Update, 13/5/07:
Thanks for all the comments. It seems we’re seeing a new angle on attention getting by some saddo spammer. Lots of ‘petes’ and ‘peters’ hit with this around the same time, followed by ‘Christopher’, so maybe not quite alphabetical but still grouped.
Thanks to the Petes and the Steves and the Christophers and Mr Tox for the feedback. I emailed the Met Police in London to get this approach on the radar for the UK cops (no doubt they already knew about it) and also replied on a disposable account to the man himself – “Nice Man Nice man” (be-cool-n@hotmail.com). No reply from the main guy himself, maybe I’ll need to start a 419 baiting project. I’ve already started to write a 419er friendly ‘please don’t kill me, take all my money but think of my donkeys’ email.
Thanks folks. Now Google has something to work with, lets hope no-one falls for this.
Original Post …..
Got some spam this morning with a different take on stealing my ID: Terror!
A am very Very sorry for you Pete, is a pity that this is how your life is
going to end is a pity but I will like to give you some chance to help your
self RIP. As you can see there is no need of introducing my self to you
because I
don’t have any business with you, My work as I am talking to you now is
just to kill you and a have to just do that as I have already been paid
for that.Some one that I will not like to tell you the name came to me and told
me that he want you and the whole of your family dead and he provide us
with your name, Address and Phone Number and with my network I sent my boys
to track you down and they have done that but I told them not to kill you
that I will like to contact you and see if your life is Important to you so
I called the him back (I mean my client) and ask him of you email which I
didn’t tell him what I want to do with it and he gave it to me and I am
using it to contact you. As I am writing to you now my men are
monitoring you and there telling me every thing about you. So I will like to
know
if you Like to live or die as some one has paid for you to die. I am given
you just two days to get back to me or I will just make a call and tell my
boys to wipe you and your family out.GOOD LUCK AS I AWAIT YOUR REPLY.
Sent from Nigeria (where else!) from IP address 213.255.199.40, which resolves to Henik International Ltd. Not much about them on google, but not bothered to chase it any further. The server at that address seems to be a fairly open services server..
nmap -sS -v -v -P0 213.255.199.40
Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-27 10:19 BST
Initiating Parallel DNS resolution of 1 host. at 10:19
Completed Parallel DNS resolution of 1 host. at 10:19, 0.04s elapsed
Initiating SYN Stealth Scan at 10:19
Scanning 213.255.199.40 [1697 ports]
Discovered open port 25/tcp on 213.255.199.40
Discovered open port 23/tcp on 213.255.199.40
Discovered open port 443/tcp on 213.255.199.40
Discovered open port 80/tcp on 213.255.199.40
Discovered open port 53/tcp on 213.255.199.40
Discovered open port 22/tcp on 213.255.199.40
Discovered open port 5432/tcp on 213.255.199.40
SYN Stealth Scan Timing: About 6.21% done; ETC: 10:28 (0:07:41 remaining)
Discovered open port 8888/tcp on 213.255.199.40
It’s a nasty, attention-getting way of entering into dialogue with the target. I can see it working on quite a few people, alas. The race to the bottom continues…
Interesting… I got the same spam this morning and also decided it was an ugly turn of events from the 419 world.
After determining it came from Nigeria my instinct was to ignore it or bait the scammer somewhat but a friend persuaded me to report it to the police because it’s the kind of thing that would freak quite a few people out. Not that there’s a lot the British dibble can do from this end.
Weird that it’s two Pete’s, both in the Uk though… Maybe it’s a vendetta!
Pete, sorry to hear you got one too – thought it might have been a limited run but I’d hazard a guess they’re running through a list or marks in alphabetical order. (I’ll ask my brother Paul if he got one just before me!)
I’ll probably report this to the cops as well, basically for it’s new approach so they can be aware of it. It’s a bastard of a trick though. One of the very few spams to get me to read the whole thing in a long time. No doubt it’ll catch a few people out, mores the pity.
It’s showing up in the States too.. there was a similar one earlier in the year which I investigated and which had garnered the attention of the FBI. This mail seems to be another in the same vein. Have a great day!
I recieved one of the e-mails a couple of days ago. It makes startling reading at first, but is obviously a nasty scam. Not quite sure how to progress it, telling the police is one course, but wide publicity would help too. Some folk may fall for this.
Interesting that us “Petes” are being targeted, agree with another commentator, probably somebody working down an alphabetical list.
B regards
Pete C
Ha- thanks for the post- I got this identical spam, and (Google be praised) was able to find your reference to it.
The difference was that I couldn’t track the email headers back past a US host.
I’m tempted to reply that I wish I could afford to pay, but my net worth of $US3.5 Million Dollars was lost from a Nigerian scam (c;.
BTW- Mine was to Christopher….
Although the message sounds upsetting, it’s nothing new. This odd blackmail form of the Advance Fee Fraud aka Nigerian Fraud pops up from time to time. As pretty obvious, no one is going to kill nobody. It’s just a stupid jerk sitting in some internet cafe in Awka, Nigeria; probably being entirely unsuccessful with their usual crap, this angle will be tried. The usual method of obtaining spam targets for Nigerian criminals is using email address harvesters, so don’t worry, it’s nothing personal.
As posted above, this spam run originates from 213.255.199.40, an IP that appears to be blacklisted on many sites. I haven’t found much on Henik International Ltd in Awka, Nigeria either, but the company appears to exist:
http://www.ncc.gov.ng/Liceensee_nov06/Internet%20Services.pdf lists “Henik International Ltd, 229, Zik Avenue, Awka, Anambra State” as being a licenced Nigerian internet provider from 1st August 2004 until 31st July 2009. About ncc.gov.ng:
“The Nigerian Communications Commission is the independent National Regulatory Authority for the telecommunications industry in Nigeria.”
As Henik International has no internet presence whatsoever, you still may give a try to send your complaint to “Ike Echem” ikeechem@yahoo.com, an individual unknown to all search engines I use. This person with the above addy will be listed in the whois record of 213.255.199.40 as belonging to the mysterious Henik International Ltd.
Another approach would be to direct your complaint to the Public Affairs Department of the Nigerian NCC: ncc@ncc.gov.ng, and don’t forget to cc the Licensing Department at licence@ncc.gov.ng.
My actual guess is the Henik International Ltd is a one man company who buys internet services from SkyVision Network Services (see whois) and resells them to local scammers, probably operating in establishments loosely resembling internet cafes.
Oh and if you’re wondering what would happen if you send those complaints…
You won’t be getting any response whatsoever from ikeechem@yahoo.com, no matter how hard you try.
You won’t be receiving any reaction from NCC Nigeria either, but that doesn’t mean that nothing would change under the surface. I guess the individual who reads your complaint first will use it to extort some money from the person behind Henik International Ltd, threatening them to revoke their licence otherwise. This guy in turn will extort money from the proprietor of the scammer infested internet cafe at 213.255.199.40. The proprietor will either kick the actual scammer in the nuts, unless that guy has either larger muscles than himself or more powerful friends, respectively, in which case of course no word would be spoken. Either way, the scammer will keep on doing their dirty job, either in the same cafe or – in worst case – in another one, just across the street.
Good luck, nevertheless.