How did we SCAM the SCAMMERS?

Hi All, this is Angel Priy Tarzan, Co-founder of Sarvotarzan. Why did I tell you my name? Because something very interesting & scary (really it’s both) happened this Monday (4/12/2017) and I don’t want to ruin the thrill of incident of “How did we SCAM the SCAMMERS?” by narrating it in third person. So, let’s read below and enjoy some Tuesday goosebumps and if you didn’t get any, we will surely refund your money, pinky promise!

So the incident started on Monday, 4/12/2017 at around 12:15 pm when I got some SCAMMER E-MAIL by the name of Mr. Sarvodaya Pratap Singh, the co-founder of Sarvotarzan / My Brother, asking for Rs 4.80 Lacs of Wire Transfer by replying the mail. The exact excerpt is as follows:

 

Hi Angel,

I will need you to process RTGS payment for me in the amount of 480,300 INR
into the account that I’ll send you upon your reply, I was supposed to make
the payment this morning before leaving for a meeting, but I forgot and I
have just received an email reminder of the payment.

The problem is I’m in all day meeting and I Hope u could help me make the
payment. I wouldn’t ask if it wasn’t important, The payment will be refunded
as soon as I finish at the meeting.

Could you please email back I wouldn’t want to be disturbed by call, but I
will call you as soon as I finish at the meeting.

Regards,

Sarvodaya Singh

Sent from my iPhone

 

Image Reference:

So at first glance, I thought, ok, Mr. Sarvodaya wants some money, but really, Rs 4.80 Lacs, Isn’t this unusual? Why would he ask me to send the amount over the mail when he can Call Me / Withdraw Himself / Send me WhatsApp message? Something was just not right for sure. As a cyber security enthusiast I followed the basic rules to prevent scamming attacks written by our team:

  1. I tried to calm myself.
  2. As I saw the e-mail on mobile so clicked on the Sender’s details and I found everything to be fine at first glance.
  3. I checked the Sender’s E-mail and seriously it looked good (singh@sarvotarzan.org)
  4. Then I was sacred to think that our E-mail Servers / Sarvodaya E-mail are hacked / compromised as I became sure that Sarvodaya will not send such kind of e-mails.
  5. Also, in the signature, whys there is written “Sent from my iPhone” when Sarvodaya does not have any iPhone. (I really don’t know, why he hates iPhone? But i really can’t blame him when sometimes even I do!)
  6. So without any further ado, I called Sarvodaya for the clarification on the situation.

And soon we came to conclusion that it is a SCAMMER E-MAIL. Now the question arises how did they get access to our e-mail server as it is on Google servers and obviously we have taken good amount of security measures to protect it. At that time, no doubt, we really felt scared. But then I opened the e-mail again on the laptop and to my utter surprise, I found some crucial information by clicking on the sender’s email info:

Image Reference:

  1. First mistake, the email came from sarvodaya.singh@sarvotarzan.org but the email of Sarvodaya is *****@sarvotarzan.org and second thing was “Reply to” field was pointing to privateceo@excite.com. In reality if you are getting some genuine emails, the “reply to” field would obviously point to the sender’s e-mail automatically unless its a genuine e-mail marketing company server like Mailchimp etc.
  2. Now I became sure that our server has not been hacked and the scammer has used an online e-mail sending service where you can spoof the sender’s e-mail address. FYI, there are many websites which can help in sending these kind of shady e-mails.
  3. Third and last thing was the receiver’s e-mail address privateceo@excite.com which was quite dubious as we already had knowledge that this domain is constantly in bad faith for being used by scammers for sending such e-mails.
  4. For total assurance, we also checked the e-mails servers if this e-mail has been created by someone and we found none.
  5. So, we were relieved now.

Now, here ends the scary part and the fun part begins!

So when we became sure that our server security is intact, why not SCAM the SCAMMER! Isn’t this great?

We replied to the scammer,

Hello Sir, 

Greetings, 

 

Kindly send me the Account Number / PayPal Id so that i can Wire Transfer / RTGS / NEFT asap. It would be an honour if i can help you in any way. 

 

Reg, 

 

And you guess, what happened? Obviously the scammer sent all the Account details for wire transferring the money!

 

Angel,

I will appreciate if it can be done now and send me a screenshot
confirmation slip once completed. The beneficiary is to make use
of the funds within an hour.

Bank Details

AXIS BANK
S K ENTERPRISES
A/C NO: 917020070945471
IFSC CODE: UTIB0000296
PAN: BWMPK4622F
BRANCH: MAYUR-VIHAR DELHI

Regards

 

Image Reference:

 

We were like stunned, OMG, the Scammer guy is in Delhi, Mayur Vihar!

So what did we do next? After series of some more e-mails, we SCAMMED the SCAMMER! What did we do? As per his requirement, we sent him the “Photoshopped” image of Wire Transfer of Rs 4.80 Lacs.

Image Reference:

 

And no doubt, things went hilariously funny when we got his last mail of thanking us for the remittance.

Image Reference:

 

But, (There are always some ifs & buts!)

Things would have been really scary if;

  1. I would not have done the due diligence of the message.
  2. I didn’t double check with Mr. Sarvodaya.
  3. I blindly followed the order over the e-mail.

So, what we did learn from this incident, its never too late when there is some money involved.

We are reporting the incident to the Delhi Cybercrime Cell. You should also do the same in case of such incidents.

Delhi Cyber Cell Website Important Links:

  1. How to report- http://www.cybercelldelhi.in/Report.html
  2. Documents Required – http://www.cybercelldelhi.in/compdocument.html
  3. Contact E-mails & Address Locations of Delhi Cyber Cell – http://www.cybercelldelhi.in/districtcybercell.html
  4. Registering Complaint (But try to visit in person): http://205.147.111.155:84/
  5. Delhi Cyber Cell Important E-mails:

Entire E-mail Conversation Screenshot:

 

Original Email Header for Cyber Security Enthusiasts and if you know, what does it mean:

 

Stay Connected, Stay Intelligent !