Last visit was: Sat Jul 05, 2014 5:39 pm
It is currently Sat Jul 05, 2014 5:39 pm

Nigerian Scammer Yahoo Mail "Serious Action"


All times are UTC - 5 hours [ DST ]


 [ 26 posts ]  Go to page Previous  1, 2
Author Message
 PostPosted: Tue Aug 20, 2013 11:29 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Good work Jim,

Can you tell us what email address(es) you send your reports to at Yahoo?


Top
 Profile WWW  
 PostPosted: Wed Aug 21, 2013 6:11 am   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
Like I have mentioned before my list is so long I am embarrass even to list it. At one point I tried to eliminate addresses that bounced or yahoo said were no longer used. After that exercise I was getting no responses so I added all email addresses back. I use filters on all yahoo responses so my inbox is clean except for what I want to see from yahoo.


Top
 Profile  
 PostPosted: Wed Aug 21, 2013 6:22 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Jim_P the fact that this is a "solution" in 2013, coupled with the fact that I routinely see notices in Gmail's spam folder that state that the message is in the spam folder because yahoo.com.cn was the domain name is all I need to know about how utterly broken Yahoo's situation is.

I haven't heard any updates from the Yahoo contact yet and it's been two full days of regular reporting of all Yahoo Nigerian scammer accounts to him (121 distinct email addresses and counting.)

He responded when he shut one single account down, but that was a long time ago. I'm hoping he'll do more than just the one, and that the conversation can switch to "this is obviously the 91st account that has "western_union" or "wunion" in the username - do you REALLY need to take 24 hours on this one?!"

SiL


Top
 Profile  
 PostPosted: Wed Aug 21, 2013 7:05 pm   
Spam Reporter
User avatar

Joined: Fri Aug 25, 2006 7:48 pm
Posts: 121
Just as I expected, SIL. The layoffs and outsourcing have taken a toll on Yahoo. They think changing their logo will spice things up. Pshaw!

_________________
You yet did not try SPICE? Not the SPAM!!!


Top
 Profile  
 PostPosted: Tue Aug 27, 2013 3:55 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
randy67 - I have to actually clarify: I hadn't heard more than "I'm on it" from my contact, becuase he's not at liberty to disclose any action he's taking.

The good news is that my Yahoo-based inbound Nigerian scam messages are already down by 1/3rd. So he's doing *something*. I just don't know what, and I can't narrow it down further than that. Phase 2 is after 3 weeks of this consistent reporting, we do a recap phonecall to see what the ongoing reporting can be for all Yahoo mail addresses that are in violation of the law.

I should have been more clear. I was not implying that absolutely nothing was taking place, just that there was no response.

I had one scammer burn through eleven distinct Yahoo mail accounts all indicating they were representing DHL. I have never seen that before. Best part: they all featured an "x-originating-IP" header value which made it clear: it's the same guy, and his previous one must have been removed.

So there's hope. Just not confirmed hope is all.

SiL


Top
 Profile  
 PostPosted: Tue Aug 27, 2013 6:34 pm   
Spam Reporter
User avatar

Joined: Fri Aug 25, 2006 7:48 pm
Posts: 121
<Fingers crossed>

_________________
You yet did not try SPICE? Not the SPAM!!!


Top
 Profile  
 PostPosted: Sat Sep 28, 2013 2:59 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Hi SIL,

Another month has passed.

Are there any updates on this? I would like to get back into reporting scams, but Yahoo is a problem for me, now that they have put a captcha on my favorite reporting page :-(

Just one email address that works would be great.


Top
 Profile WWW  
 PostPosted: Sat Sep 28, 2013 6:09 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
Good luck getting anything from YAHOO. I was getting a few results from my batch of email addresses but nothing lately.

YAHOO also threw another one at me. Since Comcast started blocking spammy smtp mail sometime ago I switched to using YAHOO smtp for reporting spam. Now I find my password is being disabled and I have to created a new password which only last a day or two Now I am using Gmail smtp. This is all getting too complex for me.

Maybe I should spend more time playing Pogo Payday FreeCell


Top
 Profile  
 PostPosted: Sun Sep 29, 2013 5:55 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
I submitted a few recently. Here is the response to one of them, who knows which? I highlighted the puzzling phrase

Quote:
Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response.


Subject
No Summary

Discussion Thread
Response Via Email (Denisse Fox) 09/28/2013 05:51 PM
Hello

Thank you for contacting Yahoo Mail.

We have taken appropriate action against the Yahoo7 Account in question, as per our Terms of Service (TOS).

Note: Yahoo7 is unable to disclose any actions taken on another user's account. We are not able to make exceptions to this rule.


Thank you again for contacting Yahoo Mail.

Regards,

Denisse Fox

Yahoo! Customer Care


New from Yahoo
Don't just check the weather, see it. Introducing the Yahoo Weather app. The forecast is beautiful. Download for iPhone

. Download for Android

.
Auto-Response 09/28/2013 12:15 PM
Thanks for contacting Yahoo Customer Care.

Your Incident ID is: 130928-013620

• If you're reporting abuse, thanks for improving our community (it means a lot to us). We'll dig in to your report and take care of this. We may contact you if we need more information to complete our investigation.

• If you aren't reporting abuse but are trying to ask a question or get help, we'll get back to you as soon as possible.

Sincerely,
The Yahoo7 Customer Care Team

New from Yahoo
Don't just check the weather, see it. Introducing the Yahoo Weather app. The forecast is beautiful. Download for iPhone

. Download for Android

.




We will assume your issue has been resolved if we do not hear from you within 72 hours.

Thank you for allowing us to be of service to you.

