SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Automating Baiting

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Sun Feb 05, 2012 7:38 pm Reply with quoteBack to top

Yes, I have already had a look at some of the marvellous scambaiting tools out there to fake up WU receipts, etc., and I am in awe of the Security Shield setup...which is what got me to thinking.

I suspect we're a way away from having some kind of AI/learning machine to automatically respond to scam emails, leading the lad on and incorporating all the various tools and techniques that this site teaches for wasting lads' time and winding them up, but do people use automated tricks to keep on top of baits, remind them who's waiting on what and for how long, etc?

A lifetime ago, I used to do the database thing for a living, and one unfortunate lingering side-effect of that is that I do tend to think of things in a very database-oriented way. So, as I am looking at all these emails going back and forth from the various scammers and baiters, I'm wondering what use it might be to be grabbing the headers and IP addresses, along with everything else, and cross-referencing them into a nice tidy database, setting something up to be able to just list all "new" incoming emails and offer the option of a canned response, maybe even automating links into Security Shield et al.

This might all be the pie-in-the-sky ravings of a reformed nerd, but then again there may be someone out there doing just this already.

Just out of interest, and as a ruby-learning exercise, I've been playing around with automating the process of reading and sending mail via a gmail account. If I don't get bored beforehand, I might then play around with shoving all the email metadata into a MySQL database, and if I'm still going by then, I might even throw together a bit of Rails to display it all nicely and give me options as to what to send next.

So, what automation are other baiters using already?
View user's profileSend private message
piecrust
Elite Baiter


Joined: 29 Dec 2010
Posts: 1606
Location: Alright! Who stole my avatar?


PostPosted: Sun Feb 05, 2012 7:57 pm Reply with quoteBack to top

I've been using the gmail labs "Canned Responses" quite a lot recentley, this requires considerable humman intervention, but used judiciousley, and adding a couple of personalised details like scammer's name/sex - it's earned me over 40 piggies in the last month or so.

I'd reccomend playing around with that to get used to what scammers expect/respond to, allongside developing the tool just to give yourself experience-pointers as to how to use it.

That'll be 5c please. Very Happy

_________________
Closed lad accounts*207 *193
ThailandGhanaUnited KingdomTogoNigeriaIsle Of ManIvory CoastIndonesiaHong KongSpainUnited StatesSenegalSwedenIreland * 47
Mortar
You would look good in Gold
Never use windows auto-fill again, use something much more secure like lastpass for free.

"I am a man of hing reputation." - Loan lad Billy Hord.
"don't even think of given me that crap that you are Deaf and dump or my line is cut off , i don't have a phone please don't.." - Loan lad Billy Hord. (Having been baited to hell)
View user's profileSend private messageSend e-mail
N N N
Master of Master Baiters


Joined: 26 Sep 2008
Posts: 689


PostPosted: Sun Feb 05, 2012 8:10 pm Reply with quoteBack to top

if you can get lads responding to an auto-baiting mail responder just a few times each then if you have lots of lads you've wasted a whole heap of their time which is to the good. Smile
View user's profileSend private message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Tue Feb 07, 2012 11:03 pm Reply with quoteBack to top

Thanks for the various responses, both on and off-thread. I am now convinced that there's mileage in doing some experimentation, and this provides me with the idea project to refresh my IT skills and learn a different programming environment.

I think I am going to have some fun!
View user's profileSend private message
Spectre
Not quite a Newb


Joined: 14 Sep 2011
Posts: 54


PostPosted: Wed Feb 08, 2012 8:24 am Reply with quoteBack to top

How about using a free PHP chatbot (such as Program O)?

With some PHP and cURL you might be able to interface it with webmail.

