• About the 419 (Advance Fee) scam
• Email addresses used by 419 scammers
• Phone numbers used by 419 scammers
  
• How to report 419 spam to us
• Domains registered by 419 scammers
  
• Company names mentioned in 419 spam
  
• What can you do when you receive 419 spam
  

Email winning notifications from "CONNECTICUT INTERNATIONAL LOTTERY ORGANISATION." and "SOUTH AFRICAN WORLDWIDE LOTTERY" are fake. Both scams appear connected as they mention "SIR H. J. PONFA" as their "coordinator". The "claims agent" for this supposedly London, UK-based fake lottery is actually in Nigeria.

Are you sick of spam too? Do you want it stopped now? Try jwSpamSpy, the spamfilter we use to track the spammers! Free 30-day trial version available now!

A reply from the "claims agent" included a scan of a British passport issued in the name of "GILBERT ARNOLD MURRAY", born in June 1952 in Peterborough. For privacy reasons we won't reprint it here. We assume that the passport holder is not connected to the criminals and may actually be another victim in the scam. Apparently this scanned passport is also used in other 419 scams from Nigeria.

Example of spam email:

From: connecticut_lottery@virgilio.it
Sent: Tuesday, February 08, 2005 8:41 AM 
Subject: ~~ 2005 Lucky Winners!!! 



CONNECTICUT INTERNATIONAL LOTTERY ORGANISATION. 
138 BARINOR WALK WILLESDEN CE558LM LONDON,ENGLAND 
www.ctlottery.org 
FROM:THE DESK OF THE DIRECTOR OF PROMOTION 
INTERNATIONAL/PRIZE AWARD DEPT. 
REF: U.T./941OYI/02 
BATCH: 12/25/DC34 
Date: 08-02-05: 
   
                    WINNING NOTIFICATION: 
We happily announce to you the draw of the Connecticut 
International Lottery Organisation programs held on 
the 3rd of January 2005 in London, United Kingdom. 
Your e-mail address attached to ticket number: 564 
75600545 288 with Serial number 5388/02 drew the lucky 
numbers: 31-6-26-13-35-7, which subsequently won you 
the lottery in the 1st 2005 category. You have 
therefor approved for a lump sum pay out of 
US$2,500,000.00 (Two million, five hundred 
Thousand,United States Dollars) in cash credited to 
file PC/9080118308/02. This is from a total cash prize 
of US $ 25 Million dollars, shared amongstthe first 
Fifty (50) lucky winners in this category. Please note 
that your lucky winning number falls within our 
European booklet representative office in Europe as 
indicated in your play coupon. In view of this, your 
US$2,500,000.00 (Two million, five hundred 
thousand,UnitedStates Dollars) would be released to 
you by our security firm in Europe. Our European agent 
will immediately commence the process to facilitate 
the release of your funds as soon as you contact him. 
All participants were selected randomly from World 
Wide Web site through computer draw system and 
extracted from over 100,000 companies. This promotion 
takes place annually. For security reasons, you are 
advised to keep your winning information confidential 
till your claims is processed and your money remitted 
to you in what ever manner you deem fit to claim your 
prize. This is part of our precautionary measure to 
avoid double claiming and unwarranted abuse of this 
program by some unscrupulous elements. To file for 
your claim, please contact our fiduciary agent: 

Dr. Gilbart Arnold. 
Email:arnold_agent@ny.com 

To avoid unnecessary delays and complications, please 
quote your reference/batch numbers in any 
correspondences with us or our designated agent. 
Congratulations once more from all members and staffs 
of this program. Thank you for being part of our 
promotional lottery program. 
Sincerely, 
SIR H. J. PONFA 
LOTTERY COORDINATOR. 

