Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am telling the story of my first experience with a 419 scam. Let’s get started.
I’m writing this during a time of many projects, and if this post appears randomly, it probably means I need a week off, or I’m stuck and need extra time with next week’s project. Even now, it’s been a few weeks, so parts are already slipping away.
It all started when I received a computer related Discord message announcing a giveaway to help with the hard times of the pandemic going around. I had won .81 bitcoin! Huzza! How much was a bitcoin worth? I looked it up, and it was floating around the $9200 mark. I was staring down about $7000 if I could go claim it. The message gave me a code and a link to a cryptocurrency exchange where I could redeem it.
I was suspicious, as I should have been. Red Flag 1: I never entered any giveaway. Red Flag 2: The account giving away this freebee had only just now joined the only server we had in common. I decided to check out the link, but not as myself just yet. I decided to install TOR browser to make it look like I was somewhere else. One problem: Debian’s repositories only allow old, proven software. That’s when I learned about backports.
According to the Backports page on the Debian Wiki, “Backports are recompiled packages from testing (mostly) and unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever it is possible) on a stable Debian distribution.” It goes on to say you should only use what you need without using every backport in the whole of Creation, at which point, I’d think you’re better off using the testing version of Debian Sid, the “unstable” version.
TOR went on without too many additional problems. I followed the link, and the site looked professional enough. I revisited it with regular, old Firefox and made myself an account using a unique password, as you should. Red flag 3: I didn’t get a notification e-mail. I noted it, but chose to ignore it for the time being. The site also went out of its way to point out that it was using https for encrypted login.
Redeeming the code went smoothly as you’d expect. I figured there’s no point in spending the money until I had gotten something tangible off this exchange. I mean, $7500 or so is enough for a very nice desktop computer — maybe even a couple just nice ones, even after paying a 10% tithe to my church. I even contacted their online giving section and was a little sad they didn’t accept Bitcoin. The most impressive part of the exchange was how it was already Friday afternoon, and they still got back within about four minutes.
I decided to try making a small purchase, but there was a small matter of the exchange saying there would be an equivalent of a flat, $5 charge for every transaction. Yellow Flag: While this business model is entirely reasonable, it discourages testing them out with small payments. It’s easier to ignore $1000 +$5 than it is to ignore $1 +$5. Switching things around, I found a way to purchase from NewEgg using a service that accepts Bitcoin and decided it would be good to pick out some hard disks for a future project.
In parallel with that project, I learned a bit more about the mechanics of Bitcoin payments. I tried making an anonymous account on a more reputable cryptocurrency exchange, but they wanted personally identifiable information. Red Flag 4: This other site I was working with was only 3 days old, according to domain name records, yet it had articles dated before that.
Another tidbit I learned from a third party was that there are laws forbidding cryptocurrency exchanges from making cash payments until the account has already received payment from a verified bank account, and then it can only pay to that bank account. Turns out that’s to prevent money laundering.
I continued on with trying to buy the hard disks by moving the Bitcoin off the exchange and onto my phone. I generated a code, moved it over to the exchange, and… Error: new account, please deposit about $200 to unlock your account. Bummer! I had been warned about this, but I chose to go learn about it anyway.
A sliver of faint hope was finally dismantled when I talked with one of the mods on the Discord I was on. Turns out multiple people had gotten targeted, but I was the first to report this particular individual. After a screenshot of the PM he sent, he was banned from the server.
Final Question: Have you ever been targeted by a 419 scam and come out the other side with an interesting story?