spamm, Skewered: The "Lads From Lagos" Go To Mother Russia 
etee [ net
spamm, Skewered: The "Lads From Lagos" Go To Mother Russia
Categories: spamm, Skewered, SCC Presents..., Nigeria 4-1-9, 1141 words9 feedbacks • PermalinkThe whole "Nigeria 419" thing is truly taking on an international flavor. Almost every day I get some form of business proposition, where I am offered the opportunity to turn over all my $$$$MONEY$$$$$ and offer up my bank account as a tool for laundering some humongous amount of ill-gotten loot, in the hope some of it might stick the the account. Of course, as we all know, the object of the exercise is for the Lads to get all of your $$$$MONEY$$$$$ via "special fees", not for them to actually give you any of theirs.
Well, back on 1 May I received a new variant of the same old scam, from a whole new country even! So, it will go in my 419 collection, and to commemorate the event, I decided to skewer it right here for you.
So, without further ado: The spamm!
Return-Path: []
Delivered-To: [THE.ME]@.net
Received: (qmail 32195 invoked from network); 1 May 2005 11:54:00 -0000
Received: from exprod5mx32.postini.com (HELO psmtp.com) (64.18.0.187)
by redwolfrun.com with SMTP; 1 May 2005 11:54:00 -0000
Received: from source ([]) by exprod5mx32.postini.com ([64.18.4.10]) with SMTP;
Sun, 01 May 2005 04:53:58 PDT
Received: from [] (helo=ma18.eresmas.com)
by smtp13.eresmas.com with esmtp (Exim 4.10)
id 1DS9nX-0001hw-00; Sun, 01 May 2005 10:27:31 +0200
From: dom dom may []
To:
Reply-To:
Message-ID: []
Date: Sun, 01 May 2005 08:27:31 GMT
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: en
Subject: urgent
X-Accept-Language: en
Content-Type: text/html; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printableWell, it appears this email originated from a RFC1918 (private) address, and was sent to a mail server at erasmas.com, which is a domain registered out of Panama. I am not sure, but this domain may be owned by a rental car business. From there, it travels to my spamm filter (Postini), which passes it along to me (not their fault, I have my filters configured to allow tasty MMF spamm to pass through.) No real clue as to the point of origin, although apparently the spammer used a Netscape Webmail client. So, with that, we shall proceed on to the body of the message:
Dear sir
I am Dom May and I represent Mr. Mikhail Khordokovsky
the former C.E.O of Yukos Oil Company in Russia. I
have a very sensitive and confidential brief from him
to ask for your partnership in re-profiling funds in a
private bank investment portfolio in Western Europe. I
will give the details, but in summary, the funds are
coming via Bank Menatep in Russia. This is a
legitimate transaction. You will be paid 2% of the
portfolio investment value as your "management fees".If you are interested, please write back to me via my
private E-mail and provide me with your
confidential telephone number, fax number and email
address and I will provide further details and if you
are satisfied I can proceed with the instructions.
Please we can not afford any political problems
because of recent events in Russia. So I will advice
you keep this to your self.Finally, please note that
this must be concluded within reasonable time frame
therefore your prompt reply is essential.Write me back. I look forward to it.
Dom May
-----------------------------------------------------------------------
SOS Aldeas Infantiles. Ningún niño sin hogar.
Oh, how the mighty have fallen! At one time, Mikhail Khordokovsky controlled the largest private company in All the Russias, and was a serious political threat to President Putin. So, in the best tradition of Russian politics, Mr. Putin had him arrested, and made "arrangements" for this private company (or at least its most lucrative assets) to be taken over by Lukoil, the state-owned oil company. The drama played out in a Houston courtroom for awhile, as Yukos tried to stave off assimilation into the collective by means of the US bankruptcy laws, until finally realizing that, in Russia as in the Borg collective, resistance is indeed futile.
Anyway, Mr. Khordokovsky apparently has some assets tied up, and he needs to get the cash run through a laundry, quickly and on the QT. So, he hires Dom May as his agent, to find someone at random on the Internet who might be able to help. And, lucky me, I was The Chosen One! This is better than winning the lottery!
