Clicky
Last visit was: Sat Jul 05, 2014 4:54 pm
It is currently Sat Jul 05, 2014 4:54 pm

Nigerian Scammer Yahoo Mail "Serious Action"


All times are UTC - 5 hours [ DST ]


 [ 26 posts ]  Go to page 1, 2  Next
Author Message
 PostPosted: Wed Aug 14, 2013 10:59 am   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Hello.

Thanks to our good friend Brian Krebs, I was put in contact with a senior abuse representative at Yahoo Mail.

I exchanged several initially terse emails with him regarding the perceived very weak, ineffective action Yahoo takes against the myriad Nigerian scammers who abuse their services. (i.e.: virtually none, and way too slow to have any effect.)

Tomorrow I have a call with him and a few other major abuse contacts at Yahoo to discuss a planned "serious action" against these scammers.

My plan is to outline that initially I, but then swiftly thereafter several of you, will send detailed scam reports to a dedicated contact in such a way that it makes it clear that the reported address is involved in scam activity, and in theory Yahoo will shut the account down immediately.

Per day I've been reporting no fewer than 110 Yahoo Mail accounts using their basic, ineffective, undetailed abuse reporting form (http://help.yahoo.com/l/us/yahoo/mail/ymail/spam.html) and while it eventually (sometimes) results in shutdowns, it's so slow that it's virtually ineffective. This should hopefully change that.

I wanted to arrive at tomorrow's meeting prepared to have a solid estimate of how many of us might participate in this action. Who is with me?

This could be a potential game-changer if they take it on, and if they continue the "serious action" beyond - say - a week or a month, Yahoo might eventually become so unpopular with Nigerian scammers that we see them turn back to strictly Gmail, at which point I hope to try the same thing with them. (Speaking of which: does anyone have a decent abuse contact at Gmail?)

Post back here or PM me.

SiL


Top
 Profile  
 PostPosted: Thu Aug 15, 2013 1:07 pm   
Spam Reporter
User avatar

Joined: Fri Aug 25, 2006 7:48 pm
Posts: 121
As you've seen by my posts over the years, I've given up on Yahoo. I'll see how this idea goes and then I'll decide if Yahoo has turned the corner on abuse.

Good luck! :silthumb:

_________________
You yet did not try SPICE? Not the SPAM!!!


Top
 Profile  
 PostPosted: Thu Aug 15, 2013 6:31 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
My experience with Yahoo has been totally different. Maybe they found me too damned annoying to ignore.

I never gave up on Yahoo, and up til 2 months ago I was reporting and confirming dozens of takedowns per day.
Now I am finding no time left, with Evil Eva taking up all my spare time.

So I welcome others taking ove the challenge. But it is not difficult, and once you get them accepting your requests, they act very fast - under 24 hours was my average.


Top
 Profile WWW  
 PostPosted: Thu Aug 15, 2013 8:46 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
I got a quick response today. Too bad it was the only/few responses in the last couple of days/weeks

Recently you requested personal assistance from our on-line support center. Below is a summary of your request and our response.
Subject
419 spam from [email protected]
Discussion Thread
Response Via Email (Casey) 08/15/2013 03:25 PM
Hello Jim,
We have taken appropriate action against the Yahoo! Account in question, as per our Terms of Service (TOS).
Note: Yahoo! is unable to disclose any actions taken on another user's account. We are not able to make exceptions to this rule.
Thanks,
Casey
Yahoo! Customer Care
hXXp://www.yahoo.com
New from Yahoo!
Don't just check the weather, see it. Introducing the Yahoo! Weather app. The forecast is beautiful. Download for iPhone. Download for Android.
Auto-Response 08/14/2013 07:25 PM


Top
 Profile  
 PostPosted: Fri Aug 16, 2013 4:16 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
Red Dwarf wrote:
and once you get them accepting your requests, they act very fast - under 24 hours was my average.

I guess my point is that the scammers are well aware that you need a response time of minutes. Preferably less than 5. Hotmail was up there for a while but they aren't. My opinion is: Yahoo is preferred, and it's obvious why: they take too long. It will never impact these scammers. This is why I'm specifically targeting them. Status quo cannot maintain.

SiL


Top
 Profile  
 PostPosted: Sun Aug 18, 2013 6:22 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
110 a day? Wow!

I can contribute, but it won't be consistent due to time constraints. If I can just forward them to a dedicated email address from Mailwasher (which includes all the headers; it's designed to work with Spamcop), that would work best.


