The so-called "419" scam (aka "Nigeria scam" or "West African" scam) is a type of fraud named after an article of the Nigerian penal code under which it is prosecuted. It is also known as "Advance Fee Fraud" because the common principle of all the scam format is to get the victim to send cash (or other items of value) upfront by promising them a large amount of money that they would receive later if they cooperate. In almost all cases, the criminals receive money using Western Unionand MoneyGram, instant wire transfer services with which the recipient can't be traced once the money has been picked up. These services should never be used with people you only know by email or telephone!

Typically, victims of the scam are promised a lottery win (example) or a large sum of money sitting in a bank account or in a deposit box at a security company. Often the storyline involves a family member of a former member of government of an African country, a ministerial official, an orphan or widow of a rich businessman, etc. Here is an example. Variants of the plot involving the Philippines, Taiwan, China, Hong Kong, Korea, Iraq, Kuwait, UAE, Mauritius, etc. are also known. Some emails includepictures of boxes stuffed with dollar bills, scans of fake passports, bank or government documents and pictures of supposedly the sender.

Though most of these scams use emails sent in English, we also come across emails translated into French, German, Dutch,Danish, Swedish, Italian, Spanish, Portuguese, Russian, Polish and Czech, as well as English and French letters by postal mail, usually mailed from Spain.

Back in the 1980s and 1990s (for this is nothing new!) the main vehicle for this scam were fax machines.

The victims are promised a fortune for providing a bank account to transfer the money to. Then - if they fall for the scam - they are made to part with thousands and sometimes hundreds of thousands of dollars in "bribes" for local officials or other "fees" (taxes, insurance, legal fees, etc) before the "partners" finally disappear without trace. Here are some typical examples of advance fee demands.

Sometimes fraudulent cashier's checks are issued to the victims, who are asked to wire funds for various charges after the bank says funds are "available" from the check, but before the check has actually cleared. Any transaction that involves cashing a check for a third party and then forwarding funds from it to another person you don't know is almost guaranteed to be a scam.

Here are some of the fake reasons given to victims why they should send money:

• Legal fees: Many 419 scams involve a fake lawyer (usually a person who calls himself a Barrister or claims to work for a firm whose name includes the word "Chambers"). Beware of anyone using a @lawyer.com, @justice.com etc. free webmail account who gets introduced in such emails.
• Insurance: Any lottery prize that is supposedly insured is fake.
• Shipping: Real parcel services do not charge $800 and more for delivering a letter. Real lotteries don't ask you to contact a parcel service to arrange for shipping of a check or a winnings certificate that you will have to pay for.
• Wire transfer charges: Real banks charge about $40 for an international wire transfer, not several $1000.
• "Drug free certificate", "Anti Money Laundering certificate", "Terrorist Free Certificate": No such certificates exist in the real world. They are 100% sure evidence of a scam.

The people who receive the scam emails and fall for them often are not the only victims of the scam. We have come across a few cases where people who lacked the funds to cover the advance fee demands committed crimes to get money. They misappropriated often huge amounts from their employers, from charitable organizations they worked for or from other acquaintances they defrauded, hoping they would be able to repay them from the promised millions before anybody would notice. In this way one crime begets another.

Spam emails for advance fee fraud differ from "normal" spam in several ways:

• Most "normal" spam uses bogus sender addresses. For 419 spam existing mailboxes at legitimate mail providers are used. When such mailboxes get cancelled for abuse, often similarly names mailboxes are created at the same provider. Most 419 scams originate from about a few dozen freemailer domains (netscape.net, yahoo.com/yahoo.*, tiscali.co.uk, libero.it, telstra.com, bigpond.com, indiatimes.com, 123.com (Chile), zwallet.com, fsmail.net, hotmail.com, etc., see addresses by domain). A small minority uses throw-away domains registered via Rediffmail, MSN (see example), XO/Concentric, Yahoo/Geocities or other webhosters (ns.sign-on-africa1.net) as the sender instead of a freemailer service, particularly for fake companies and fake banks (e.g. firstcapitalft.com).
  
