailers could be duped into releasing lists of names and e-mail addresses to the wrong people, based on the ChoicePoint incident, above. In my former life as a junk mail list/data broker, it was not that difficult to slip a bogus offer past the list manager who approved all mailings, not that I ever even considered doing this. This has changed somewhat since the CP fiasco. The University of Pennsylvania has some excellent information on the 419 Scam with additional insight into where the ID thieves get your names. They buy lists like other spammers while also exchanging names with the spammers. Other sources include Usenet Internet discussion systems, probably similar to looting from file-sharing programs; searching online directories; and just using the old numbers trick of trying every 8-character e-mail address on a mail host until you get a hit. As we have said repeatedly in this blog, create a new database of names and private information, and the bad guys will figure out a way to steal it.

No comments: