Thanks for all the phishing in 2010

I am thankful that I’m incapable
Of doing any good on my own
I’m so thankful that I’m incapable
Of doing any good on my own
From Thankful by Caedmon’s Call

Last year in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Given the response to the 2009 post, I decided to make it an annual event. So without further ado, here is a sampling of my favorites from 2010. The things I’m thankful for.

I am thankful that my brilliant achievements in medicine are at long last being recognized. At least in England.


Dear Sir/Madam


Congratulations! The entire management of The Royal Society of Medicine, United Kingdom write to inform you of  our RSM Awards 2010, which you have been selected through our electronic database for the best RSM Award for  the year 2010.

After several attempt to reach you on phone, I deemed it necessary and urgent to notify you finally about the outstanding settlement of your Award payment.

This was initiated by The Royal Society of Medicine, United Kingdom in collaboration with Her Majesty (The Queen of England), to compliment your laudable efforts on medical practices, your humanity contribution to life across the world and to also serve as motivation to improve your ability toward quality healthcare service delivery. We hereby inform you of your reward sum of nine Hundred Thousand British Pounds Sterling, (900,000.00) as one of the winners of (The Royal Society of Medicine Awards 2010).

Based on our arrangement, the Award Dinner Night comes up on Monday the 27th December, 2010 therefore, you are advice to indicate your interest of receiving the award by reconfirming the below stated information:

I am thankful for online tech support that is so proactive they send me Skype messages about vulnerabilities on my Windows PC. To my Mac.

[11/20/10 3:04:31 PM] Online Support: WINDOWS REQUIRES IMMEDIATE ATTENTION
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

I am thankful for the thoughtfulness of Western Union, even if they get a bit testy because I’ve yet to claim my windfall. Although I am a bit confused by that partly payment under a loop of batches of payments deal. Probably just a Western Union thing.


Your fund lodged with Western Union® INTERNATIONAL MONEY TRANSFER for your collection. Your fund has been sent to you by Western Union®/ Act on this email ASAP

This is to notify you once more that your fund portfolio/file is in the list of those that will receive their fund payment of $1,240.000.00 (One Million Two Hundred And Fourty Thousand Dollars) this week. You are to receive a total of $5,000.00 (Five Thousand Dollars) everyday and a maximum of $30,000.00 per week until the full approved sum are exhausted.

Since last 2 weeks, Western Union section in Bank Of Africa, Carre N°912, Cotonou 05BP1972, has made first sending to you of a partly payment under a loop of batches of payments of $5,000 each as the Western Union Rules insists that each transaction cannot be above $5,000. BUT YOU HAVE NOT RESPONDED TO US NOR ACTED ON OUR DIRECTIVES.

I am thankful for famous dead people who are concerned about violating my high ethical standards prior to proposing a shady deal. I guess that since the advent of telephones, that telegraph thing hasn’t panned out too well for Sam.

Dear Partner,

Do accept my sincere apologies if my mail does not meet your personal ethics.I knew that this mail will come to you as a surprise, but please do not be discouraged with my proposal; it was due to how things are moving with me. However, this correspondence is unofficial and private, and it should be treated as such. At first I will like to assure you that this transaction is 100% risk and trouble free to both parties.

My name is Mr. Samuel Morse, a Fund Manager with Fidelity Investment, UK. I handle all our Investors Capital Project Funds which enabled me to divert 1.2% of Investors Excess Return Capital Funds to our Magellan Trust Funds Account where anyone can be presented to claim the funds. Total sum of Fifteen Million, Seven Hundred and Forty Five Thousand British Pounds (15,745,000.00)BP has been diverted, representing 1.2% of Excess Return Capital Funds from the Investor Capital Project Funds for 2006/2007 fiscal year.

I need a reliable and trustworthy person with whom I can work this deal out so that we can claim the funds as mentioned above. There is no risk attached and the funds in question can never be dictated or traced.


Mr. Samuel Morse

I am thankful for Western Union MoneyGram office that wants to help me get some of my money back from Nigerian 419 scams that I was apparently a victim of. This guy also has a strangely familiar, albeit misspelled, name. I’m just wondering why a nice American investigating officer has an email address for an outgoing mail server in China. Must be another Western Union thing.

After proper and several investigations and research at Western Union and MoneyGram Office, we found your name in Western Union database amongst those that have sent money through Western Union to Nigeria and this proves that you have truly been swindled by those unscrupulous persons by sending money to them through Western Union/MoneyGram in the course of getting one fund or the other that is not real, right now we are working hand in hand with Western Union to track every fraudsters down, do not respond to their e-mails, letters and phone calls any longer as they are scammers and you should be very careful to avoid being a victim to fraudsters any longer because they have nothing to offer you but to rip-off what you have worked earnestly hard to earn.

In this regard a meeting was held between the Board of Directors of The Economic and Financial Crimes Commission (EFCC) and as a consequence of our investigations it was agreed that the sum of sixty thousand US Dollars (US$60,000.00) should be transferred to you out of the funds that Federal Government of Nigeria has set aside as a compensation to everyone who have by one way or the other sent money to fraudsters in Nigeria.

Contact the Western Union agent office through any of the email addresses stated below;

Yours sincerely,

Adams Smith,
Investigation Officer.
Please note that e-mails, letters and phone calls are currently been made to unsuspecting persons by fraudsters claiming to have access to their funds. Everyday, people throughout the world are falling victim to scams of one way or the other. It could be an unexpected prize draw or lottery win, or a chance to invest in an exciting new money-making or investment programme . In the circumstance, we unreservedly advice you to dissociate yourself from all correspondence and transactions entered into based on evidently fraudulent and fictitious claims.

I am thankful that restoring my lost funds is of such high national priority the the director of the FBI sends me status updates personally. I must admit that I expected Director Mueller to have a better grasp of American English, but he probably has his minions respond to the trivial stuff. But I am concerned that my fund is laying down with DAVIS MARK – that sounds kinky.



After through investigation and many series of complain we found that your fund is laying down with DAVIS MARK which you have to contact him now so that you will have your fund without any delay and stop any further communication with anybody or whosoever we will get them arrested get back to us whatever your communication with him so that it will be brought to notice if anything araises. So contact him now which you have 4working days to recived it.also stop any further communication to whom ever your are dealing with because we are watching you if you like to received your fund conact the said person now.

Mr Davies Mark <>

contact him and call him as well that we sent you to release your fund whatever he said do get back to us and stop any futher communication to whosoever or offices,bank,minstry i hope i have made myself clear.


Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA

I am thankful for the broad International human rights effort being made to get me money I didn’t even know I had coming. Again I would have expected that Mr.Kenneth Thomas, being not only national security adviser to the United Nation Owed Debts Payment Recovery Commission Representative but (UN) Human Right Activist In-charge Of All Pending Consignment/Fund Release would have a better grasp of British English and could afford something better than a free Yahoo Japan email account. Must be a UN thing.

(United Nation) Human Right Activist Dept
On Debts Reconcilation On Foreign Payment Matters,
Unit B1, 50 Bank Street London E14 5NS,
London,United Kingdom.


Attention: Beneficiary,

I am Mr.Kenneth Thomas,the newly appointed national security adviser to the United Nation  Owed Debts Payment Recovery Commission Representative,here in London United Kingdom.

I am delighted whole heartedly to inform you that the contract/Inheritance panel and unclaimed  fund which is seating in London,United Kingdom territory just released your name among the presently  approved beneficiaries to benefit from the diplomatic immunity payment. This panel was primarily delegated  to investigate and to genuinely manipulated all debts and claims as it has eaten deep into the economy of  the Great Britain-London.