_________________
Closed lad accounts
View user's profileSend private message
firehouse5
Moderator


Joined: 09 Mar 2004
Posts: 4852
Location: swimming in Ogogoro


PostPosted: Wed Feb 08, 2012 10:18 am Reply with quoteBack to top

I don't use any automation myself except a regular use of "vacation messages" to provide excuses for long absences. It seems to me that one of the big issues in autobaiting is making sure that only lads are caught up in baiting conversations, rather than innocent third parties (or other baiters).

precisely targeted stuff like what piecrust mentions seems to be a real way forward as it provides tight constraints on the kinds of conversations you would have to deal with - plus human intervention element which I imagine is good when it comes to the third party issue.

_________________
Has a scammer sent you a bank account? please report it to me or any other moderator using the private message function.
GO PREMIUM!
Easter 2015Sand Timer Oct2004-Oct2016 12 years but Cheat alert: many silent months!
TV StarMortar dozens Closed lad accounts Not as many piggies as you.
The details you sent do not match, check your records and reply immediate. I have forced to wait in office for two hours with out eating
View user's profileSend private messageSend e-mail
psychicbait
Baiting Guru


Joined: 22 Nov 2009
Posts: 2782
Location: wherever, dressed to kill


PostPosted: Wed Feb 08, 2012 10:33 am Reply with quoteBack to top

^^^
That.
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Wed Feb 08, 2012 10:36 am Reply with quoteBack to top

Just me, but autobaiting requires an awful lot of work and reaseach.

One tends to catch an awful lot of baiters...and the lots of confusion as to which is a lad and which is baiter.

If you want to do one, I would suggest you look at succeful baits of this types used in the past.

Just jumping in, I gurantee at least six separate threads of 'is this a baiterh', two of "Hey, what the hell' treads and at least one idiot that will keep trying to bait/insult you.

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
firehouse5
Moderator


Joined: 09 Mar 2004
Posts: 4852
Location: swimming in Ogogoro


PostPosted: Wed Feb 08, 2012 10:40 am Reply with quoteBack to top

On the other hand, if one autobaiter meets another autobaiter it could be a match made in heaven, and who would stand in the way of true love?

_________________
Has a scammer sent you a bank account? please report it to me or any other moderator using the private message function.
GO PREMIUM!
Easter 2015Sand Timer Oct2004-Oct2016 12 years but Cheat alert: many silent months!
TV StarMortar dozens Closed lad accounts Not as many piggies as you.
The details you sent do not match, check your records and reply immediate. I have forced to wait in office for two hours with out eating
View user's profileSend private messageSend e-mail
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Wed Feb 08, 2012 10:43 am Reply with quoteBack to top

I think a fully-automated baitbot would probably be quite an unwise idea - anyone else read Robert Harris' "The Fear Index"? Smile

Anything I put together will have some degree of manual control, and I think that a responsible system must have means of being easily monitored and audited so that, if anything does go wrong, it isn't happening invisibly!

I guess such a system would probably need quite careful testing before being released into the wild, too. But we all test our software anyway, don't we? Wink

And, as the gnarled old ITers around when I started MY IT career in the 1980s were all-too-fond of endlessly reminding anyone who'd listen, "garbage in, garbage out" - so we'd have to make absolutely sure that the scams we were feeding the system with WERE genuine scams from genuine lad email addresses. Well, I say "genuine"... Smile


Last edited by snaglessdavits on Wed Feb 08, 2012 10:47 am; edited 1 time in total
View user's profileSend private message
Phil Yerboots
Elite Baiter


Joined: 29 Oct 2009
Posts: 1342
Location: Back in Asena's sandbox


PostPosted: Wed Feb 08, 2012 10:47 am Reply with quoteBack to top

^ Firehouse, have you never seen a film in which robots are given a loop function and it sends them crazy? I'm thinking of the smart bomb in Dark Star as a prime example. It wouldn't be a match made in heaven but surely THE END OF THE WORLD!!!

_________________
Closed lad accounts Sand Timer Safari Ibadan-Abidjan-Bouake (with Dr Mike & The Monsignor) "i sleep in the park again and am scaring" Ebay Tattoo (with SheepFishing)
Todger Club (Class of 2013)
"I want your head on a platter between my slapping breast-buds." Doughnut
"You are sick and need medical attention. I just realised." Pee
View user's profileSend private message
Robert Heinrich der 1.
Baiting Guru


Joined: 10 Oct 2010
Posts: 3468


PostPosted: Wed Feb 08, 2012 10:53 am Reply with quoteBack to top

why do I think about the forbin project, two computers baiting the world.

automated baiting should not be that complicated.

program based on eliza

search every mail for key words (gold, western union, moneygram, next of kin...) and respond based on a database of sentences (like eliza did).
report bank accounts automatically to alan
a counter should track the amount of emails sent by the lad, and a keyword-system should monitor the phase of the bait (standard texts, western union, bank transfer, whatsoever).
if the system acts stupid, no problem, as long as every message gives the impression "hey, I'm stupid an will be going to send you the money"


would be funny, lads failing the turing test Twisted Evil

by the way: a small extra tag in the email header (as most of the mailing programms reveal themselves there) could stop fights between autobaiters.

_________________
Easter Egg 2012 Safari Lagos - Accra - Kasoa (and back) 2x490km Safari Lagos - Nairobi (and back) 2x ~5000km, Nairobi - Mbiri 2x130km on easter sunday, Closed lad accounts x12 , 6x Penisprint, Dai Teatime / Anderson Frank: but have been there since about 1hr plus no sign of them and was interrogated by the police and almost arrested


Closed lad accounts x4

am opening a porkfarm
View user's profileSend private message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Wed Feb 08, 2012 11:04 am Reply with quoteBack to top

Ah, I like the idea of an email header. Or even a response trap that spots when someone says "Oi, idiot, I'm a baiter" and stops emailing them Smile

Of course, we wouldn't want any lads to get hold of the specific response, ahem.

@Robert, I am thinking very much along the lines you're describing - just that I'm putting a bit more emphasis (from the point of view of the system internals) on the database backend, which will be largely invisible, anyway.

But in terms of the system's operation, I'm thinking more in terms of maintaining a state machine (your "keyword" system) to monitor the state of each bait, and using keywords, as you suggest, to allow that state machine to be updated.

So, for example, the bait enters, say, "<earlybaiting>" once a response has been received from OUR response to the initial scam email, and then the system logic loops that round a few times before, maybe, a mention of "Western Union" prompts it to enter the <documentscrewup> state, where a further cycle of delays, unreadable docs, huge attachments, SecureShield, etc. ensues. Then, either the lad's swearing Smile, or manual intervention might move it on again, perhaps to <getbankdetails>.

And, of course, all along the way, we're watching for nicely-formatted information, like bank details, which can trigger some kind of alert. I don't think I'd want to have the system send Alan bank details without some kind of manual intervention, though - that would run the risk of causing all kinds of inconvenience and offence if things went wrong.

All of this is castles in the air at the moment, right now - I'm having enormous fun planning and testing the database end of things at the moment, but I might get distracted by my proper job or have something else come up. And I suspect the clever logic at the front-end might well be the biggest challenge of the whole idea.
View user's profileSend private message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Fri Feb 17, 2012 10:42 pm Reply with quoteBack to top

So, I now have a system that polls selected inboxes (with their owner's permission!), and collects sent/received emails into a nicely structured database.

One of the things it does it to store all the headers from the emails, in a nicely searchable format. So, I find myself wondering: if you had a system that could do very clever things indeed with the information in the headers of the emails YOU were getting from scammers, what would you want it to do?

The most obvious one is the looking-up of the source IP address for received emails - we all know that this isn't entirely reliable, but it makes sense to do it, even if we can then eliminate the ones that aren't much use. Naturally, something like this, done in a database, would mean being able to cross-reference every email in the system by its sender, which might yield interesting results. Would that be something that was useful to someone here? And what else might also be useful?