Reply from the "claims agent":

Hello emailaddress,
How are you doing today?Thanks for your response to the winning notification that was sent to you.Congratulations once again on your victory,you are a lucky person to have won thislottery.Your email address was randomly selected via our cyber email selection machine.This event is done annually and it is a promotional event to assist the less privileged worldwide.
You are required to fill the below detail and send it back via email with the following details to help facilitate the processing of your certificate and the release of your winnings:
1. Full names____________________________________________
2. Residential address_____________________________________
3. Phone number_________________________________________
4. Fax number___________________________________________
5. Age____________________________________ _____________
6. Occupation ___________________________________________
7. Nationality____________________________________________
8. Next of kin____________________________________________
You are adviced to forward these informations as soon as possible to enable us attend to your file.Please note that your funds have been deposited safely in a security firms in Europe and your information will be forwarded to them before they can release your winnings.You are also to choose the mode which you want to collect your funds:
i. Travel down to Europe to collect it yours self.
ii. By electronic transfer.
After you have sent down these information, a certificate will be couriered to you. This is to be your proof of winning from this office to the security firm before they release your funds.We have put this measure in place to secure our winners funds.
However you are advised to keep your winning information confidential until your claim application is dul y processed and your winnings remmited to your nominated Bank Account. In the constitution of our company, we are not allowed to deduct or remove any amount of money from the prizes won by our clients-either for charges, taxes or other expenses which are needed for the processing and transfer of our clients' funds into their nominated bank accounts. This is because of the hard cover insurance policy that came with it and also for the safety of our client's funds.
You are adviced to forward these information as soon as possible to enable us attend to your file.Once again, congratulations.Have a nice day.
Yours sincerely,
Dr.Gilbart Arnold.

Message headers:

Received: from 208.197.227.17  (HELO mail1.chek.com) (208.197.227.17)
  by mta184.mail.re2.yahoo.com with SMTP; Wed, 09 Feb 2005 08:26:54 -0800
Received: (qmail 27047 invoked by uid 0); 9 Feb 2005 16:20:09 -0000
Received: from kant.synacor.com (HELO synacor.com) (10.10.6.60)
  by mailrelay2.synacor.com with SMTP; 9 Feb 2005 16:20:09 -0000
Received: (qmail 20774 invoked by uid 99); 9 Feb 2005 16:20:08 -0000
Date: 9 Feb 2005 16:20:08 -0000
From: "DR.GILBART ARNOLD" 
To: ct200504@yahoo.com
X-Originating-IP: [213.185.106.66]
Subject: Re: ~~ 2005 Lucky Winners!!! 
Disposition-Notification-To: arnold_agent@ny.com

     inetnum:      213.185.106.0 - 213.185.106.255
     netname:      INTELSAT-CUST-Timasy-NG
     descr:        Reassignment to Timasy customer, Nigeria
     country:      NG
     admin-c:      OO120-RIPE
     tech-c:       AO895-RIPE
     status:       ASSIGNED PA
     remarks:      *************************************************************
     remarks:      *                                                           *
     remarks:      *  For issues of abuse related to this IP address block,    *
     remarks:      *  including spam, please send email to:                    *
     remarks:      *                                                           *
     remarks:      *                    osytao@yahoo.com                       *
     remarks:      *                    techsupport@timasy.com                 *
     remarks:      *                                                           *
     remarks:      *************************************************************
     mnt-by:       AS22351-MNT
     mnt-lower:    AS22351-MNT
     mnt-routes:   AS22351-MNT
     changed:      tac.ops@Intelsat.com 20030915
     source:       RIPE
     
     person:       Osita Okeke
     address:      8b Akerele Street
                   Surulere, Lagos State, Nigeria
     phone:        +234 7736477
     e-mail:       osytao@yahoo.com
     nic-hdl:      OO120-RIPE
     mnt-by:       AS22351-MNT
     changed:      TAC.OPS@Intelsat.com 20040915
     source:       RIPE
     
     person:       Anthony Onyeka
     address:      8b Akerele Street
                   Surulere, Lagos State, Nigeria
     phone:        +234 1 891 1621
     e-mail:       tonyekas@yahoo.com
     nic-hdl:      AO895-RIPE
     mnt-by:       AS22351-MNT
     changed:      TAC.OPS@Intelsat.com 20040915
     source:       RIPE

From: "Lottery Coordinator" <mail160@webmailler.com>
Sent: Friday, 28 January, 2005 13:32
Subject: Congratulations!

CONNECTICUT INTERNATIONAL LOTTERY ORGANISATION.
138 BARINOR WALK
WILLESDEN CE558LM                                  LONDON,ENGLAND

www.ctlottery.org


    
WINNING NOTIFICATION:

CONNECTICUT INTERNATIONAL LOTTERY ORGANISATION.