However, we wish to bring to your urgent notice that your payment profile is still reflecting in our central  computer as unclaimed fund Emanated from Bank In Africa in my department where i work to the (UN) office  while auditing was going on today. Your file was forwarded to my office by the chief auditors as unclaimed  fund. At this moment, I wish to use this medium to inform you that for the time being the Geat Britain -London has stopped further payment through bank to bank transfer which you were previously having with  the Authority from the Originated country where your fund was sent from that country in Africa over a period  of time now due to numerous petitions received from the FBI,IMF and other financial and security agenices to monitoring the UK Government against their banks on wrong payment and diversion of funds to different account in many dimension.

In this regards, I am going to use my good office to send you your part payment in the tune of $6,000,000.00 (Six Million United States Dollars) only by cash to you via a universal immunity diplomatic means. In process  of doing that, i will personally secure every needed documents as a representative of the (UN) office now to cover the money been your still yet unclaimed payment which is now in London United-KIngdom including  the legit affidavit to claim this very particular payment from the British high court here in London UK and also  with a clearance which will bestow the right and legit privilege to you as the rightful beneficiary who is to  recieve this payment after meeting up with the delivery requirement as the law stipulate which are the  documents i’m securing for you right now once you accept to finalise this transaction with me only.

All these will be only on the condition that you will give me only %10 out of the funds which is just ($600,000.00) Out of $6,000,000.00 you are to receive as soon as you receive the money on your door step which will come to you in the form of a consignment method.

Note: The money will be coming on 2 security proof boxes The boxes are already sealed with synthetic nylon  seal and padded with machine by the management of this organiziation and i also want you to know that the  management are not aware of my personal plans or arrangement with you in this transaction, so you have to  keep this as a very top secrect between the both of us till me and you are able to conclude this very  transaction completely.

MOST IMPORTANTLY: for security reasons and to also enable the both of us to conclude this very  transaction successfully, note that the diplomat coming with the consignment boxes will not know the original contents inside the boxes that he will be delivering to you. So what l and our accredited  management here will declare to him that is inside the consignment boxes is a sensitive photographic film material and some classified volume confidential company’s contract documents.

Please note categorically that, before i proceed with the next arrangement, You are adviced to call me  immediately on my direct telephone number +44-792-457-3520, so we can talk and  agree properly before i seal this transaction with you and if you need further clarification I’m pleased to hear that and remember to send the required informations directly to my Email address:  and I will let you know how far I have gone with the arrangement. I will secure the diplomatic immunity clearance certificate that will be tagged on the box to make it stand as a diplomatic consignment.

This clearance will make it pass every custom checking point all over the world without any hitch. All this I  will do with my own money as your partner.

Please, I need urgent reply on phone because the box are schedule already to live as soon as I hear from you. You should call me immediately you receive this message through my confidential number +44-792-457-3520 at once. I am highly submitted in service and willing to serve you better whole-heartedly once you are pleased with my terms & condition.


Highly Submitted.

Respectfully Yours in-service,

Mr.Kenneth Thomas.

(UN) Human Right Activist
In-charge Of All Pending Consignment/Fund Release.
Unit B1, 50 Bank Street London E14 5NS
London,United Kingdom,
Direct Tel: +44-792-457-3520

I am thankful for damsels in distress who thoughtfully provide links to sports stories at the end of their pleas for help and vague promise of riches. What guy could resist that? I wonder what’s up with all the Yahoo Japan email accounts. Think maybe their Captchas aren’t working too well?

Hello,Dearest One,

Good a thing to write you. I have a proposal for you-this however is not mandatory nor will I in any manner compel you to honour against your will. I am Miss Sarah Traore,21years old and the only daughter of my late parents Mr.and Mrs Nathaza Traore .My father was a highly reputable busnness magnet-(a cocoa merchant)who operated in the capital of Ivory coast during his days. It is sad to say that he passed away mysteriously in France during one of his business trips abroad on 12th.Febuary 2007.Though his sudden death was linked or rather suspected to have been masterminded by an uncle of his who travelled with him at that time.But God knows the truth! My mother died when I was just 4 years old,and since then my father took me so special. Before his death on Febuary 12 2007 on our to the hospital and he disclosed to me secretly that he has the sum of Sixteen million,seven hundred thousand United State Dollars.(USD$16.700,000) left in fixed deposit account in one of the leading banks in Abidjan Cote d ivoire Africa.