I await your ideas. I'm not promising anything wonderful any time soon, but as this project grows, it gets more and more interesting, so some helpful suggestions would be most welcome...
View user's profileSend private message
William Wankur
Master Baiter


Joined: 24 Oct 2007
Posts: 207
Location: 6�27'11"N 3�23'45"E


PostPosted: Fri Feb 17, 2012 11:58 pm Reply with quoteBack to top

There used to be a decent autobaiter at disney.com, but alas it seems to be gone now.

I used to find it useful to get an initial conversation going. It was particularly good for baiting check lads... send out "I want the job" to 1000 check lads and reply "Here's the address, send the check" and I'd end up with 100 checks in no time.

I also used it to get a decent art trophy... I sent my initial pitch to about 1500 lads and used it to get one hooked... after the 3rd email, I grabbed him and finished the rest of the bait by hand.

_________________
"I can see that you are from south sudan monkies." - ARITA JACK

"Why are you making me feel stupid?" - Mike Tutu

$5 Million in fake checks and counting!
View user's profileSend private message
Kariko
Master Baiter


Joined: 02 Dec 2011
Posts: 119
Location: It's very New and Mexico-like


PostPosted: Sat Feb 18, 2012 1:04 am Reply with quoteBack to top

Interesting ideas all around. About the autobaiters getting in a loop with each other, I had an idea, although I know nothing about programming and stuff so I wouldn't know if it is possible. I was thinking you could make the autobaiter send some kind of white colored text at the end of each message, which, if ever highlighted by a lad, would look like jumbled uselessness and be ignored. However, the autobaiter would check the email for those exact jumbled letters/numbers and, if found, would notify the other autobaiter that "Hey, I'm not a lad, let's stop mailing each other" (however that would sound like in programmed code, obviously). That SHOULD stop accidental loops.

Next, I had thought of an issue with this idea. Let's say some lad somehow figures out how to do the same, EXCEPT that he is actually spamming people with it, a classic case of a good thing going wrong. I highly doubt that case, but I'm paranoid, so yeah.

On a final note, I'm glad to see how far scambaiting technology is going, and I can't wait to see the future of this whole baiting thing. Very Happy

_________________
"What are you talking about, it seem you are ready to die, you gave me wrong MTCN now you are telling me shit" -H1TMAN
---------------------------
(\ What's that? I dunno.
View user's profileSend private message
windypops
Baiting Guru


Joined: 25 Jan 2005
Posts: 5887
Location: Planet X


PostPosted: Sat Feb 18, 2012 8:20 am Reply with quoteBack to top

I've experimented with a simple javascript chatbot in the past. I'll dig up the script (if can find it) and put it up again for your perusal. I got lots of laughs with that.

Hang on. I'll be back...

_________________
Mortar x22 Inventor Easter Egg 2011

"No amount of semen donation will save this situation" Sanny Sanny
"We must disagree to agree" Raji Musa

If it's LADS you want. GoTo: http://www.yopmail.com/
and sign in with either ladmail or kentbrockman
View user's profileSend private message
windypops
Baiting Guru


Joined: 25 Jan 2005
Posts: 5887
Location: Planet X


PostPosted: Sat Feb 18, 2012 8:31 am Reply with quoteBack to top

Taking it down for maintenance.

_________________
Mortar x22 Inventor Easter Egg 2011

"No amount of semen donation will save this situation" Sanny Sanny
"We must disagree to agree" Raji Musa

If it's LADS you want. GoTo: http://www.yopmail.com/
and sign in with either ladmail or kentbrockman

Last edited by windypops on Sat Feb 18, 2012 1:21 pm; edited 1 time in total
View user's profileSend private message
Robert Heinrich der 1.
Baiting Guru


Joined: 10 Oct 2010
Posts: 3468


PostPosted: Sat Feb 18, 2012 9:43 am Reply with quoteBack to top

@kariko: that's why I mentioned the email header. everything in emails except the receiver address can be chosen freely. the receiver address obviously should be true, in order to let the servers know, where the mail should go.

a single extra line in the header, so that autobaiters could identify each other, or a hint within the normal header: for example hidden as a 127. IP address for the localhost loopback. meaning, instead of 127.0.0.1, it could be 127.4.1.9, as every 127.x.x.x loops back to local host, not only 127.0.0.1.