OK, so what do we know of Dom May? He uses Netscape web client to send email from an mail server in Panama, and provides a return email address of So, let's see... "sify.com" is regustered to Satyam Infoway Ltd, out of "Teynampet, Chennai", which is located on the coast near the Bay of Bengal, to the east of Bangalore -- in INDIA! As in, where tea, and tigers, and elephants (oh my!), and Indian food come from. So, now I have to wonder, is "Dom May" an agent for-real, or is he simply trying to supplement his $2.50/day salary as a "off-shore" programmer, working for some US firm who move their IT jobs over there to cut costs? Or, maybe he is supporting the applications for "erasmas.com", and added a little extra code to allow himself to utilize their mail server in his moonlighting activities. Seeing as Chennai is close to the Tamal region, where I think they have been having some problems with separatists, does this mean that Dom May might be raising funds for terrorists?
Of course, maybe Mikhail Khordokovsky is really channeling The Donald, and in his own version of "The Apprentice" has teams of competitors out scamming the globe, trying to see how much $$$$MONEY$$$$$ they can launder. A quick Google on Mr. Khordokovsky returns about 650 'hits', and in the top 10 are no less than 5 such scams, and the "agents" include: 'Farsan Haddad', 'YURIY LAGUTIN' (whose Caps Lock key may be stuck), 'Fersan Haddad' (related to Farsan, per chance?), 'Ms Natalia Sidorova' (ah, yes, equal-opportunity is alive and well in the spamm/scam industry, I see), and 'Dieter Plaumann' (who claims that Mikhail is the confidential assistant to some Bryan Marsden out of Malaysia, and who is offering a 40% "management fee". Interesting.) I wonder who will be the next one to be told "You're Fired!", and if they will follow the Russian tradition of actually placing the unlucky one in front of a firing squad!
So, it appears this particular 419 scam has a real international flavor to it. It is from an Indian gentleman, who is helping a Russian felon launder money from an investment portfolio in Western Europe, who communicates via a car rental company's SMTP server in Panama, using a scam which originated in North Africa, and has been made famous by the Lads from Lagos (in West Africa.) All we lack is participation from the Aussies and the penguins to make this a truly globe-spanning spamm.
Isn't the Internet wonderful?
https://.net/blog/htsrv/trackback.php/32
05/14/05 @ 10:23Good skewer.
06/03/05 @ 08:35They are now using the name Dieter Plaumann as the representative.
06/03/05 @ 10:34Yes, "they" certainly are, as I noted in the story. This isn't too surprising: changing the names is one way to try and get around the spamm filters. Also, by changing the story up a bit, the perps may be trying to reel in a different (and maybe larger) crowd of marks.
Just remember, even if the names change, the end result -- separating the sucker from his $$$$MONEY$$$$$ -- remains the same.
06/03/05 @ 22:46
07/05/05 @ 11:47Interested in the link between Mikhail and a so called Bryan Marsden out of Malaysia offering the 40% management fee.
Is this the Bryan Marsden who is the CEO of the PIPS scam?
Searched on Google but could not find a link.
Thanks.
07/06/05 @ 07:08I found the link with a Google for "Mikhail Khordokovsky", and IIRC it was on the first page. Given that this is a scam, I am guessing that either (a) Mikhail is a fake name, or (b) the scammer used Bryan Marsden's name in the hopes that some PIPSqueak would take the bait, or (c) all of the above.
-etee
08/28/05 @ 11:38i was im'ed by one of their minions claiming to be a black man from Ghana currently in England. At first he chatted like he wanted to get to know me, then asked if i wanted to go into business with him,then started to tell me about Mikhail K. while he was telling me this i went to the web and found the female Natalia and read the scam, I then pretended to be stupid and asked him who she was and he said she was Mikhail's former asst., who helped betray him. I then blocked him. and went searching for more
08/28/05 @ 11:45i also told him if he was really someone who worked with Mikhail, he would have been placed in a mine field and told to dance.You dont piss off the Russian Gov't and get out that easy as to be tracible on the net.
08/28/05 @ 20:31by the way if your interested his address was and said his name was john that he was in england but was from Ghana,and travels all over.
[]