I am just 21 years old and really don’t know what to do.Now I want an account overseas where I can transfer this funds. This is because I have suffered a lot of set backs as a result of incessant political crisis here in Ivory coast.The death of my father actually has brought sorrow to my life.I am in a sincere desire of your humble assistance in this regards.Your suggestions and ideas will be highly regarded. Now permit me to ask these few questions?

1. Can you honestly help me as your daughter?
2. Can I completely trust you?
3. What percentage of the total amount in question will be good for you after the money is in your account?

Please,Consider this and get back to me as soon as possible.

Thank you so much.

My sincere regards,

Miss Sarah Traore.

I thought you might enjoy this story from
AZ does it

Once again I’m thankful that Google Translate hasn’t improved significantly since 2009. At least the Hausa, Igbo and Yoruba to English translators. Otherwise this stuff wouldn’t be nearly as amusing. So Happy Thanksgiving 2010. So long and thanks for all the phish.

Helping your online shadow rest in peace

Give me my freedom, for as long as I be
All I ask of livin’ is to have no chains on me
All I ask I of livin’ is to have no chains on me
And all I ask of dyin’ is to go naturally
I only wanna go naturally
From And When I Die by Blood, Sweat and Tears

Recently I’ve been hammering on you, dear readers, to be aware of the utter lack of privacy on social networks. So now in the interest of being fair, balanced and keeping you completely confused let’s take a look at the opposite problem: how to make all that important private online stuff available to those who need it after you are deceased. “Oh my,” I hear you thinking (recall my telepathic abilities), “Is Security for All not long for this world? Is the author suffering from some terrible terminal disease? Has this blog suddenly taken a morbid turn?” Okay, enough questions already! The answers are: “Not that I know of ” and in the immortal words of David Stone (aka Captain X-Ploit), “We’ve been over this. I still have at least 45 years left” and “This blog was always weird, so not much of a turn“. The point is that you have a very real online shadow, that like your metaphysical ghost will not rest in peace when there is unfinished business. Seriously though, have you ever considered what happens to all of that online information you keep adding to so prodigiously when you die? And how will your grief stricken loved ones be able to access your valuable online resources? In this article by Jack Cola on entitled What Happens To Your Email and Social Networking Accounts When You Die? there is some great information about how different online services handle an account when a user dies. And in this recent Lifehacker piece by Jason Fitzpatrick entitled What Should I Do About My Virtual Life After Death? there’s great practical information on planning for the inevitable with respect to your online shadow. Here is my four step condensation of this valuable information.

1. Make a list of all your virtual accounts.

List everything from your email accounts to your social networking profiles to one-off accounts for posting on individual forums. Once you have a complete list go through the list and cross off accounts that you want to be lost and unknown to your family and friends. If you have an account that you use [only] for blowing off steam with snarky comments, consider letting [it] go dark upon your death. If [an] account is part of the social networking profile for your business make sure that information is available.

This is a great exercise to go through regardless of your eminent or otherwise demise. I’m willing to bet that your list will be considerably longer than you ever imagined. And once you start culling that list, you might as well be proactive and close those accounts of dubious value right now.

2. Create a secure database of logins for the account list.

This secure database could be a physical one, locked in a home safe or bank’s safety deposit box or it could take the form of a digital keyring. If the executors of your estate are unskilled at computers consider the physical option. A keyring is much safer, however, and there are many excellent solutions. We’d recommend a portable version of KeePass on a flash drive. You can read our guide to KeePass here.