[---001:001281:63472---]


Top
 Profile WWW  
 PostPosted: Mon Sep 30, 2013 4:57 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Red Dwarf wrote:
Hi SIL,

Another month has passed.

Are there any updates on this?

Well: I have an update, but I'm unsure what the next steps are to set this into wider use.

Red Dwarf wrote:
I would like to get back into reporting scams, but Yahoo is a problem for me, now that they have put a captcha on my favorite reporting page :-(

And this is the thing: the "experiment" so far is definitely generating results. But they're kind of all over the place.

That form, effectively, is useless. IF someone does something with it at all on the Yahoo side, they do so extremely slowly, and inefficiently, and it does nothing to reduce the problem.

Since I've been single-handedly reporting the scam accounts for (so far) 9 individual people, I've seen some real action taken against the accounts, in record time, with interesting secondary actions.

Per day, I was personally receiving 116 at the max of the amounts I was reporting. That's just my accounts.
When my Yahoo contact decided to take me up on the reporting, he shut them all down within a few minutes of receiving my reports. The first four or five days we were doing that, you could really see it was having a devastating effect on my repeat scammers. They all switched to solely-non-Yahoo accounts, and in one case it looks like a couple of them even took a break from the scam initiations.
But now that we've been doing this over several weeks, I'm beginning to see that it's not really any kind of big improvement, since they always come back, and now they always have multiple Yahoo accounts.

The scammers who have retaliated against me have all boasted that they have "thousands" of these accounts at their disposal, and I believe that, but it still has to have *some* impact when even one account is shut down, especially at the outset of trying to snare a new victim.

Red, if you want to report your Yahoo accounts (or really if any of you do) - just send them to me in "one file at a time" postings that contain all of the offending messages. The format I'm using for one of these files is as follows:

Code:
[email protected] | [originating ip, if it's identifiable] | What type of scam
[email protected] | [originating ip, if it's identifiable] | What type of scam

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message 1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

message 2


So for example here's one set from this morning.

Code:
[email protected] | 120.141.254.65 | Fake Lottery Scam
[email protected] | 41.85.169.70 (benintelecoms.bj) | Fake Western Union Scam
[email protected] | - | Typical Nigerian Scam
[email protected] | 186.225.183.150 | Typical Nigerian Scam
[email protected] | (Yahoo) | Fake CBN Scam
[email protected] | 41.79.219.194 (mtn.bj - AGAIN!) | Fake UBA Scam
[email protected] & [email protected] | - | Fake Western Union Scam
[email protected] | - | Fake Barrister / Lawyer Scam
[email protected] | 41.215.160.203 (tigo.com.gh, Accra, Ghana) | Fake Cancer Scam
[email protected] & [email protected] | 69.38.157.45 | Fake Carmen Lapointe / UN Scam
[email protected] | 65.202.238.154 | Fake FBI Scam
[email protected] | 172.30.2.247 | Fake Sanusi Lamido / CBN Scam
[email protected] | 200.71.238.16 (Botnet) | Fake Lottery Scam
[email protected] & [email protected] & [email protected] | 41.79.217.113 (mtn.bj, AGAIN!) | Fake Western Union Scam
[email protected] & [email protected] | - | Fake Western Union Scam
[email protected] | - | Typical Nigerian Scam
[email protected] | - | Typical Nigerian Scam
[email protected] | - | Typical Nigerian Scam
[email protected] | 205.251.132.227 | Fake Loan Scam
[email protected] & [email protected] | - | Typical Nigerian Scam
[email protected] | - | Fake World Bank Scam
[email protected] | 89.32.46.32 | Fake Western Union Scam
[email protected] & [email protected] | 62.179.121.52 | Fake "World Bank" Scam
[email protected] | 116.202.17.183 | Fake Business Proposal Scam
[email protected] | 41.138.188.156 (visafone.com.ng, Lagos, Nigeria) | Fake IMF Scam
[email protected] & [email protected] | 69.38.157.45 | Fake Carmen Lapointe UN Scam
[email protected] | 41.85.169.94 (benintelecoms.bj) | Fake ATM Card Scam

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[headers]

Your email address attached to the ticket number: 54-20-17-52-34-30 that draw the lucky
winning number,which consequently won the Daily new year Jackpot in the
first category,in four parts.You have been.....<snip>


Also: do not redact anything. We're sending these to Yahoo's legal team as well as a set of abuse people who are dealing specifically with criminal abuse. We have to treat it as evidence in a court of law. No alterations at all.

Note also: I report multiple offending accounts on the same row for some messages. This was how the contact wanted to receive them. To my knowledge, he is the only one processing these reports.
Red Dwarf wrote:
Just one email address that works would be great.

He really wants to keep it just to me for now, unfortunately. It's been difficult getting answers from him as to what further processes could be put in place. An obvious one that I assume should be possible is to hunt for every account that references the term "Western union" in some way in the username. Or "Robert S. Mueller". These represent a huge amount of the accounts I report every day. Imagine the impact of shutting down 2000 of these in one single day. I understand that Yahoo needs to protect itself legally in the event a non-criminal person has created a "Western Union" account for some purpose, but... come on. How many of those accounts would really be legitimate?

So yes. If you want to, let me know. I am okay being the conduit while he wants to hear from a single source.

SiL


Top
 Profile  
 PostPosted: Fri Oct 04, 2013 4:00 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
All my scammers swung over to solely Gmail or Hotmail accounts again. They don't even use Mail.com or rediffmail today, just these two providers.

All the IP ranges are always from the same four African providers (when they aren't from botnets):

In Benin:

benintelecoms.bj
mtn.bj

In Nigeria

vodafone.com.ng
gloworld.com

SiL


Top
 Profile  
 [ 26 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008