How to Troll a Nigerian Prince

Have you ever received an email from a Nigerian prince? Why not answer for a change and see how things unfold.

Inside an Advance Payment Scam

Boy, am I lucky. Steven Richards, a regional director for the UBS bank just informed me that I am entitled to over 16 million pounds. Steven sent me the information in German from a Hotmail account, as he explained that he was doing this without the knowledge of his employer. It turns out that I am the last of kin of a UBS customer who recently died with his entire family. At first, I was devastated. Losing relatives is always hard and I didn’t even know them. After a brief phase of grief, I decided to claim my inheritance and answer to Steven. Of course, we all know that none of what is stated before is true. It is part of an advance payment scam. I decided to play along and see how far I can get in this scam.

I knew at some point I would have to present identification, so I googled pictures of German IDs until I found a picture that might do the job. Around this ID, I created a fake persona: Thomas, a 65 year old retiree that speaks very bad English. I created a new Protonmail account bearing his name and replied to Steven in German. Not even an hour later did I receive the answer, even though he obviously never sent an email to this account. This time the email was in English. As my alter ego Thomas didn’t understand much of what was written, he decided to call Steven (Steven provided a phone number in the initial email). The phone number was a virtual phone number registered in the UK. This was start of many interesting conversations between my fake persona and the scammer known as Steven. For starters, Steven didn’t sound British at all. He had a thick central or western African accent. I gave Thomas a thick German accent and Steven took the bait. Steven explained that I would need to send a letter to UBS making my claim to the 16 million pounds. While we were still on the phone, Steven sent me a pre-drafted letter that I only needed to sign and send to an UBS email-address he provided as well. I found a signature from the person I modeled my fake persona after on Google, “signed” the letter and sent it. Needless to say, the email address wasn’t really one belonging to UBS.

Afterwards, I called Steven again just to make sure I was doing things right. He told me that I should forward him all emails coming from the bank, so he could process them and give me further instructions. Immediately after our conversation, I received a reply from UBS. Almost, as if Steven had sent it himself 😉

I forwarded this document to Steven and he said he would take care of the first three things on the list, while I was to provide him with my banking details and a copy of my ID. I was also asked to pay about 60,000 pounds to Steven and his lawyer, so they could prepare the death certificate, will and affidavit that I obviously didn’t have. I sent him bank account details for an account that is used in another scam (fake invoices) and a copy of the ID I had based my fake persona on.

By the way: Google could have warned Steven that something wasn’t right with Thomas…

In the next phone call, I told Steven that the money I had wasn’t on my account since it was dirty money. I had obtained it through tax fraud. Clearly, Steven wasn’t amused about this and we had several phone calls and emails regarding the topic.

Eventually, he accepted this money and I told him I could go to the bank and try to transfer the money. For this, he requested a payment receipt as proof that I had sent the money. Steven called multiple times to make sure I was going to the bank. As with the ID card I googled and all the other fake documents I sent Steven, I quickly made a fake payment receipt without putting too much effort into it. To be honest, I was surprised that Steven was still taking me serious after all the obviously fake information I sent him. He didn’t seem to be the smartest person.

Upon sending the fake payment receipt, I called and told him that I could only transfer 10,000 Euros a day and that I would have to go back the next to transfer another batch. Steven seemed very satisfied and called back the following day, asking if I had already made it to the bank again. Again, he showed no signs of suspicion and was eager to receive the money.

Payback Time

So far, I played along and made the scammer think he was receiving money. During this, I unraveled additional email addresses, the bank account he used and received copies of the documents he created for this scam. Steven was happy as can be, assuming lots of money would soon end up on his bank account. It was time to give Steven a little something to think about.

While my alter ego, Thomas, was supposedly on the way to the bank to transfer the next batch of money, I used Emkei’s Fake Mailer to send Steven a fake email from Interpol.

One hour later, I called Steven again. This time posing as a special agent working for Interpol. I told him that Thomas was arrested upon trying to transfer money to a bank account that was linked to African terror groups such as Boko Harram. I could clearly hear the fear in his voice and he demanded to speak to Thomas.

In the next phone call, I switched between fake personas (special agent John and Thomas) and made Steven believe that Thomas had been arrested while visiting the bank a second time. To make things more believable, I used various different background sounds (thanks to Youtube) during all these conversations. Thomas was also crying on the phone when speaking to Steven. All of this really freaked Steven out and he denied having anything to do with this. Eventually he stopped answering phone calls, but he did still answer to emails sent to him. I was having so much fun, I pushed it a little bit to far. However, I finally got to use a phrase I’ve been waiting to use for a long time.

Aftermath

After a while, Steven wouldn’t reply to emails any more. Two days later, I wanted to log on to the Protonmail account I used in the case to go through the mails again before writing this blog article. It turns out my account had been suspended for apperently being part of an advance-fee scam. According to the Protonmail team, someone reported my account and provided them with messages as evidence (since Protonmail can’t see the content of emails).

To be honest, I find this hard to believe. The person that was so stupid and was fooled with cheap photoshopped images, an outrageous story and multiple fake personas (that all sounded alike), then reported my account to Protonmail and provided evidence? To me, it looks like something else triggered this…are we really sure Protonmail can’t read the content?

In any case, I sure did have fun trolling a scammer and while doing so, I did many others a great favor. Spending time interacting with me left less time for Steven to interact with people that might have actually fallen for this scam. And, it sure is a nice story to tell!

MW-OSINT / 26.01.2020