  Recently PHP-Nuke installations with a webmailer are abused for sending mail via a webbrowser. In these cases the sender addresses can be fake.

• Virtually no effort is made to hide the source of the spam though technical means. These spammers rely on the lack of efforts by the respective providers to stop their abuse of the service. The spams often trace to servers based in African countries (Nigeria, Côte d'Ivoire, Togo, South Africa, Senegal, Cameroon, etc.) and are often routed through Europe, Israel, Australia or South America. Some "419" mails originate from Europe, particularly from the Netherlands, UK and Spain. This is untypical for common spams (Viagra, penis enlargement, etc.), which are often routed through China, South Korea, Brasil or Russia or are sent from hijacked servers (e.g. broadband hosts infected with stealthware) in the United States. The relative absence of common cloaking techniques on the sender side means that "419" spam can only be distinguished from legitimate email from Africa or Europe by analyzing the text of the message, looking for typical phrases and features.

• Often the "419" scammers include phone numbers in the email, especially in fake lottery scams. Typically these phone numbers are in the Netherlands, the UK, Spain or in Nigeria. "419" scammers in the Europe tend to use mobile phones with prepaid phone cards. Country code 31 (0031 or +31) is the international country dialling code for the Netherlands. All Dutch area codes starting with the digit 6 are mobile phone numbers (e.g. 0031-630-835-750, +31-630-354-500). Nigerian "419"-numbers are either fixed line or mobile numbers (e.g. 234 8043281627, +234 1 4717291). The scammers there are part of or closely connected to the political and economical elite of the country. Country code 234 (00234 or +234) is the international country dialling code for Nigeria. All Nigerian area codes starting with the digits 80 are mobile phone numbers:

  Nigeria mobile phone prefixes
  Econet Wireless Nigeria Ltd	802
  MTN Nigeria Communications Limited	803
  Nigerian Telecommunications Limited (NITEL/M-Tel)	804
  Globacom	805

  The only other type of spam that tends to include a phone number is the fake "diploma" spam.

• Most "419" spam uses plain text while most "normal" spam uses HTML.

• Usually no domains are advertised as no websites are involved, except in some cases media articles about political events in Africa (the BBC website is a popular source) that are meant to give credibility to the background story. The initial communication occurs by email, followed by phone and fax communication.

• The text of the messages varies very little. Often the message body or mail subject line uses all capital letters. In many cases the senders make religious references, such as belief in God or Allah.

What can you do when you receive a 419 scam mail?

• Whatever you do, never send any money, no matter what reason you are given. Don't be greedy, use your common sense.
  

• Don't rush. Why the hurry? 419 scammers make up a deadline after which the unexpected (and imaginary) fortune will be lost forever. You're not supposed to have time to research and think about the matter.

• If the email address is not listed in our blacklist yet, you can submit the complete email (if possible with full headers) to us. If we get suitable evidence we'll add the 419 scammer to our blacklist.

• Report the email to the abuse department of the domain used by the scammer (see abuse contact list). Normally you get the email address of the abuse department by changing the left hand side of the scam email address to the word abuse. For example, if the mail originates from mrjephills6@tiscali.co.uk then write to abuse@tiscali.co.uk, if it'sbarristerchris_smith1@zipmail.com.br then write to abuse@zipmail.com.br, etc. Please quote the full text of the mail including message headers (in Outlook Express you get the full message source via Ctrl+F3; use cut+paste to insert that into your email). Even more important than sender addresses are contact addressed in the message body, such as "claims agents" of fake lotteries. Make sure you report these to the matching abuse department too.

• If you have lost money you can report the case to law enforcement in your country (if you haven't lost money, law enforcement will not usually be interested at all). In the United States, contact your local police. An overview of reporting addresses for various countries can be found at the