Junkmail conversations

Olli Isohanni

Have you been curious what happens if you reply to junk mail? We at Centria SecuLab have tested it so that you do not need to! There is usually little or no danger in the process of receiving and opening a spam message, as long as no links are clicked, or any attachments are downloaded.

However, there is a chance that some kind of tracking might happen when you open a junk mail, if your email automatically loads images. Clicking on links or downloading attachments can also expose the user to phishing, ransomware and malware. You can always delete suspicious private emails, or in the case of work-related emails, you should contact your IT-support for assistance.

We received an email with the header “US ARMY GREETINGS” to one of our laboratory email accounts. We decided to reply to it. There were a lot of indications that it was a scam and you can see some of our email discussions in this article.

I am sorry to encroach into your privacy in this manner, I found your name listed in the Trade Center Chambers of Commerce directory here in Iraq, I find it pleasurable to offer you my partnership in business. I only pray this time that your address is still valid. I want to solicit your attention to receive money on my behalf.
I am Capt. John Anthony, an officer in the US Army, i am one of the U.S. Army deployed to Iraq in the beginning of the war in 20014, and also a West Point Graduate presently serving in the Military with the 82nd Air Borne Division Peace keeping force in Baghdad, Iraq. I am on the move to Afghanistan from Iraq as the last batch just left, and i really need your help in assisting me with the safe keeping of two military trunk boxes which has just arrived the USA from Iraq. I hope you can be trusted?
Though, I would like to hold back certain information for security reasons for now until you have found time to visit the BBC website news below to enable you have insight regarding what I intend to share with you, believing that it would be of your desired interest in one
way or the other. Here is a BBC news listing that confirms what I want to share with you: xxx.xxx.xxx.com.

In this regards, I will not hold back to say that the essence of this letter is strictly for mutual benefit of you and I and nothing more. I will be more vivid and coherent in my next email in this regards.
Meanwhile, could you send me a mail confirming you have visited the site and understood my intentions? Am standing by for your urgent response now that we are leaving Iraq to Afghanistan.

Yours faithfully,
Best regards.
Capt Anthony John
US ARMY GREETINGS;

We do these tests in a safe and isolated environment, so we went ahead and clicked on the link that was provided to us to see what we would find.

An image of a news website stating that there has been a money stash found from Baghdad.

The link contained an old BBC archive news page from the year 2003. This was meant to convince the victim. We replied to the criminal with the following email:

Hello, John

Yes I have visited the site and read the article. Could you send me more information about your proposal?

The response we received:

Greetings: Mr.Charles Ponzi,
I am sorry for the late response to your mail, you have to know that down here we have been having a very busy week, but every thing is alright now. there are things i must let you know about on this deal. and reason why i am seeking for your Partnership.
Before we proceed let me take a little time to explain the origin of these funds and why I’m sending them to you. During our war campaign in Iraq my team was responsible for a lot of raids on Saddam (Iraqi former president) palaces and while one of such raids was going we discovered the sum of $100 Million dollars packed into military trunk boxes and hidden in Saddam’s underground secret chambers.
Your efforts and assistance will be rewarded with 30% of the money if you are able to handle this deal and keep the boxes safe until i return to the U.S. all you need to do is contact the delivery man so that he can give you the details of the status of the boxes.

Please i got a confirmation that the boxes are presently in the USA, Have you heard from the delivery man yet? Below is his contact details. contact him and forward your receiving address to him for immediate delivery down to your house.

Agent, Donald Camp
Telephone: xxx xxx xxx
Email: xxxx@xxx.xx

Please try and be fast with whatever you are doing we don’t have all the time in the world. and all the fees has already been taking care of by me, and all i need is your full trust and assurance that the boxes would be safe with you.
Please do keep me updated as soon as you have contacted the delivery man.
Thanks for your cooperation, God bless you and God bless America !!

