What is Baiting?

Baiting is trying to waste the scammers time so that they can not actually victimize someone else. (thanks to MIT61 for the description)




In the next few days I'll be opening this thread for those that have questions about baiting. I'll answer any questions you have here to keep the subject out of the other threads. This site's not really about baiting, but some of you obviously want to do it. I'll say this from the start though, scambaiting can be dangerous if you don't know what you're doing. Because of this, any replies people post that would violate safe baiting practices will be immediately deleted from the thread. Rule #1 is ALWAYS BAIT SAFE.

Safe baiting - Putting on your cybercondom

There are things you need to be aware of before you even think about baiting a scammer. First up, as much as you may want to get back at the person that scammed you, the last thing you should do is continue from the address they're already in contact with. Drop them like a stone. Go to 419eater.com and post up their address and let them deal with it. If you want to bait them, or if you just want to have a go with someone else (and we don't really recommend it. It's much better to leave it to the people that know what they're doing), then get yourself a fresh new email address. There are free email providers that will hide your IP address. Google for them. If you don't know how to Google then walk away, you'll only put yourself at risk.

Now, if you're setting up a new address, make sure you put NO IDENTIFYING INFORMATION ABOUT YOURSELF WHATSOEVER in the application. Some email accounts you have to be invited to. Be careful, they keep the originating email address in your details unless you go in and manually delete it. Don't use an account from your ISP and try to get a .com address as well.

When the scammer asks for a picture, don't send them your own. Think of a minor celebrity and Google yourself some natural looking pictures of them. No pictures of them on set or at an award ceremony.

What about a phone number? K7.net is a good place to get a free anonymous number. Skype is good too. An anonymous SIM card is a great help too, plus it costs the scammer more to phone. Personally I have two numbers supplied by an internet phone company that look like real landline numbers.

Know about proxy servers? Know how to use one? Go on then, use that too to be doubly sure. Don't worry too much if you don't. A safe email account is fine.

Never send any documents to a scammer. They can reuse them and scam someone else with it. No matter if you make up a stupid looking fake one with Krusty the clown on it, if it fools a scammer it can fool a victim.

Get yourself a good virus checker and firewall. Get into the habit of checking every document you get sent. Get yourself a spyware checker. And always make sure to keep them all up to date.

Of course, the BEST thing you could do is join 419eater.com and sign up for a mentor.

Finding an IP address. You need to know this whether you bait or not.

Hotmail
On ther upper right hand side of the screen you'll see "Options". Click on it, then go to "Mail Display Settings". Where it says "Message Headers", change the option to "Advanced". Once that's done, click on "OK" and you'll see the headers of all the emails you get sent.

Yahoo
Open your email. Scroll to the bottom of it and click on "Full headers". There they are. Nice and simple.

Gmail
Open your email. Look for "More Options" next to the date the email was received. In the new set of options that pop up, look for "Show Original" and click on it. Your email will open up in a new page complete with headers.

Fastmail
On the same line as the subject, to the right of the screen you'll see "Show full header". Click it.

Using an external program to send and receive emails will send your IP address to the scammer as well. Only do this if you have emails already sent to you and you need to retrieve them for posting on the forum. NEVER USE THEM TO BAIT.

Outlook Express
I don't use OE myself, so if someone can confirm the method at

Only registered users can see links on this forum! Register or Login on forum!

works, please let me know.

Thunderbird
Open your email, hold down the Ctrl key and (while still holding it down) press U. Up pops a window with the headers.

MSN 7.5
Credit to jombee for this one. Open the Inbox e-mail.
Press Alt and Enter together presto there's the info.

Windows Live Mail
Open up your inbox, right click on the email you want to check, then click on "View source".


What to do with the headers
Now you have them, what do you need to look for? First up, check if The Bat! is there. It's a very sophisticated email program that lets you use multiple email accounts easily. That's why scammers love it so much. It's a legitimate piece of software designed for businesses that the scammers have latched onto. Make a note of the version number and post it in your report. Now, how to find that pesky IP address we keep talking about. Working from the bottom up, you need to look for a set of 4 numbers, similar to

82.198.27.180

If you see one that starts 192.168 then ignore it. It's an internal IP address and just means there's more than one computer connected to the same internet point. It's how computers in the same building know to look for each other. Keep looking up. When you find the IP address, go to

Only registered users can see links on this forum! Register or Login on forum!

and type it in. If we use 82.198.27.180 as an example, typing it into the WHOIS Lookup and Reverse DNS Lookup boxes should give you all the info you need.

Only registered users can see links on this forum! Register or Login on forum!

Only registered users can see links on this forum! Register or Login on forum!

There's also another site you could use to check the headers. It's just been updated and is looking pretty good.

Only registered users can see links on this forum! Register or Login on forum!

All you need to do with this site is copy the entire header and post it into the box.