_________________
Easter Egg 2012 Safari Lagos - Accra - Kasoa (and back) 2x490km Safari Lagos - Nairobi (and back) 2x ~5000km, Nairobi - Mbiri 2x130km on easter sunday, Closed lad accounts x12 , 6x Penisprint, Dai Teatime / Anderson Frank: but have been there since about 1hr plus no sign of them and was interrogated by the police and almost arrested


Closed lad accounts x4

am opening a porkfarm
View user's profileSend private message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Sat Feb 18, 2012 1:09 pm Reply with quoteBack to top

Some interesting ideas.

White text only works if you're sending HTML-formatted emails - not necessarily a problem, but it's also a little bit "in plain sight".

Any other convention relies on scambaiters opting in to a system by including a specific header, which could still mean that naive/unaware scambaiters could find themselves engaging with an automated system. In a way, without making it so obvious that lads would see it too, I am not sure I can see a way around that. Except that, if someone is scambaiting by posing as a lad, and starts to get into a "perfect bait", one would imagine that they'd notice. Perhaps all it needs is an X-Sent-By: RoboBait header for people to spot if they get suspicious?

I quite like the idea of the system as a way of efficiently starting lots of baits - I'm discovering, during testing, that a surprising number of my "I am interested in your proposal" emails don't get answered, so being able to very efficiently add baits to the system on the basis that maybe only 1 in 5 actually progress makes sense - perhaps it's just that bit that gets automated, so that baiters have more time to concentrate on their baits once they progress to the more creative level!
View user's profileSend private message
boxman
Master Baiter


Joined: 29 Nov 2011
Posts: 228
Location: Some kind of dark basement eating chicken scraps


PostPosted: Sat Feb 18, 2012 1:31 pm Reply with quoteBack to top

I think some sort of auto baiter might be fun to get them off script faster, but the fun in this is trying to lead the bait yourself and bicker with the lad for as long as you can. It is a hobby I have come to enjoy in my spare time.
I understand the premise though. Why waste our time in order to waste theirs?
Thinking of clever responses in order to further the bait is both fun and rewarding.

_________________
DO YOU THINK YOU ARE DEALING WITH KIDS? STOP TRYING TO HACK INTO OUR SYSTEM AS THE SECURITY IS WATCHING YOUR STEPS. (angry inheritance lad)
..you might end up bringing curses upon your head and upon your family.Beware (angry gold lad)
congratulations for all you are doing to me, wait for your pay back from God someday ! (angry love lad)
You are a wonderful man Melting Pot of your words (love lad "Lucy")
You are fucking liar get a fuck liar you are united state you not in Africa fucking liar go away. (angy gold lad)

Nigeria Closed lad accounts x6 Easter Egg 2012
View user's profileSend private message
Robert Heinrich der 1.
Baiting Guru


Joined: 10 Oct 2010
Posts: 3468


PostPosted: Sat Feb 18, 2012 1:57 pm Reply with quoteBack to top

this is an important point... leading a good bait is fun. on the economical side, the time effort baiter - lad is nearly 1:1, as long as he does not do anything. when it comes to forms, the lad has to do more, a safari is an extreme effort by the lad... tattoos... well, not really work but extremely stupid afterwards.

but there is no reason, why a autobaiter could not handle 500 and more lads. you can still bait the most promising lads in the system by yourself. a step towards the autobaiter is done via canned response.