FROM:THE DESK OF THE DIRECTOR OF PROMOTION
INTERNATIONAL/PRIZE AWARD DEPT.
REF: U.T./941OYI/02
BATCH: 12/25/DC34

We happily announce to you the draw of the Connecticut
International Lottery Organisation
programs held on the 3rd of January 2005 in London, United
Kingdom.
Your e-mail address attached to ticket number: 564 75600545
288 with Serial number 5388/02 drew the lucky numbers:
31-6-26-13-35-7, which subsequently won you the lottery in the 
1st  2005 category.

 You are therefore approved for a lump sum pay out of
US$2,500,000.00 (Two million, five hundred Thousand,United
States Dollars)  in cash credited to file PC/9080118308/02.
This is from a total cash prize of US $ 25 Million dollars,
shared amongst the first Fifty (50) lucky winners in this category.
Please note that your lucky winning number falls within our
European booklet representative office in Europe as indicated in
your play coupon.

In view of this, your US$2,500,000.00 (Two million, five
hundred thousand,UnitedStates Dollars) would be released to  you by
our security firm in Europe. Our European agent will immediately 
commence the process to facilitate the release of your funds as
 soon as you contact him. All participants were selected 
randomly from World Wide Web site through computer
draw system and extracted from over 100,000 companies.

 This promotion takes place annually. For security reasons,
 you are advised to keep your winning information 
confidential till your claims is processed and your money
remitted to you in what ever manner you deem fit to claim your prize.
This is part of our precautionary measure to avoid double
claiming and unwarranted abuse of this program by some unscrupulous
elements.

To file for your claim, please contact our fiduciary agent:


  Dr. Susan Scott
  Email:susan_scott@zwallet.com
       susan16scott@hotmail.com


To avoid unnecessary delays and complications,
please quote your reference/batch numbers in any
correspondences with us or our designated agent.
Congratulations once more from all members and staffs of
this program.

Thank you for being part of our promotional lottery
program.

Sincerely,
SIR H. J. PONFA
LOTTERY COORDINATOR.

The reply from the "claims agent":

Dear Winner,

We acknowledge the receipt of your mail requesting for your cash winning of 
US$2,500,000.00 (Two million, five hundred Thousand,United States Dollars)  
in cash credited to file PC/9080118308/02 for the CONNECTICUT INTERNATIONAL 
LOTTERY which was held on the 3rd of January 2005 in London, United Kingdom.

You have to begin the process for redeeming your prize. You are to send your 
full names, email
address,contact address,  telephone/fax  numbers, country of 
residence,occupation and any other
valuable information to this office.

As soon as you send these, your information will be compiled into our 
database and verified by the payment officer incharge. Your winning 
certificate will be endorsed and sent to you and you will receive 
notification from the accredited bank authorised to pay you.

Thank you for your cooperation and understanding.

Note: Always include your reference/batch numbers REF: U.T./941OYI/02, 
BATCH: 12/25/DC34 in all your correspondence to this office.

Regards,

Dr.Susan Scott

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Next email:

Attn:  Firstname Lastname,

Find attached your winning certificate and pin code for your perusal and 
safe keeping. The bank will contact you soon.

Regards,

Dr.Susan Scott

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Message headers:

Received: from 80.15.249.149 by by22fd.bay22.hotmail.msn.com with HTTP;
	Tue, 08 Feb 2005 11:34:27 GMT
X-Originating-IP: [80.15.249.149]
X-Originating-Email: [susan16scott@hotmail.com]
X-Sender: susan16scott@hotmail.com
From: "susan scott" <susan16scott@hotmail.com>

WHOIS details for sending network (IP 80.15.249.149):

     inetnum:      80.15.249.0 - 80.15.249.239
     netname:      AKAMAI-FT-US
     descr:	      Akamai Technologies - US machines connected to FT AS5511
     country:      US
     admin-c:      NARA1-RIPE
     tech-c:	      NARA1-RIPE
     tech-c:	      NF1714-RIPE
     status:	      ASSIGNED PA
     mnt-by:       FT-BRX
     changed:      gestionip.ft@francetelecom.com 20030204
     source:	      RIPE
     