For the record, I live by KeePass and use a portable version. So if you’re a regular reader of this blog, or just happened to take my advice on this excellent password safe idea, you might be thinking “Done! I’ll just pass on my KeePass USB key and I’m golden”. Sorry, please refer to step #1. While it’s likely that you already have an exhaustive list of online accounts in your password safe, which is a dandy starting point, there is still the matter of culling and trimming those to relevant and active accounts. If you are like me, you probably have several dozen entries in your password safe of accounts that are no longer valid or you just never use anymore. There also is the matter of your loved ones’ access to the secure database. If that is a password safe on a USB key, they will need to know the password to the password safe. If you put the list in your safe at home or a bank safety deposit box, they will need to know the combination or have the key. And in every case your loved ones will need to know that this secure database exists, where it is and how to access it.

3. Include detailed instructions for how you want the plug pulled on your virtual life.

Do you want your executors to make an announcement? Post your obituary? Activate a guestbook on your web site, photo blog, or other virtual outpost and turn it into a virtual memorial?

This is very important since in the absence of detailed instructions the default behavior will be either unceremoniously close the account or let it live on as a virtual zombie. They need to be made aware that should they opt for the latter (zombie) then they will be haunted by your online shadow if not your actual ghost. A swell place for these instructions is as part of the secure database of logins described in #2. Just attach a note to each entry explaining what to do with the account. In case you were wondering KeePass, and every other password safe I’m aware of, supports notes or comments for entries.

4. Include information about each website’s specific terms of service regarding user death.
While many websites don’t have a policy for unsubscribing/deregistering, let alone for closing down accounts after someone has died, most of the more popular sites do. Here are some of the most prominent. Note that most of these extraordinary measures and policies are for executors who do not have access to the login credentials for the account. In other words these policies are primarily procedures to allow next of kin to obtain access to accounts where the inconsiderate deceased failed to follow the previous 3 steps. If you leave behind passwords and detailed instructions then all they have to do is log in as you and do what you wanted. With the website none the wiser.


If you have a Gmail account and you pass away, your next of kin will be allowed to access your emails. The account will stay open forever, but as the next of kin, you are able to request it to be deleted. To get access to the email account, you will need to supply the following information by fax or mail to Google to be granted account access of the deceased user account.

  • Your full name (next of kin), your contact information and a verifiable email address
  • The Gmail email address of the deceased person
  • An email containing the full headers of an email message that the deceased person has emailed you with the entire contents of the email
  • Proof of death
  • Documentation to prove that you are the lawfully allowed to access their email (if the deceased is over 18). If deceased person is under 18 of age, you must provide a birth certificate

After you’ve compiled the information, Google will verify it and grant you access to the user account.


If Hotmail accounts are left inactive for a period of time, the email account along with all the information will be eventually deleted (within the year) and therefore, you will not be able to access it. If you die, your next of kin will be granted access to your account provided they supply supporting documents such as a death certificate (similar to what Google needs). Hotmail will not reset the password for the deceased person, but you have to fax or mail information to gain access to the account such as:

  • Your email address
  • Your shipping address (as they send you a package in the mail)
  • Documents to state your are the benefactor or you have power of attorney
  • Your photocopied driver’s license
  • A photocopy of the death certificate
  • Information about the account holder such as first and last name, date of birth, city, state, zip, approximate date of the account creation and the approximate date of last sign in.

If you require more information, you can get it at Windows Live Help.


Yahoo has a much stricter policy over who can get access to your account. And that is no one. If you want to ensure no one has access to your emails when you die, you would want to choose Yahoo. Yahoo will not grant permission to anyone to access a deceased user’s account. The only permission Yahoo grants is for the account to be deleted. Therefore, Yahoo does not allow anyone to access your emails. The only way someone can do this is if they reset your account password.


Facebook will not grant anyone access to a deceased user account, but if the user of the account is deceased, their page will be turned into a memorial page once reqested. By filling out the form to turn an deceased users page into a memorial page, Facebook will remove sensitive information on the account like status updates and will only allow current friends to access the page. Family members will then be allowed to customise the page of the deceased user.