This same email contained pictures as a “proof” that Captain Anthony John is indeed a real person. It looks as it was made with Paint and with images that can be found on the internet. However, at this point it looks like the next phase of the scam is about to begin, as a new participant is introduced. We received a message from delivery man “Agent” Donald Camp, but it is highly likely that he is the one and same criminal.

A picture of a false ID.

We were in contact with “Agent” Donald Camp using the following message:

Hello,
I have been instructed to contact you by Capt. John Anthony.

Here is my receiving address:
Mr. Charles Ponzi
13 Quack street
Duckburg
CS 94010

Sincerely,
Charles Ponzi

At the same time, we kept “Captain” John Anthony or also known as Anthony John updated of the situation (the criminal kept messing his own name up):

Hello, John
Yes I have sent the necessary information to the deliveryman

Sincerely,
Charles Ponzi

We received a response from the “Captain”:

Dear: Mr.Charles Ponzi,
Thanks very for your response regarding this package I also want you to make sure you sent him your telephone number together for easy communication also a copy of your I’d,
Am very happy to receive your message this afternoon here and I will contact them for immediate response as soon as possible also know that you should not let them know the what is in the package like I told you on my last massage because I told them you are my cousin brother,
So once you receive this package keep it in a very save place I will be on my leave by first week of December than will come over to meet you for the package

Thanks you very much an reming bless,

Your’s faithfully,
Capital Anthony John

Our response was:

Hello, John
Yes, the telephonenumber has now been sent to the deliveryman

Sincerely,
Charles Ponzi

And the response from the “Captain” was:

Dear:Charles Ponzi,
Am so happy for your understanding please i need you to make sure you receive this package because we are leaving Iraq to Afghanistan to night which i many not be having much time to talk to you,
But i will still keep in touch when i have time for my system please i give you all the trust i believe in you,

MR. CHARLES PONZI,
I RECEIVE YOUR EMAIL PLEASE YOU HAVE TO ACT FAST ABOUT THIS AND MY NAME IS MR.DONALD CAMP, AGENT.I AM CORRECTLY IN (J.F.K.A) JOHN F. KENNEDY INTERNATIONAL AIRPORT NEW YORK CITY WITH THE PACKAGES WHICH I JUST RECEIVED YOUR EMAIL.
PLEASE, MAKE SURE THE ADDRESS IS CORRECT AND COMPLETE TO AVOID WRONG DELIVERY BECAUSE I JUST RECEIVED A MASSAGE FROM YOUR COUSIN CAPTAIN ANTHONY JOHN IF YOU HAVE CONTACT ME AND I SAID YES.
BE INFORMED THAT YOU ARE GOING TO PAY FOR MY FLIGHT TICKETS FROM HERE TO TORONTO PEARSON INTERNATIONAL AIRPORT (YYZ),CANADA WHICH YOU HAVE TO SEND $650 YOU HAVE TO GET BACK ME AS SOON AS YOU RECEIVE THIS EMAIL FOR ME TO BOOK THE TICKET,
GET BACK TO ME AS SOON AS YOU RECEIVE THIS EMAIL SO I CAN FORWARD YOU THE NAME TO SEND THIS MONEY BEFORE THE END OF TODAY SO I CAN MEET YOU FIRST THING TOMORROW,
NOTE THAT ONCE I ARRIVED THERE I WILL GIVE YOU A CALL TO COME OVER TO PICK ME UP I COME HERE BECAUSE OF YOU AND YOUR COUSIN SO DON’T WAST MY TIME OVER HERE,CALL ME: OR TEXT ME +1 (202) 734 6813,

THANKS FOR YOUR URGENT ATTENTION.
AGENT :MR.DONALD CAMP

We also got a picture in this email that was meant to convince us that Donald is really waiting at the airport.

This is a very weak Photoshop attempt. Below is the picture we found through reverse image search:

It seems to be an airport in Barcelona. All the metadata was removed from the photos that the criminals sent, so no information could be found through it.

