It's going to be a rough morning for some Nigerian scammer.

This might appeal more to geeks, I dunno but I think it could entertain anybody that has the time and likes to see a scammer get fucked over. Another one of my fun romps through the criminal underworld on the internet.
The names have not been changed to protect the guilty.

This is in not a hacking/cracking kind of thing. It is a walk into a public space and talk real loud next to a burglar kind of story.

I checked my email this evening and found I had received a spam. For shits and giggles I decided to poke around.
That red bar wasn't there until later.
email 1.png

I decided to run a whois on ugf.br and checked their web site to find out it is a university in Brazil. In the email header I found the originating IP was 41.71.162.156 which a whois query revealed to be of course a cell phone company in Nigeria called Visafone Communications Limited where they literally sell an entire business in a box.
For my safety I decided not to connect directly to any of these systems, it's just not a good practice. I have tor and a privoxy proxy installed on my system so I connected through the tor network. If you're not familiar with that, it is a system to bounce your connection around various nodes around the world and make it virtually impossible to find you unless you slip up and leak something.
I tried to telnet in to that ************ account on the university server but it was not accepting connections. Googled "zimbra", which was revealed in the IP header as the email client and found it was a web based system on that university.

Guess what the password was...

Baffled as to why the university has a free for all email account, I logged into the middle of a scam operation.
The webmail was in Portuguese but I more or less figured it out. I could see the received emails, the drafts, and sent emails. There were 3 people I discovered were falling for as he was corresponding with them. I'm amazed anybody falls for this kind of crap. There were also plenty of delivery failure messages.
Here is a correspondence I pasted to a friend I was talking to while all this was happening.

Thanks for your response. Meanwhile, the diplomat has left my country
today to Mexico where he has other lodged funds of your inheritance to
be delivered, so he will be contacting you from Mexico.
Note, the diplomat does not know the content of the box and please do
not disclose it to him, in that its content is money for security
reasons. Before he left we told him that the content of the box is
personal effects material, he will contact you immediately they arrive,
so that you can come along with the clearance fee of $4,500 dollars. In
this case, I will advise you to ensure that you comply with them so
that your fund will be delivered to you without any further delay.

Finally, find attached the documents covering your fund as the prove of ownership and please keep me updated. Have a great day.

Best Regard

-Percy Brown
Emailercybrown@w.cn

I moved on to the sent mails and found over 1000 messages sent. There were a couple hundred today and a few yesterday. It seems he comes and goes from time to time I guess between working the email and phone calls.
Each one of these messages had a list of about 150 people and there were maybe 10-40 messages of each type.

I'm very glad for auto save because I'm high right now. I went out of private browsing to copy something and forgot firefox does not save private pages.

Next I got an idea. I typed up a fake email where another party contacts the scammer in a way so stereotypical that it leaves little room for interpretation what is going on. I made sure to use stereotypical foreign and arab sounding names and of course one con artist is ripping off another in it. The guy types poorly as if somebody else provides his scripts and instead of a phone, he is in one of those Nigerian internet cafes. The goal was to make it appear this email was accidentally sent to a mailing list or reply-to-all was pressed.
I pasted this into each of the previously sent emails in place of the original text, changed the title to "Re: sale of scam email list" and fired it to each of the mailing lists.
The bottom email is the one sent to the scammer by a phantom party and the top email is the scammers reply he "leaks".
email 2.png
That email came to me because I was still on one of those lists. The email header had it coming from Germany.
It took hours to run through that list but I sent that email off to two days worth of his work. I made sure to send it a second time to the people who were communicating with him. I watched as over 4000 emails came in. About 75% were delivery failure notices and the rest were "on vacation" or "out of office" and a few "thank you for your inquiry about our product, we will reply shortly" emails. Only 3 people replied in person.
One told the scammer that he had accidentally sent an email that was meant to somebody else and they seemed helpful. I guess he didn't connect what was going on or didn't care that these were criminals.
The other two I am quoting from what I pasted to my friend.

Guess you just lost any hope of getting that “idiot” to give you his money by weeks end if he read your email. Ha ha.Whose the retard now!!!

FUCK. ALL YOU AND THE ENTIRE. AFRICAN CONTINENT. MAY YOU ALL BE BURIED. IN A PIG SKIN SHROUD AND THE DOGS PISS ON YOUR GRAVE.

Connected by DROID on Verizon Wireless

That dude was pissed.
There's no point in that. Those were 3 messages in over 4000, the scammers don't care if you yell at them and it only confirms a valid email address.

Next I deleted any emails from people who were replying to his scams that he hadn't seen yet and covered up all of the evidence of what I had done so he'll be baffled as to why all of a sudden his marks wise up and people stop replying.

My last act was to be stealing the entire email list so I can try to figure out how many there were and where he is getting them from however I only copied the first list of 150 and my connection to the server was closed. I figured what happened was the system admin had just caught me since I was being extremely loud and sticking around longer than usual so he blocked me in iptables. I changed my IP and still couldn't connect. You can't torify a ping so I used nmap and *********** was gone from the internet! It seems somebody noticed the massive million email network lag or got a warning from one of these recipients about retarded criminals using their server and they either took the interface down or pulled the network cord entirely until the system admin or a tech can investigate what happened.

Then I fired up a bowl to celebrate and I got the idea to type this so someone else may enjoy.

In the end I didn't get the list but it all worked out. People were warned that they were on a spam list and a few may be saved from being robbed therefore rendering his mailing list far less effective, many no doubt got a kick out of a stupid scammer revealing himself, I got my yayas, and the admin of that server hopefully now realises the grievous security situation on their network and puts a stop to this email jackassery.

they tried getting my gma telling her she had a inheritance from a guy in japan lol

Haha nice job

Well I logged in this morning and the server is back online and he just sent out another mass mailing. Perhaps I should have titled this "some nigerian scammer is going to have a bad week" because this guy is my new hobby.
He was in the account at the same time I was, I can tell this because he deleted some of the incoming delivery failure messages while I was digging around. This time I download all of the lists he used. 106 in total coming out to 1.6MB. If your average email address is about 20 bytes that makes this roughly 80,000 emails. Too bad, this list is worth money and I know places where people buy and sell this sort of stuff all the time but my ethics make it impossible for me to profit from this list (unless maybe I contact the scammer and sell his own list to him) so this thing is mostly just a curio item for me. I wonder where he's getting all these email addresses, if he bought them or has a crawler running somewhere.

I probably won't update much here unless somebody is interested because all I intend to do today is diff todays list with yesterdays and if they are not the same, send out another mass embarrassment for him, this time with the universities contact information on the list so they surely know what is going on. Chances are the lists are different since I didn't get any mail from him today.

I have removed any specific links since the server came back online and they didn't fix their dismal security situation. If anybody is interested in using it for their own purposes or just checking it out, it is the universities choice to keep it open to the public so just PM me and I'll send you the info I have.
Screenshot.jpgScreenshot-1.jpg

Thats awesome what your doing to that dumbass! lol.

lol wish i could do things like this

I would really like to know what happens when you decide to conclude your fun. make it a good one!

Subbed. Keep this updated dude. This is awesome. Sell him his own list. Seriously....do it. Yesterday.

...........