Surplus in inches is absolutely necessary

If they’re necessary, by definition they aren’t surplus.

When the first first Gulf War broke out, I was watching the television coverage with coworkers in the company auditorium.  There was a commercial for a pickup truck, bragging about the size of its engine.  The voiceover said “there’s no substitute for cubic inches”, and one of my coworkers said “that’s just what my girlfriend says!”

I almost feel sorry for the pathetic slobs that get taken in by these scams, but anyone dumb enough to send money to a gambling operation in a foreign country with no legal oversight and no possible legal recourse basically

deserves to lose the money.

The rationale for not generating bounce messages is that spammers forge the from address of mail messages, and when spam is undeliverable the bounce messages thus clog the mailboxes of innocent third parties (“blow back”) and waste bandwidth.  I modified one of my mail servers (running qmail) to disable generation of bounce messages some months back, in response to repeated complaints by the recipients of such bounce messages.  Even though doing this does violate the RFCs, it is a benefit to all legitimate email users, and DynDNS should be commended for doing it.  I hope that other major email providers will follow suit.

When RFC 2821 is next revised, it should be change to require MTAs to generate bounce messages if and only if the origin of the email can be authenticated (e.g., by DomainKeys).

I suppose I’m lucky to have had a cell phone for twelve years before starting to get these.

The people who send these should be hanged, drawn and quartered.

CNN now reports that the FBI is investigating these scams:

The FBI has received more than 100 complaints about the so-called “hitman scam” from across the country. Typically, the cyber shakedown seeks anywhere from $30,000 to $80,000.

FBI special agent James Burrell says some people have fallen for the scam, sending criminals tens of thousands of dollars. The FBI says they have some leads in the case, but they wouldn’t provide specific details.

Burrell said tracking suspects is difficult because it’s a borderless crime believed to be originating overseas.

[...]

McGlothin never fell for the scam, because as the FBI points out, the e-mail was mostly generic. There was nothing specific to him, not even his address.

However, that’s not always the case. The FBI says at least one e-mailer got a second e-mail listing personal details — his work address, marital status and daughter’s full name.

I didn’t get the email with personal details.  However, it is unfortunately very easy for scammers to get personal information, because the safeguards on such information tend to be far too weak.  If you get a threat with personal details, I’d advise reporting it to the FBI, but not otherwise taking it seriously.

Update: this email has been going around for more than a month, with minor variations. It’s a variant on phishing and advance fee fraud. Kevin Poulsen posted about it on 23 March 2007, and references an FBI advisory from 15 January 2007.

Received: from zeus.hptc-solutions.com.mx (unknown [69.55.236.236]) by mx1.brouhaha.com (Postfix) with ESMTP id 24B55500A8 for <eric>; Sat,  5 May 2007 18:13:11 -0700 (PDT)
Received: from localhost.localdomain (zeus [127.0.0.1]) by zeus.hptc-solutions.com.mx (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id l4618KlH013249 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <eric>; Sat, 5 May 2007 18:08:20 -0700
Received: (from www-data@localhost) by localhost.localdomain (8.13.4/8.13.4/Submit) id l4618KuY013120; Sat, 5 May 2007 18:08:20 -0700
Date: Sat, 5 May 2007 18:08:20 -0700
Message-Id: <200705060108.l4618KuY013120@localhost.localdomain>
To: eric@brouhaha.com
Subject: hello
From: smith wilson <smitho7>
Reply-To: smitho7@yahoo.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Hello,
 I wish to let you know that i have been paid by a client to assasinate you at co
nvenience,and i have signed a contract of $650,000 yesterday for this.I have nev
er met you before,but they gave me the full description of your
identity and contact,together with your photograph which my boys have used to tr
ace you.

The reason why they want you Dead is not disclosed to me as i was not allowed to
know,but you are now not better that the dead ok.

My BOYS are now contantly watching you,they are following    you-home,office,eve
rywhere.....,you go and they are waiting for my instruction to    terminate you.
And they will strike at convenience.

 THIS IS MY MESSAGE-

LISTEN VERY WELL !!!!,the Police cannot do much to help you out in this right no
w because you are being watched,any such attempt is very risky cause you will pu
sh us to terminate your life without option. Your calls
are not safe also.In fact you are traced.

I have no business with you but at least i have cleared the way as a pro-,but yo
u may have one chance to live again if you can contact me not latter that 24 hou
rs after this mssage.
GOODLUCK!!!

The reason these scams always ask you to keep the supposed fact that you’ve won confidential is that if you actually believed you have won, and were to tell anyone, they would almost certainly point out to you that it’s a fraud.

Another tipoff is the +44 70x phone number.  While not all such phone numbers are fraudulent, any that you get in unsolicited email almost certainly are.  These are “follow me” style numbers that can be fowarded to anywhere in the world, and are routinely used by scammers in Nigeria who want to hide their location.

Remember, if a deal sounds too good to be true, it is.  Don’t fall victim to advance fee fraud.

Linux Head office London United Kingdom.

Berkeley Square House, Berkeley Square, London, W1J 6BD, UK
Affiliate of U.K National Lottery.
Tel: +44 704 570 4365
Fax:+44 870 479 1525

CONGRATULATIONS: YOU HAVE WON $200,000.00 !!!

Sir/Madam,

We are pleased to inform you of the result of Linux International Lottery which was held on the 28Th, February 2007. Your e-mail address attached to e-ticket number: 834509819, with Prize Number: 237359446 drew a prize of $200, 000.00 (Two hundred thousand Dollars).

This lucky draw came first in the 2ND Category of the Sweepstakes. You will receive the sum of $200,000.00 (Two hundred thousand Dollars) from our lottery department.Because of some mix-up with sweepstakes prizes, including the time limit placed on the payment of your prize: $200,000.00 (Two hundred thousand Dollars), we advice that you keep all information about this prize confidential until your funds:$200, 000.00 have been received by you.

You must adhere to this instruction, strictly, to avoid any delay with the release of your funds to your person. This program has been abused severally in past, so we are doing our best to forestall further occurrence of false claims. This sweepstakes was conducted under the watchful eyes of 8,000 spectators. Your e-mail address was selected and came out third by an e-ballot draw from over 250,000 e-mail addresses (personal and corporate e-mail addresses).

This program is sponsored by Linus Torvalds and CFI Networks to compensate faithful Internet users around the globe. Congratulations for becoming one of the few lucky winners.With your permission, your e-mail will also be included in the next sweepstake of 2Million USD. In order to avoid unnecessary delays with your claim. please contact immediately, and quote your winning information in all your correspondence to your claims agent.

Here is the contact information:

Name : Mr Lewis Anderson
Phone: +44 704 570 4365
Email: lewis.anderson231@mac.com

You are to furnish them with the following informations:

(i). Name(s),
(ii) Telephone and fax numbers
(iii)Contact address
(iv) Winning information.
(v) Age
(vi)Sex
(Vii) Occupation

Congratulations.
Mrs. Patricia Mcmeans
Coordinator, Linux International Lottery

It is known that, many Foreigners have lost money to Nigeria through: Fraud, Unpaid-Contract or others.

Presumably the scammers want the recipient of this email to believe that he or she might become a recipient of some of that “lost money.”

Remember, if a deal sounds too good to be true, it is.  No one is actually going to give you millions of dollars for helping them get money out of Nigeria, or anywhere else.  I find it astonishing that anyone would actually fall for this, but according to the U.S. Secret Service, there have been confirmed losses in the US of over $100 million.