1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need Advice Detecting Nigerian Scammers (will pay $$)

Discussion in 'Black Hat SEO' started by force66, Feb 5, 2011.

  1. force66

    force66 Newbie

    Joined:
    Mar 29, 2009
    Messages:
    24
    Likes Received:
    2
    Hi,

    I'm having a seriously hard time detecting mostly Nigerian 419 scammers that are joining a dating site I own. These guys are absolutely insane! They take scamming to the whole next level! They somehow manage to create accounts that have IPs from the city in which they say they are from in the US that have hostnames of residential ISPs like Comcast, etc. I've tried bypassing the browser proxy settings (which works, but they get around it), checking their desktop time zone, looking at their browser info, and all browser plugins, and checking against known scammer emails. The accounts are definitely not automated, they register them by hand. All the profile info like, height, weight is correct corresponding to the photo they provide (of someone else). When these guys pay for an account, somehow all the details on that match too. They even have Facebook accounts setup with years of status updates and hundreds of (fake) friends! They don't join and send a million messages, just 1 or 2, a lot of the time: none! They get people to message them at their email so we don't see when they start talking about scammer stuff. There are so many and so few people report them, that reporting isn't a valid solution.

    I'm sure I could try SMS verification sending their cell a number to enter in our system, but if they did all those other things, I'm sure they can get a prepaid US cell.

    Ughh.. I'm like totally out of ideas here. The only thing I can think of is for them to upload a video and mention the name of our site in it.. and even then. My other idea is verifying .edu emails, but we can't only allow .edu emails. Of course, we can check the text they write, automatically or manually, but that is our least favorable option.

    Any solutions or information on how this is done possibly from people that are familiar with Nigerian/Ghana/Senegal scammers? I can pay if necessary.

    Thanks!
     
  2. wholesalereplica

    wholesalereplica BANNED BANNED

    Joined:
    Oct 14, 2010
    Messages:
    692
    Likes Received:
    247
    these boys have taken scamming to the whole next level, I wish you good luck my friend
     
  3. dichotom

    dichotom Jr. VIP Jr. VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,919
    Likes Received:
    544
    That is quite a problem indeed! I would probably ask these guys, there could be someone with the skills to do it, you will definitely peak their interest with your plight:

    Code:
    http://www.419eater.com/index.php
    
    They may have some insights. Good luck and report back!

    edit: Their site doesn't look like much, but if you click on forum at the top you will see how serious those guys are about screwing 419 scammers. To everyone else, take a look, the site is absolutely hilarious!
     
    Last edited: Feb 5, 2011
  4. proxycash

    proxycash Newbie

    Joined:
    Dec 23, 2010
    Messages:
    27
    Likes Received:
    6
    Such is the nature of Nigerian scamming. It is all manual social engineering. If you have implemented all of those safeguards, and they are bypassing them with proxies and manual registrations, there is not much that can be done from your end other than manual verifications.

    It's a hassle. PM me and we can discuss ways to reverse the 419 scam, with hilarious results.
     
  5. soctal

    soctal Regular Member

    Joined:
    Jul 28, 2008
    Messages:
    243
    Likes Received:
    76
    perhaps you should require people to submit an call in for vocal confirmation who they are, their interests, education? its hard to hide accents or machine voices. it can also be used on the dating profiles.
     
  6. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    579
    Use java (not javascript) to detect IPs disregarding proxies. One method is request.getRemoteAddr. Here's a rundown what it does: http://stackoverflow.com/questions/...est-getremoteaddr-doesnt-work-in-java-servlet

    Ask your java coder to implement it or get a college guy, shouldn't be more than 2 hours work (but don't be a cheap bastard lol). This won't work if the user has java off but it is rare and can be used as a warning flag on its own. Or you can make the submit button or something else a java applet too so the user can't join if he has it turned off.
     
    • Thanks Thanks x 1
  7. force66

    force66 Newbie

    Joined:
    Mar 29, 2009
    Messages:
    24
    Likes Received:
    2
    thanks for the replies guys!

    i suppose we could call people, but believe it or not i think these guys have call centers. maybe not all of them, but i have spoken to one guy whose account looked 100% fake, yet the person who called was def american. plus this would be expensive.

    in terms of the java method, i think that would accomplish what we are already doing with flash in terms of going around the browser proxy setting, but good suggestion.

    i took a look at 419eater, i've been there before, but never looked on the forum and i'm seeing some impressive stuff. thanks!

    and

    indeed, you are a Nigerian scammer sir! congrats on pointing yourself out. haha, see what i mean about the prevalence of these guys.
     
  8. macdonjo3

    macdonjo3 Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 8, 2009
    Messages:
    5,564
    Likes Received:
    4,317
    Location:
    Toronto
    Home Page:
    I'm sure your looking to post this on a hacking forum, and not an SEO forum. You are going to want to get them onto a page that disables browser proxies or something.
     
  9. Monrox

    Monrox Power Member

    Joined:
    Apr 9, 2010
    Messages:
    615
    Likes Received:
    579
    Well I didn't know you were that desperate, sorry for underestimating your abilities to fight back :)

    Flash is always my other option as both work great. The only way to defeat these 2 methods is by using socks proxies but it is very improbable scammers would have access to that many.

    Maybe it's trojans on zombified home PCs, I can't think of anything else atm. Not much you can technically do on your end in this case. Maybe setting honeypot profiles or consulting fellow webmasters. Like the car manifacturers, they hate each other but act as one when it comes to lobbying.
     
  10. jesus3

    jesus3 Regular Member

    Joined:
    Jan 8, 2010
    Messages:
    277
    Likes Received:
    63
    Occupation:
    IM/Student
    Location:
    Home of the Haze!
    Damn those guys are good. Good luck with the problem friend.
     
  11. Michaelf

    Michaelf Registered Member

    Joined:
    Nov 17, 2011
    Messages:
    59
    Likes Received:
    11
    Check if IP is in any spam lists, most likely the use socks proxy's from botnets that are also used for spam. Also check user agent,dns, OS, timezone to make a risk profile. They obvious are doing it manually so best is to check for these things and sort by probability of fraud. Also you could use Flash LSO which a lot of them don't know how to remove so they stay banned.

    Oh seems you are already doing most these things. Not much there is to be done other than warning users if there is nothing to filter them out.
     
    Last edited: Jun 3, 2012