I see autobaiting systems as a nice extra, stealing lads time.

the real problem would be the next step, when lads find out. the easy question, write a sign and take a phote of you and the sign would already compromise the bait. but maybe it scares victims off... "why does he want such a sign"...

_________________
Easter Egg 2012 Safari Lagos - Accra - Kasoa (and back) 2x490km Safari Lagos - Nairobi (and back) 2x ~5000km, Nairobi - Mbiri 2x130km on easter sunday, Closed lad accounts x12 , 6x Penisprint, Dai Teatime / Anderson Frank: but have been there since about 1hr plus no sign of them and was interrogated by the police and almost arrested


Closed lad accounts x4

am opening a porkfarm
View user's profileSend private message
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Sat Feb 18, 2012 2:23 pm Reply with quoteBack to top

The more work on this I do, the more I see it as a toolkit - you can use an automated system to kick off each phase of the bait, and to some extent automatically manage each phase, but it probably works best to have manual input as far as the overall direction of the bait goes.

I'm looking at some very interesting ideas with integrating some of the baiting tools out that that 419eater users are already using, for example, which would mean that, at the click of a button, a lad could be sent into a vortex of baiting hell, with the baiter able to keep an eye on proceedings without having to maintain a list of who's who, monitor email inboxes, or suchlike.

I'm having fun!
View user's profileSend private message
Nailgunner
Moderator


Joined: 01 May 2008
Posts: 8709
Location: ̢̝̣̳̗ͅş̱̖̹͉̬̣̖h̷̗͉̘̱͍̗ͅr͉̙̖̥͡_̛i̦̞n̷͉͈̺̪̯̹E̸͎̫̭̞̙ͅ


PostPosted: Sat Feb 18, 2012 3:28 pm Reply with quoteBack to top

My thought for autobaiters was that they could be used to harvest bank accounts or credit cards. the sequence would be as follows:

1. set up a standard set of initial replies to prompt the bait to payment stage.
2. at the mention of western union, procrastinate, ask questions and finally suggest bank transfers.
3. detect banking information, forward entire conversation to the human operator and await the smell of bacon.

should be straightforward as pig sticking is a fairly simple process in itself.

My only worry is that automated enticement of credit card details may be seen as phishing, so I would only feed in formats manually rather than simply allowing the bot to reply to anything that his the email account.

_________________
TV Star Elite Ninja Team Member Easter Egg 2012 Jack Boot Safari Closed lad accounts Mortar Tattoo United Kingdom Malaysia South Africa United States France Turkey Nigeria
"I still have your name tattoo on me. No woman want me because of this"
"Baster ScamBaiter like you. just leave me alone, and delete my email from you least"
View user's profileSend private messageSkype Name
snaglessdavits
Master Baiter


Joined: 25 Jan 2012
Posts: 167
Location: Location: Location.


PostPosted: Sat Feb 18, 2012 4:28 pm Reply with quoteBack to top

Yes, I agree - there *has* to be some degree of manual oversight, if only to avoid us "becoming as bad as that which we oppose"...

The way the prototype system (sitting safely inside a private network at the moment, sorry!) works right now, I have a "New scam" page into which I can paste a scam email and allocate it to one of my (at the moment, one) baiter accounts - it then sucks out the appropriate headers, creates the necessary "accounts", and sets the bait up to an initial state.

At the moment, I'm learning as much about the overall progress of a scam as about Ruby on Rails, so I'm happy to manually coax things through, but already it's clear that the first stage is getting that second email address, at which point the requests for money begin.

So Stage I seems to involve finessing the inevitable demands for a phone number and ID, and getting to the second-email-address point.

Stage II will, I imagine involve the interminable Western Union process, and I am cooking something really VERY delicious up on that front, to automate the pain as far as possible... Smile

Stage III would be the point where the lad gives up and supplies a bank account - and that's eminently automatable, given the predictable format of the details...in fact, I think I may just routinely scan all incoming lad emails for bank format stuff rather than risk missing any via false negatives.
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT