Arrest made in Dublin over suspected email scam

7 Apr 2004

Gardaí in Dublin have arrested a man alleged to have sent spam as part of an email fraud scam, has learned. The man, a non-national, was arrested last Friday 2 April at the Central Café in Grafton Street.

The man has been charged with assault, having reportedly struggled with the Gardaí when they tried to arrest him. According to Garda sources other charges, related to internet fraud, may follow. It is understood that any such charges would be likely to centre on what is commonly known as the ‘419’ scam. Also called Advance Fee Fraud, the 419 refers to the section of the Nigerian penal code which addresses the issue.

With this type of fraud, emails appear to come from an African businessman or politician asking the recipient to help transfer a large sum of money in return for a share in the profits.

In the email version of this scam, recipients must reply to a mail to express their interest in the scheme. Then, subsequent messages are used to trick the recipient into sending money to the scammer. This is supposedly in order to help set up the transfer of cash that is meant to take place, but which never does.

In this case, the alleged fraud was first discovered by Steffen Higel, the internet café’s part-time system administrator. He became aware that the café’s internet connection was being used to send spam when he saw that its external IP (internet protocol) address had been blacklisted by the US organisation Spamcop, which monitors and blocks the sending of unsolicited commercial emails. Spamcop maintains a database of computers known to have sent spam. Mail servers that use Spamcop’s database do not allow email sent from a blacklisted computer on to their systems.

It is claimed that Spamcop had identified an offending message which had come from the Central Café’s IP address. Alledgedly, the text of the message contained wording that was very similar to one of the most commonly found email scams. It is claimed that the email purported to come from the widow of Jonas Savimbi of Angola and attempted to entice the recipient into replying by offering the promise of money in exchange for help.

It is claimed a section of the message reads: “In fleeing Angola after my husbands’ death I discovered some important documents while going through his personal files. These documents revealed that my late husband had deposited one trunk box containing a large amount of money in a security company in Dublin, Ireland.” It is believed the email also contains links to the BBC website with news of the situation in Angola, as well as a request for help.

An examination of the email headers revealed that it had originated within the café; that is, it had been sent by a customer rather than simply being relayed through the internet café’s email server from another source. This took place on 26 March and it is believed Higel asked café staff to inform him if the man he had identified ever came back.

Because the café assigns dynamic IP addresses to users when they are browsing the web or checking email, it can be difficult to determine which user may be sending out large volumes of data, Higel claimed. He was able to check the café’s server log files and match the message with the network card used by the alleged spammer. This record would also allow Higel to identify the same person if they ever used the café again.

When the customer returned the following week, on Friday 2 April, Higel alerted the Gardaí and waited. The café’s outbound email traffic increased as 1,178 emails were sent.

When they approached him, Gardaí allegedly told the man to step away from the computer, a laptop which he had brought with him to the internet café. He initially complied, but when asked to accompany them to the station, he went back to the booth apparently to collect his wallet and ID. He then removed a USB memory stick from the laptop and tried to swallow it, possibly to destroy potential evidence, it is claimed. It is reported a 10-minute struggle ensued, during which the man tried on several occasions to escape, but he was eventually handcuffed and arrested. His laptop was also taken away for examination.

The arrest was a joint operation between Gardaí from Pearse Street Station and members of the Computer Crime Unit of the Garda Bureau of Fraud Investigation.

This is not the first case of this kind. Some months ago, Gardaí arrested a man in similar circumstances who had been sending such emails, although he had not been using a laptop.

By Gordon Smith