WHEN YOU POST THE HEADERS MAKE SURE YOU REMOVE YOUR OWN DETAILS OUT OF IT OR YOU'LL BE TARGETTED BY EVEN MORE SPAMMERS AND SCAMMERS!!

Copy and pasted from

Only registered users can see links on this forum! Register or Login on forum!

Why Russian scammers use The Bat!

Scamming is a sophisticated technique used to part the unwary of their money. The challenge for the scammer is that not everyone falls for the scam; unfortunately, enough people do fall for the scam to keep the scammers in business. This short article helps explain how Scammers use technology to help them commit a scam and signals that you can look for that will help you avoid being a victim.

Scammers have a big problem to overcome when they try to get unwary people to send them money – first, there is a much higher awareness today so far fewer people fall for the scams. This means that Scammers need to "play the percentages" and send out as many "convincing" e-mails as possible in the hopes of finding their victim. How can they do this? Through technology solutions normally used by companies. Let me ask you two questions: First, what would you think if you knew that the person writing you was using a commercial software application typically used by businesses? Second, what would you think about receiving e-mails from a mail client from someone claiming that they were using an Internet Café? If you do not understand either of these two questions, your vulnerability to being scammed is much greater. There are two pieces of background information that will help you understand why understanding the context of these two questions is important:

First, managing the large number of scams that are necessary in order to identify a victim is difficult. The solution is to use a commercial software application that has the following characteristics:

1) The Scammer needs an e-mail client that can manage large amounts of e-mail from many different e-mail accounts (using the same e-mail account for communicating with many victims can be problematic since once identified as a Scammer, there are enough Blacklists that the e-mail account will be readily recognizable).
2) The Scammer needs an e-mail client that can sort messages from different e-mail accounts into threads do that the dialogue over time can be managed – this allows "customization" of the communication with the victim to help avoid suspicion (not answering questions or ignoring important information can tip off a victim that something is wrong.
3) The Scammer needs a way to reduce the amount of effort required to communicate with all their victims.

Second, as the scale of the scamming activity increases, the Scammer will have a problem using a web e-mail service:

1) E-mail service providers, once aware of a scam, can involve law enforcement agencies and can identify other victims and send out warnings – the Scammer needs to minimize, as much as possible, traces of their scamming activities.
2) Most people would never consider using an e-mail application from an Internet Café (which many Scammers claim to be using) since all of their mail would be left on the computer they were using! If someone is using an e-mail application of any kind (Outlook Express, Outlook, etc.) while stating that they are using an Internet Café warning lights and a siren should be going off.




The Bat! (also known as TB! And TB) – I will use TB! From this point on – is an e-mail client application (a program that runs on a personal computer) that is marketed towards companies and individuals that need to manage large volumes of e-mail. The OECD refers to a category of company as a Small to Medium-Sized Enterprise – an SME for short. Smaller SME's often have very limited budgets and cannot afford specialized Sales and Marketing, Customer Service, and other forms of Customer Relationship Management (CRM) software. Our laboratory supports a group company that helps smaller SME's adapt TB! for their business. I mention this because TB! Has been associated with both Spamming and Scamming – the product is legitimate and is a valuable tool for many businesses; unfortunately, the same features that make TB! effective and efficient for companies, also provide a similar benefit to Scammers. There are two features that Scammers find particularly useful:

1) TB! supports a sophisticated macro programming language and a sophisticated ability to manage templates – predefined text that can be dynamically changed by the macro programming language to respond to e-mails. This allows a technically competent person to create a Scamming system that has a high degree of automation while at the same time allowing the scammer to add custom text in predefined areas within the template. The more people that the Scammer can correspond with, the more likely a victim can be found. 2) TB! is designed to work with multiple e-mail servers simultaneously. This makes it very easy for the Scammer to use numerous "dummy" e-mail accounts for Scamming unsuspecting victims (TB! downloads and erases the e-mails from each e-mail server making it harder for investigators to track what was happening).

An e-mail client such as Outlook Express or Outlook Professional and most web e-mail clients such as Yahoo and Hotmail do not offer this level of sophistication. TB! is also very affordable at less than USD $60.00 – well within the means of the typical Scammer. TB! is a product of RIT Labs, which is based in Moldova.

Posting Pictures

You see all the pictures that get posted here. This is how we do it. First up, go to photobucket.com and create an account. You don't have to use your real name when you make it so don't worry. Once you do that, then log into your album. You'll see an optionm on the top right hand sign, "Submit Multiple Images". Click that if you have more than one picture to post. It'll let you select more than one image in one go. You have to have scripts enabled, so if you use NoScript, tell it to allow photobucket.com. If you don't know what NoScript is, don't worry about it because you won't be affected by it. Once you've made your selections, click on "Submit" and wait while they upload your photos. When the screen refreshes, there's your pictures. under each picture you'll see three boxes, Url, Tag and Img. To make a direct link to your picture, select the text in the Img box. Double left click on it and the text all turns blue. Right click and click on "Copy". That'll save the information in memory. Now go to your post, right click and click on "Paste". You should see something like this appear

[ IMG ]http://i39.photobucket.com/albums/e155/yourname/picturename.jpg[ /IMG ]

That's your link to the picture added. One thing to remember, if your scammer sent you naked pictures, don't bother putting them on Photobucket because they'll remove them.

