Artists Against 419 Takes On Scammers

419scammers writes "Hello, The following site is an anti scammers 419 site (plus associated scams) which has started to receive a great deal of publicity in a number of countries national publications. Their fifth international flash mob has now started. Have a look at the monthly flash mob link. Enjoy." An anonymous reader adds "More than 50 identified websites of the Nigeria-Connection are being targeted and the first ones has been already disabled. It was a very bad idea to copy the website of an innocent lawfirm..."

Comment removed

[account_deleted]

Comment removed based on user account deletion

I'm sorry I haven't a clue.

[rokzy]

Artists Against 419... flash mobs... what are you on about?

Re:I'm sorry I haven't a clue.

[LostCluster]

Artists Against 419
A "419 Scam" is the attempt to defraud people of their money by claiming that they need to send money and/or account details in order to recieve a large ammount of funds. If any victim actually cooperates, they're told that they need to send more. Spam is commonly used because of the relatively low cost of sending massive e-mails, and the fact that the scammers net thousands of dollars from each fool that bites. The name comes from the chapter of Nigerian number in law that says this is illegal there, yet a majority of these scams come from there.

flash mobs
This is a concept that comes from people who send text messages to a mailing list of bunch of friends that says something cool is going on, so anybody free should come join them. In cities, this can cause 100s of people to show up on the "if you contact 10 friends, and they contact 10 friends..." principle. Singer Avril Lavigne is currently doing a tour of unadvertised events at shopping malls, which have attracted up to 6000 people that more or less depends on the first people to see the sign announcing the event telling their friends, and having those friends tell others. This group is encuraging a simple Slashdotting against 419ers, which is basically the same principle. More people showing up than expected causes problems...

Re:Joke's on who?

"Q: Why are there so many broken images on your site? A: That's not a bug! It's a feature! If you can see any picture it means that a website of a 419 criminal is still not down. But they have to pay a price for it! Actualy our aim is to present only broken images at our web site." So to answer your question, by slashdotting the site, we are helping take down the 419 sites.

Re:Joke's on who?

[nacturation]

It's a great idea. While the artists against 419 scammers have to serve up the HTML, they've hijacked the images, eg:

<img src="http://www.some-419-scam-site.ng/logo.jpg"&gt ;

So maybe a 1 KB of HTML vs. usually 10 to 20 KB of images, and that's for each image. You could easily add a 1 pixel frame which loads up dozens of images from the scam sites.

They Have a Game on the Site

[oobob]

Here is a game where you chase logos from the sites with your mouse, and if your cursor goes over them, they reload on the edges of the page.

Thing is, you can speed them up, and they automatically go towards your cursor. Even in the background (try it with a trillian window). And it's more addictive than you'd think.

Nice idea. "Community "ttacks" can work.

[hkmwbz]

This is a very good idea, and seems to work to a certain extent.

Organizing communities to attack hostiles is a good idea, and lately I've seen a lot of mails pretending to be from Citibank, apparently linking to citibank.com, but instead hiding the URL by using HTML, and sending the user to a different page instead.

These new phishing scams have been covered by the media, and basically it opens a popup with the address field hidden, and it uses HTML/JS to recreate a fake one, giving the impression that one is actually at citibank.com.

An example of a received spam, which claims to link to web.da-us.citibank.com, but really links to a page which opens a popup. The address of the popup is:

http://www.strongerinfobase.us/scripts/sys.php

This page gathers credit card info. Maybe if there was a site to gather these addresses, hundreds or thousands of people could cooperate and submit so much nonsense - either random crap or seemingly real, but fake, CC info. That way, the scammers would have to wade through thousands of fake entries.

Maybe someone could even write a script to spam the scammers into oblivion :)

... or as previously covered on slashdot

[cr@ckwhore]

Previous topic on the same subject ...

http://yro.slashdot.org/article.pl?sid=03/11/16/20 4210

definitions....

[Carbon+Unit+549]

Flash Mob
419

Re:Joke's on who?

[jamonterrell]

The issue to this is that if you look at the headers that most browsers send to the site they request files from there's a referrer tag. A site owner can actually with minimal effort block requests unless they are referred from their own site... This seems like a lost cause to me.

Re:Why this

[pyrrhonist]

This seems to be a round-about and innefficient way to do a DDoS (Distributed Denial of Service) attack. They should just automate the thing as opposed to having people sitting and clicking as they seem to plan on doing.

It is automated. RTFA. The pages automatically reload, or you can download scripts.

Their site features just about every grammatical mistake one can make.

English is not every person's first language.

They also accused me of stealing their bandwidth by going to their page. That seems to be a strange accusation coming from a group that is going out to crash other people's sites.

No they didn't. In fact they encourage people to, "...bookmark this site and revist us as often as possible", and, "link to us from your web site!".

Why is this guy's post modded "Informative"? I suppose wrong information is still informative, but jeez, people!

Re:419?

[Nerull]

The "419" scams take thousands of $ from people who fall for them, and there have also been reported murders involved when the unfortunate scamee (Is that a word?) goes to another country to meet the scammer, and is then mugged.

Wikipedia Article

scam the scammers

[Phsyco]

This guy actually managed to get the scammer to send him money. He ended up donating it to charity, but none the less, that's pretty impressive. Worth a read if you've got nothing better to do.

http://www.419eater.com/html/stev_ebe.htm

How the 419 sites could stop this (code)

And more importantly, how you can conserve your bandwidth from unwanted inlining of images from the growing herd of bulletin boards and weblogs, via some Apache commands in your .htaccess file: Prevent bandwidth theft.