MySpace deceased user policy is a bit vague, but they state that if you are the next of kin, they will not grant you access to edit, or delete any of the content or settings on the account yourself, but you can request it to be removed if you deem appropriate. You can simply email and attach appropriate documentation such as a death certificate. However, if you have access to their email account, MySpace recommends that you reset the user password.

The point here is that unless you want your loved ones to have to jump through all kinds of nasty hoops in the event of your untimely passing, follow steps #1 though #3 so as to avoid step #4.

So the main points to take away from this admittedly morbid but hopefully informative post are as follows.

  • A huge amount of money can be saved in executor costs if you make it easier for your executors to sort out your affairs
  • Nobody has the slightest idea how much money in you have in PayPal, gold you have in World of Warcraft or dividends with other websites. That is unless you tell them.
  • Nobody wants their online shadow to become a zombie.

Social Network privacy officially an oxymoron

It’s good to know you’re thought of, it’s good someone should care
It’s good to know you’re trusted but not to know they’re there
Too late to shut your curtains they’ve caught you unaware
They’re not at your window man, they’re sitting in your chair
From Privacy Invasion by Exploited

I have attempted on numerous occasions, for example here, here and here, to get the point across that you have no reasonable expectation of privacy on social networks. Posting anything on Facebook or MySpace is the same as announcing it on network television. Only with more marginally sentient viewers. “Oh yeah, we already know all about that.” I hear you thinking (it’s a gift, my telepathy). “ But that’s only on the public part of my Facebook page and stuff I post publicly to my friends’ pages. All my private stuff is password protected and, well, private“. Yeah. You wish. This entry in the Electronic Discovery Law blog describes a ruling that should disabuse you of those social networking privacy notions forever.

In this personal injury case, defendant sought access to plaintiff’s social network accounts and requested production of his user names, log-in names, and passwords.  Plaintiff objected, arguing that the information was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days and that plaintiff should not take steps to delete or alter the existing information on his social network accounts.

Holy social privacy slapdown, Batman! You mean that a court can compel you to [that means throw your fuzzy butt in jail if you don’t] hand over your Facebook logins and passwords? Yes indeed. And that’s not all, folks. The judge in this case had some very specific points to make vis-à-vis social networking [emphasis mine].

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.

The court concluded that no person could reasonably expect that his communications on a social network site would remain confidential; that confidentiality was not essential to maintain the relationships between social network users; that the relationship between users was not one that the “community seeks to sedulously foster”; and that “whatever relational harm may be realized by social network computer site users [by disclosure of their communications] is undoubtedly outweighed by the benefit of correctly disposing of litigation.” As to the last point, the court went on to reason that “[a]s a general matter, a user knows that even if he attempts to communicate privately, his posts may be shared with strangers as a result of his friends’ selected privacy settings.  The court thus sees little or no detriment to allowing that other strangers, i.e., litigants, may become privy to those communications through discovery.

So you have only the right to be hoist by your own petard and your friends’ petards and their friends’ petards and so on. Privacy? Not so much. Actually, not at all. Not now. Not Ever. I would especially like to draw your attention to the statement: the relationship between users was not one that the “community seeks to sedulously foster”.  While you should definitely look up “sedulously”, I’ll translate as a public service: the “community” doesn’t give a rodent’s pa-toot about your relationships. Don’t ask, don’t tell, don’t care. And just in case you are still holding a glimmer of privacy hope allow me to allow the court to snuff that glimmer forever.

Where there is an indication that a person’s social network sites contain information relevant to the prosecution or defense of a lawsuit, therefore, and given Koken’s admonition that the courts should allow litigants to utilize “all rational means for ascertaining the truth.” 911 A.2d at 1027, and the law’s general dispreference for the allowances of privileges, access to those sites should be freely granted.

In case you doubt the veracity of my paraphrase and quoting abilities here is the full opinion.

RIP Social Network Privacy. We only wished we knew you.