419 Spam Goes Lingo

Have you ever received an email from an unknown person offering you an exorbitant amount of money and asking for your personal information in return? Well, that is exactly what a “419 scam” is!

419 spam, also known as Nigerian spam, is named after the Nigerian penal code, section 4-1-9. The most common forms of 419 spam are fake business proposals, fake fund transfers, and email lottery winning notifications—all of which include the spammers’ requests for personal information, such as name, account number, phone number, email address, bank details, etc.

419 spam is often seen in English, German, Spanish, and some other European languages, but spammers are now targeting Asian countries because of the increased Internet user base and widespread broadband infrastructure.

For the first time, Symantec has observed 419 spam created in Hindi using Devnagari script. This is a big paradigm shift where 419 spam is concerned. Hindi is a widely used language in the Asian subcontinent, including India, Pakistan, Nepal, Bhutan, and among Indian Diaspora settled around the world. Therefore, it is not surprising to see that spammers have turned towards Hindi to try and trap Hindi-speaking users in their nasty web.

The following is a sample of this type of spam:  



It is important to note that although 419 spam in Hindi was encountered for the first time (in which content-based filters may have failed to detect it), Symantec message security products were able to catch this spam with the help of Symantec’s proprietary filtering techniques. We advise users to beware of such bogus lures—don’t fall prey to false email messages that ask you for personal info in order to claim your grand prize.

Here are a few tips to identify a 419 scam:

•    The amount offered is huge—it refers to millions of dollars or other currency.
•    An email lottery is mentioned and refers to famous brands.
•    The message provides non-standard contact details for further communication.
•    The message asks for personal information from the recipient.
•    Partnership is offered through fake business proposals.
•    The message offers part-time or work-from-home job offers.
•    The message uses false, emotionally charged stories related to past events or disasters, or a next-of-kin type of story is used.

The next time you encounter a similar message, use the above points to help decipher its authenticity.

Note: My thanks to Sujay Kulkarni for contributions to this blog.