Top
 Profile  
 PostPosted: Mon Aug 19, 2013 12:38 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
I find that on reporting spam to Yahoo there is now a CAPTCHA which they define as
Yahoo wrote:
CAPTCHA (trademarked by Carnegie Mellon University) is a word verification code which Yahoo! uses to protect your account against spam or other unauthorized account access. By entering the code, you verify that you are a human and not a spam-sending computer.
You may encounter a CAPTCHA code when:
    Sending an email containing HTML, links, embedded graphics, attachments
    Forwarding messages (chain letters, jokes, etc.)
    Performing too many failed sign in attempts
    Creating a new Yahoo! account


Last time I was reporting to Yahoo there was no such requiremant so long as you were looged on. Are you seeing that too?
I am using a similarly inadequate reporting page at
http://help.yahoo.com/l/au/yahoo7/abuse/general.html


Top
 Profile WWW  
 PostPosted: Mon Aug 19, 2013 8:11 am   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
I get the Capcha also My Yahoo sign on is a paid account

Also got Capcha with help.yahoo.com/l/us/yahoo/mail/ymail/spam.html


Top
 Profile  
 PostPosted: Mon Aug 19, 2013 2:48 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
The form is rinky. It doesn't allow for any detailed information to be included. It sometimes doesn't give the captcha, but more often does.

It's yet another form that is so poorly executed that it effectively stops people from reporting anything to Yahoo.

And of course: you get absolutely no response whatsoever from Yahoo.

This is why I hate this form, but it's the one that their main abuse team member recommended to use.

SiL


Top
 Profile  
 PostPosted: Mon Aug 19, 2013 3:07 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
I gave up using the online forms.

I use complainterator and submit by email. I get about the same responses but they do show the domains reported.

I have several yahoo addresses but can't tell the good ones from the bad so I use them all.


Top
 Profile  
 PostPosted: Mon Aug 19, 2013 4:30 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Complainterator? That reports to registrars based on a URL.
Did you mean 419AR or 419FILE?
What is the email address that you send reports to?


Top
 Profile WWW  
 PostPosted: Mon Aug 19, 2013 5:07 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Up until last May I was reporting an average of 20 per day, getting responses on about half of them.
Today I tried testing out Yahoo again after 3 months respite. I reported these 11:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

I received 6 auto-responses over the next 30 minutes in the format
Yahoo Acknowledger robot wrote:
No Summary [Incident:130818-023864]
FROM Yahoo! Acknowledger TO You

From
Yahoo! Acknowledger

Response
Thanks for contacting Yahoo! Customer Care.

Your Incident ID is: 130818-023xxx

• If you're reporting abuse, thanks for improving our community (it means a lot to us). We'll dig in to your report and take care of this. We may contact you if we need more information to complete our investigation.

• If you aren't reporting abuse but are trying to ask a question or get help, we'll get back to you as soon as possible.

Sincerely,
The Yahoo!7 Customer Care Team


Notice how there is no way to know which report generated which Incident ID. Tracking is thus rendered futile.

One of the submissions had an immediate reply from Yahoo!7 Customer Care (Mickey) indicating that submissions need to include full headers etc. That would be a glitch either at their end or at mine. Because they are entered into a web page I do not have an audit trail to check and resend. Nor do I know which submission was rejected anyway. But that leaves 10 more.

There were 5 other auto-responses like those quoted above, each with a unique incident ID but no way of telling which report it applied to.

Over the ensuing 9 hours there were replies, from email ID Yahoo! Customer Care. They were in one of two forms. Two of the 11 reports were for Yahoo! IDs in France, and two of the responses were in French.

ENGLISH
Quote:
No Summary [Incident: 130818-023xxx]
We have taken appropriate action against the Yahoo!7 Account in question, as per our Terms of Service (TOS).
Note: Yahoo!7 is unable to disclose any actions taken on another user's account. We are not able to make exceptions to this rule.

Thank you again for contacting Yahoo! Mail.

Regards,
Mickey
Yahoo! Customer Care


FRENCH

Quote:
No Summary [Problème: 130818-023yyy]
Nous avons pris les mesures nécessaires à propos de Compte Yahoo!, conformément à nos Conditions d'utilisation Conditions générales d'utilisation. Pour de plus amples renseignements à propos de nos Conditions d'utilisation Yahoo!, veuillez consulter la page suivante :

http://info.yahoo.com/legal/fr/yahoo/utos/fr-fr/

Remarque – Yahoo! ne peut en aucun cas divulguer la nature de la ou des mesures prises à l’encontre du compte d’un autre utilisateur. Cette règle ne souffre aucune exception.