You can block inlining altogether, or allow it only for specified domains. You can also redirect users to an error image (I used the goatse.cx pic for awhile but found it a little over the top, and switched it to a small "no inlining" note - the phrase "bandwidth theft" has as many problems as does "stealing music").

Today's flash mob - 3rd May 2004

[milsim]

For modem users - Cube 419

For cable users - Scammers Nightmare

And here's an alternative - Lad Vampire

Come on, don't be shy, give them some good slashdotting - it's good fun for the whole family!

Re:I don't get it

Mr AC: it is slang to describe Nigerian scams involving requests to handle money.

Re:Sounds like a job for wget

[MBAFK]

Something like this probably - I made it up on the fly - haven't tested it (yes I know it's cack and that you could probably do it in 2 lines of perl :)

#!/bin/sh

wget --mirror -np http://artists-against-419.mugus.com/
cat artists-against-419.mugus.com/*html* | tr ">" "\n" > all.txt
rm -rf artists-against-419.mugus.com/
cat all.txt | grep "http://" | egrep "\.jpg|\.gif|\.png" | sed -e "s/^.*http/http/g" | tr "'" " "| tr "\"" " " | cut -f 1 -d " " | grep -v "mugus.com/" | sort | uniq > urls

while [ true ]; do
for i in `cat urls`; do
wget -O tmp $i
rm tmp
sleep 1
done
done

Re:See for yourself.

[SydShamino]

Or, for the one I looked at...after going through their huge disclaimer page, they have a web form to fill out an application.

What do they ask for buried in the middle of the form? Your current bank information. Together with the other info, they have everything they need to initiate a wire transfer.

Pretty clear from that alone that they are scammers. No real financial institution would ask for that on an application.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Why this

[Senor_Pedo]

Quite an interesting idea they have here. From Artists Against 419's FAQ:
Wouldn't it be more effective to start a Denial of Service attack (DoS) against this 419 sites?
We here at artists against 419 don't recommend any illegal practices! Such an attack might be more effective, but its less art.
Also from their FAQ:
Aren't you fighting abuse with abuse?
It's art! Sometimes art hurts, but there are no civil casualities in this battle.
You're right about the grammatical mistakes, though. Maybe artists aren't the best spellers.

Re:Verification?

I take it you are not involved in network admin...

This type of online demonstration is NOT a dDOS attack.

The pages request legitimate files.

A dDOS attack is a hammering of a server with spurious requests...

Re:Right Click?

[edgedmurasame]

Just disable Java/Javascript in your browser when visiting that site. Right Click problem solved. Denial of Service problem, that's another issue completely.

make sure, you use the new version

It is here: http://www.freewebs.com/kinomakoto/lv-0305.html

Re:Sounds like a job for wget

[Dimensio]

Actually, the official Flash Mob site has a couple of Linux scripts that use wget to hammer the targets.

Re:Why this

[slayer111]

It's all worth mentioning there's to more flash mobbing than just loading the images; they also encourage people to contact the hosts of the sites, call the authorities, and basically attack the 419ers from every angle.

Re:Why use a web page?

Or you could do domething like this from a terminal- that way you can send them a message.

while [ true ] ; do wget --user-agent="Scammers eat my poo" --delete-after http://yourscammersitehere ; done

Do a 'man wget' to get some other cool stuff to use like --spider --random-wait -C off, etc... Hours of fun!

Re:Verification?

[Raphael]

They are scammers, not legitimate businesses. They steal text and images from other sites. As others have already mentioned, you can use Google to search for some parts of the text on their pages and you will usually find the real source of the content.

It is also interesting to check where the images are coming from. For example, take a look at one of these fake sites: "Trust Meridien". The home page contains a link to the so-called professionals who are supposed to run this fake company: http://www.trustmeridien.com/directors.htm.

Take a look at the second picture. This woman is supposed to be called "Elizabeth Gideon". However, the name of the image file is: Kay_ivey1.gif. The name does not seem to match. Indeed, a little googling allowed me to find an identical copy of the image: Kay_ivey1.gif. That one is linked from the home page of http://www.kayivey.com/, who is the Alabama State Treasurer. The scammer did not even bother changing the name of the file!

I am sure that someone could find the source of the other images included in that page. Anyway, if you still had any doubt that the site is not a legitimate business, I suggest that you get in touch with Kay Ivey and ask her if she is really part of "Trust Meridien". Or maybe she has a twin sister?

Re:Why use a web page?

[sofar]

http://www.freewebs.com/kinomakoto/ladvampire.html

Re:Everyone loves messing with these scammers

[Jo_2521]

Funny site, yet:

"Question.
How do I contact the scammers without using my real email address?

Answer. [...] You could of course buy your own Domain Name and use a redirect to have emails sent to you via the D.N. I nearly always use my own Domain Name to set up email accounts."

(emph. mine)

Be very, very careful if you're up to do this. A simple whois could reveal your personal data to the scammer. I wouldn't want to have some Very Angry Criminal standing at my door...

Re:Why use a web page?

It has been done by folks at the somethingawful.com forums, and used to slay pedo sites.