Sometimes emails can reveal extra information if one knows and is curious enough to search for it. We traced the location of the criminals to a place well-known for scams. There are, however, many ways to mask your IP and location.

After this, we decided to continue our conversation with “Donald”:

Hi, Mr. Donald Camp
Of course I can pay the ticket no problem. Just send me the details

Sincerely,
Charles

We received a response from ”Donald”:

Mr.Charles Ponzi”
I received your email please you have to send this needed money into the airlines account and also send me the transfer copy slip as soon as you send it so I can move immediately for the booking of my flight ticket,
Here is the details (banking details)
Please make sure you send this money today and forward me the copy of the slip once you send it,
I will be waiting for your reply with the copy,

Agent,
Donald camp

The criminal sent banking details. The details also included a name and an address, that were probably fake. At this point we decided to drag this out a little bit longer.

Hi, Mr. Donald Camp
Could you just provide me some more proof that is legitimate, before I make the payment. Otherwise the payment of $650 is ready to be made as soon as possible.

Sincerey,
Charles Ponzi

“Donalds” response was:

Mr.Charles Ponzi
I have been waiting to hear from you over since yesterday morning which i try calling the number you sent me but they said this is not a working number why i explain this to you that i don’t have time here i only have two days to delivery this and get back to my office why delaying?
I sent you my picture which i snap at the airport with your package so what again are you looking for please am working under a company and we have time for work i don’t like wasting time i have only today to move out here so if you have send the money send me the transfer copy slip so i can book the ticket and forward a copy to you.
Agent,
Donald camp

We noticed that the language gets worse. Obviously the first message we got from “Captain John Anthony” is their default script, which they have prepared carefully, although it still included a lot of typos. There is however a clear difference in the language when they must make up stuff on the fly.

Our response to him was:

Are you sure that the banking information that you gave me is right? For some reason the transfer is not working right now. I have already called my bank and confirmed that the issue is not on this side.
Do you have another account which I can try? I really understand that time is for the essence.
PS. Another picture would really be appreciated for me to trust you and be more confident of this transaction. Maybe I can even throw in another $50 on top.
Sincerely,
Charles Ponzi

“Donald” responded to us:

Mr.Charles Ponzi,
I need to know why you are delaying this remember after today i will cancel this movement

And we responded to him:

Dear Mr. Donald Camp
There is some problem with your bank. The transfer is not working, could you please check what is the problem. Do you have another account information
Sincerely,
Charles Ponzi

Now the criminal sent another message containing banking information, which was similar to the previous one. We replied that the bank transfer is still not working, and we got the same response as before:

“I need to know why you are delaying………………”

After this, we sent multiple replies in the following fashion:

“Hello, Mr. Donald Camp. I am ready to make the payment of $650 if the proper account details are delivered. $650 are waiting to be transferred to you.”

“I am ready to make the payment of $650 if the proper account details are delivered. $650 are waiting to be transferred to you. You need to give me the account where the payment could be made.”

We no longer received any replies, so nothing special came from this endeavor. If this process had continued, we would have wanted to try out a few different approaches. We could have e.g., sent the criminal a fake receipt from the payment or we could have tried to imply that we know their location or internet service provider. We would have wanted to see their reaction. We did this because we were curious, and we got nothing special out of it. During this process we, however, wasted the time of a criminal, which we consider to be a good deed.

About the project

Cynic – Entrepreneurship & Security is a cross border project financed by Interreg Nord, Lapin liitto and Region Norrbotten. The project has been implemented together with Centria University of Applied Sciences and Luleå University of Technology. The main idea is to identify challenges for digital business development; test, experience and learn about data security, and exploration of emergent technologies. Project website: www.cynic.se

Olli Isohanni 
R&D Developer 
Centria University of Applied Sciences
Tel. 040 631 5928

Facebooktwitterlinkedinmail