Uncovered: A Phishing Scammer's Toolbox -- Check This Out!
Thanks to Derek Smythe at Artists Against 419 for this item.
The group dug up a PHP-based mass mailer using a fake domain name that sounds like a real bank (and is quite close to the domain name of the real bank). The fake bank is www.zenithbankplafrica.org (yes, .org, which most people attribute to non-profit organizations and therefore, attach more credibility). The real bank is here: http://www.zenithbank.com
aa419 cached a screenshot of this spam tool here if the real one is taken down. Of course, the bogus bank domain is a private registration. Click the link below for Derek's comments. Note, by the way, that a huge number of fraudulent domains are hosted here in the United States by U.S. registrars. In trying to spread the word about aa419's work, Derek says, "I have found it amazing is that American registrars are extremely tolerant of fraudulent domains and most unhelpful, much more so than their counterparts in other countries. Despite reports of fraud and fake whois, most registrars do not even bother replying. Those that do
state they can do nothing."
Take a look at the scam mailer. Derek's comments are below.
"The choice of wording and images is rather interesting. I have translated the meanings:
"Naija Bois Too Much" - A crew of Nigerian scammers thinking they are great (hint: use a search engine on this term) "Na Here Your Format Go Dey : " -- Enter your scam template here.
"Put Here Maga Emails :" -- Enter the potential victims' e-mail addreses here.
"Start Bombing" -- Mass e-mail the potential victims.
"At the bottom of the mass mailer form, where we see the Statue of Liberty. However the torch is replaced by a pistol. Also at the top of the page we see a kitten being held up at gunpoint. If anything symbolizes the nature and culture of the typical 419 scam gang, this is it. Criminal gangs that think they are smart for holding up the civilized world."