Why Western Union/Moneygram?

Taken from

Only registered users can see links on this forum! Register or Login on forum!

Quote:

Most 419 scams / advance fee frauds by gangs from West and South Africa and many online scams run by Eastern European crime groups involve either Western Union money transfer (WU) or MoneyGram (MG). These services are the preferred method of online scammers to receive cash from their victims. These services are quick and - more importantly in scams - the recipient essentially remains anonymous. Even though in some countries the WU agents will check picture ID when funds are picked up, the criminals don't have any problems getting hold of fake ID. Once they have picked up the cash there is no trace to who they are or where they live. By contrast, bank accounts usually (but not always) involve some degree of address verifiction. For example, when you open a bank account the bank will usually mail the ATM card to the address given by the person who opens the account. If a fake address were used, the person would never receive the ATM card. With WU the criminal can give the sender any postal address he likes but will still receive the cash. Postal addresses have no meaning in a WU/MG transfer because the recipient walks into any agent office and picks up the funds. The money is not delivered to his home or to a bank account. Depending on the country, the recipient can pick any agent office in the nominated city or the entire country.

In a nutshell, Western Union and Moneygram allow the scammers to anonymously collect the money from any victim without fear of the transaction being traced back to them. They can even claim to be in one place and in reality be in a totally different one. Fake IDs make it highly unlikely the scammers can be traced when they receive the payments this way.

Western Union and Moneygram are perfectly legitimate services that the scammers have - once again - learned how to manipulate for their own needs.

Ok, we're open for business. Post your questions here.

EXIF data. What is it and how do I see it?

When you get a photo off a scammer, sometimes you can find out more about it than you may think. Pictures have what's called EXIF data embedded in them, which tells you things like when it was created, what camera/scanner they used, if it's been Photoshopped and so on. So how do you find this out? There's a piece of freeware called Irfanview that'll let you do it. You can find it at

Only registered users can see links on this forum! Register or Login on forum!

Not straight out of the box though. Download and install Irfanview, then download and install the plugins. You have to install the plugins for the EXIF plugin to be installed. Both downloads can be found on the site above.

So now you have it installed, how do you use it? Open Irfanview from your start menu, press the O key to open a file and select the one you want. Once you can see the picture in Irfanview, press the I key, and if you can see a box marked "Exif info" then press the E key to see the EXIF info. If you don't see "Exif info" then there's none there and there's nothing you can do about it. Not every picture has it, but those that do can be checked this way.

Its wierd to see this one unlocked, anyway just wanted to suggest giving this one a sticky, as it is where the instructions for enabling headers are, and keeping near the top might help new members find easier. Thats my story and I'm sticking to it!

So the girl in the pictures is the one I'm talking to, right?

Quoted from Elena (with some slight editing)

Quote:

It is a misconception that ALL photos used in scams are fake. As far as I can tell, 97-98 out of 100 are fake, others may turn out to be the real ones. My agent in Yoshkar-Ola have seen a number of ladies from my black list sitting in WU/MG waiting rooms. Apparently, a number of them are stupid enough to use their own name AND pictures (like in this case, for example). So far we only found 2 ladies like that. That's why we separate them into "amateurs" and "pros". "Pros" (what we often refer to as "Fat Yuri(s)", because majority of them are indeed males) operate differently from "amateurs". Most of the scammers we usually deal with are "pros" and their "WU girls". "Amateurs" are relatively easy. I prefer "amateurs". Though I was told that “pros” try to kick them out of their WU territory from time to time (take their money as they exit WU and politely advise them to stay out of the business).

How do I write "FAKE" across a passport?

I use Photoshop CS2 for this, so I'll post that for now and add how to do it in the GIMP when I get a chance.

First up, load the picture into Photoshop, then click on Layer, New and Layer

In the box you get, change mode to Hard Light and opacity to about 50%

Choose the colour that works best for the picture (usually red I find) and type your text in, changing the text size and moving it to where it covers the most detail. That's all there is to it. That'll stop the scammers seeing a document here and stealing it to use again.

Thank You Wayne, I'm taking it this is in response to my post about not knowing how earlier today. " I can give you a fish and you will eat today, or I can teach you how to fish and you can eat for life"

Yep. If someone asks a question I'll put the answer here too so everyone can share in it.

How far away is she from where she claims to be?

If your scammer claims to be in one place, but the headers show she's somewhere different, here's a great way to find out just how far away she is from where she claims to be. Go to

Only registered users can see links on this forum! Register or Login on forum!

and type in the village names, making sure you choose Russia as the country and you can have a detailed map showing you how far one place is from the other and how to get there.