SiL's record Summer of 419 address shutdowns

Any information or research into the rampant "Nigerian Scam" messages.

SiL's record Summer of 419 address shutdowns

Postby spamislame » Mon Sep 21, 2009 10:01 am

I thought I would share my recent mass successes in shutting down numerous 419 free-email addresses over the summer.

As I mentioned earlier, I suddenly began seeing a very sharp increase in this type of inbound spam to two of my distinct domains, and began a militant process of reporting and verifying the shutdown of every possible address I could report. Here are the numbers for the past four months, and these are across all of the known providers:

June: 212 reported, 187 shut down.
July: 314 reported, 203 shut down.
August: 306 reported, 284 shut down.
September (so far): 134 reported, 91 shut down.

As a result, I have noticed in the past two weeks that the idiot criminals behind these messages have resorted to far less well-known providers of free-email. Today so far I haven't received any 419 spam which uses any of the major email providers - by that I mean Yahoo Mail, Gmail and Hotmail. In July they began a concerted effort to switch to variants of Hotmail such as w.cn and 9.cn, under the mistaken impression that it would be harder to discover their connection to Hotmail. In June the focus shifted to mail.ru, which is among the stupider things they could do, since many of that mail provider's registrants are now synonymous with lots of illegal online activity. Today's all use really vague email providers:

e.g.:

james_cole_lawfirm@mail2ohio.com
donadams2009@gala.net
seahcha11@i12.com

[Side note: these idiots need to retire the names "James Cole" and "Mr. Song Lile". :) ]

mail2ohio.com is another subdomain for mail2world. Working on getting that one shut down as we speak.
Gala.net is a Russian portal which also provides free email.
i12.com strikes me as a very new / amateur email provider. They feature no terms of service that I can see, making them a pretty obvious haven for this type of activity

My point being: it appears that my own solitary reports are actually having an effect. I can see it in the desperate re-wording of many of the new messages urging me that I've been dealing with "the wrong person" all this time and instead to contact this new, non-Yahoo/Gmail/Hotmail/Sify.com address.

btw Sify.com is among the slowest responders, but they do shut these down, which is nice. But they'll remain a favorite as long as they allow the emails to last for more than a day. Yahoo is at the absolute bottom. When they do notify me that action was taken (which is rarely), they do so approximately a week or more after my report, by which time the criminal can of course set up a whole new account which they don't use for anything but furthering the conversation with whoever they managed to snare with the first account.

I'll post these statistics occasionally. Unfortunately (as my numbers show) the traffic of these emails is not slowing down at all. They're persistent, but so am I. :)

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: SiL's record Summer of 419 address shutdowns

Postby meep » Mon Sep 21, 2009 10:36 am

Interesting summary, SiL. And the things the 419ers are doing (going to more obscure free webmail providers). Do you plan on blogging about some of this sometime later? Just curious.
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Re: SiL's record Summer of 419 address shutdowns

Postby spamislame » Mon Sep 21, 2009 11:05 am

meep wrote:Do you plan on blogging about some of this sometime later? Just curious.


Not likely. At least not until I see a larger decrease in this activity.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am


Return to Advance-Fee Fraud [419 Fraud]

Who is online

Users browsing this forum: No registered users and 1 guest

cron