Encore une fois, merci d’avoir contacté le service Yahoo! Mail !

Cordialement,

Alain

Service clientèle Yahoo!


So 11 were submitted, 6 were acknowleged, 1 was rejected, 5 may or may not have been acted upon, with a reponse time between 1 and 10 hours.
I can not tell which 5 of the 11 were totally ignored, except that I can deduce that the 2 reports for the French email IDs were addressed.

Problem reports were submitted using an automation tool on the slightly more detailed abuse reporting web page at
http://help.yahoo.com/l/au/yahoo7/abuse/general.html
Although it has "AU" in the URL, it is able to be used from other geographies, including mine.

Note the annoying CAPTCHA that makes automated reporting of dozens of frauds per day exceptionally tedious.


Top
 Profile WWW  
 PostPosted: Mon Aug 19, 2013 7:36 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
We had the call. For now it's going to be just me reporting from some expected addresses, and from there, if we see really fast shutdowns, more of us join the fray.

He was really engaged, and I am intrigued to see if this is the first real action that we get to take against these morons.

My hope is that his team - which is specifically e-crime-related, not overall broad abuse - will get used to seeing the same kinds of message types being reported, and the accounts get shut down really fast. New scam types: possibly a different story. If that happens: we could then try the same approach with Gmail and AOL.

More as I get it. Very interested to see how this pans out.

SiL


Top
 Profile  
 PostPosted: Mon Aug 19, 2013 7:46 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
* Stats:
My log of recent (up to May) 419 fraud reporting shows 3,000 reports, of which 1,100 are Yahoo and 600 are gmail Microsoft is harder to calculate, since there are so many variants.
But you can see that more than half are abusing those two service providers, Yahoo and Google. .

* Automated reporting:
My reporting system was previously practically totally automated, sending off up to 50 reports from my Gmail Spam box to all ESPs. It uses email except for Yahoo and Gmail and GMX where it auto-fills the page and sends. 50 scam emails per run is based on my maxlist per page under Gmail.

I have 3 419-fraud gmail accounts, which seeded their addresses into known mugu traps. So over 95% are frauds.

Now, with Yahoo's CAPTCHA, I may have to revert to email to Yahoo, if I want to do this style of automated reporting.

The autoreporter decides which fraud brand it is, based on key-word extraction from the body text. Then the request names the brand and the keywords. Here are 6 examples
    k.john942@laposte.net X-Recovery-fraud-Keywords: [list of key words specific to Recovery fraud]

    nasikogroupofcompany@aol.fr X-Friendship-Scam-Keywords: [list of key words specific to Friendship fraud]

    infonatwestbk1@ymail.com X-Lottery-Fraud-Keywords: [list of key words specific to Lottery fraud]

    creditpage78@gmail.com X-Loans-Scam-Keywords: [list of key words specific to Loans fraud]

    ty66252404@cantv.net X-Purchasing-Fraud-Keywords: [list of key words specific to Purchasing fraud]

    wfrank@yahoo.com X-Advance-Fee-Fraud-Keywords: [list of key words specific to Advnce Fee fraud]

I mention this, as it is the same method that they could use to set a confidence level in classifying the various fraud emails that we report.

It is still time-consuming, and a more direct method of simply forwarding the total email via a web-site upload for them to handle with a large enough team of dedicated handlers would be more efficient.
If they created some similarly automated approach as we use to analyse and suspend the majority of scams it wouls speed things up. They need to have enough pepople working on it, with good automation tools, so that they can meet a target turn-around deadline. It's not difficult to calculate how many staff would be needed, once the target is set. That's how help-desk operations are set up. And of course, be multi-national, they could spread the exercise around the world to make it 24-hour fast response within one or two shifts.

* Better approaches

Obviously, it would be better for them to not rely on our reporting. If we can set up honey-pots, so can they.

Even more obviously, placing scam detection at the point of egress would make a lot better sense, stopping it from getting out and suspending offenders at the source. But that's another battle.

Feel free to share this with your contacts at Yahoo.


Top
 Profile WWW  
 PostPosted: Tue Aug 20, 2013 7:53 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 01, 2008 4:59 pm
Posts: 671
Reply within 8 hours (submitted by email) Below is all from response

Subject 419 spam from [email protected]
Discussion Thread
Response Via Email (Casey) 08/20/2013 04:29 PM
Hello Jim,
We have taken appropriate action against the Yahoo! Account in question, as per our Terms of Service (TOS).


Top
 Profile  
 [ 26 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine, Yandex [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008