     route:        80.15.240.0/20
     descr:        France Telecom
     descr:        Opentransit
     origin:       AS5511
     mnt-by:       FT-BRX
     changed:      gestionip.ft@francetelecom.com 20020208
     source:       RIPE
     
     role:         Network Architecture Role Account
     address:      Akamai Technologies
     address:      8 Cambridge Center
     address:      Cambridge, MA 02142
     phone:        +1-617-938-3130
     e-mail:       ip-admin@akamai.com
     admin-c:      NF1714-RIPE
     admin-c:      JP1944-RIPE
     tech-c:       NF1714-RIPE
     tech-c:       JP1944-RIPE
     nic-hdl:      NARA1-RIPE
     notify:       ip-admin@akamai.com
     changed:      ip-admin@akamai.com 20050314
     mnt-by:       AKAM1-RIPE-MNT
     source:       RIPE
     
     person:       Noam Freedman
     address:      Akamai Technologies
     address:      8 Cambridge Center
     address:      Cambridge, MA 02142
     phone:        +1-617-938-3130
     e-mail:       noam+ripe@akamai.com
     nic-hdl:      NF1714-RIPE
     notify:       noam+ripe@akamai.com
     changed:      noam+ripe@akamai.com 20050314
     mnt-by:       AKAM1-RIPE-MNT
     source:       RIPE

From: "Account Department" <account@chccinternational.info>
To: <emailaddress>
Sent: Wednesday, 09 February, 2005 20:43
Subject: Opening of Online Account.

Hello Firstname Lastname,
How are you doing todayWe have recieved your details from your fudiary 
agent that you have been cleared for payment of your lottery claims 
to you.

Please endeavour to fill the accounts details below and get back to 
us soonest so that we can open an account for you.Have a nice day 
and we  await your
urgent response.

  Full Name:
  Address:
  Nationality:
  Occupation:
  Age:
  Phone Number:
  Mobile Number:
  Fax Number:
  Email:
  Type Of Account:

Note: Please you are adviced to activate your account with a 
minimum opening deposit which will be credited to your account 
after activation. You have also been adviced to fill online 
transit account under the section of type of
Account. Thanks for your co-operation.
Regards,
Richard Palkowski
Accounts Director.
+44 2070600487

The same phone number was also used in the "Universal Trust Worldwide / Standard Chartered Chash Centre" scam which therefore must be run by the same gang.

Here are the money demands:

Hello Firstname,

How are you doing today?Thanks for your mail.I am very glad to hear that you have confirmed the activation of your account.Please note that you have to get clearance to facilitate the transfer of your lottery winnings to your nominated account.
Meanwhile, i had a meeting with the international transfer officers and the Internal revenue department officers this morning concerning the transfer of your lottery winnings to your nominated account.The amount they are charging you for cost of transfer (COT) and insurance to transfer your lottery winnings to your nominated account is 1,805 POUNDS STERLING.So once they get a confirmation of payment from you ,you will be cleared and issued a transfer clearance code to facilitate the transfer of your lottery winnings to your nominated account. Restrictions have been placed on lotterywinning transaction by the Swiss Federal Banking Comission till this process is concluded therefore we are unable to deduct charges from your winnings. Deduction of charges from a restricted /blocked transaction is a breach of applicable banking laws.

Please note that you have been adviced to pay the required transfer fees to their accounts officer who name and address is below via western union money transfer.

ARTHUR POYTER

128 Seymour Place

London,England

Please endeavour to send us the payment information via email so that we can confirm your payment,you will be issued your transfer clearance code to facilitate the transfer of your lottery winnings to your nominated account.We await to hear from you urgently.Have a nice weekend and congratulations once again.
Regards,

Richard Palkowski

Accounts Director.

WHOIS details for "chccinternational.info"

Request: chccinternational.info
connected to whois.afilias.net [129.33.96.134:43] ... 
Domain ID:D9455663-LRMS
Domain Name:CHCCINTERNATIONAL.INFO
Created On:22-Jan-2005 04:18:26 UTC
Last Updated On:24-Jan-2005 00:18:04 UTC
Expiration Date:22-Jan-2006 04:18:26 UTC
Sponsoring Registrar:R157-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C8589444-LRMS
Registrant Name:Stanley Thomas
Registrant Organization:812 hallock avenue
Registrant Street1:port jefferson station
Registrant City:New York
Registrant State/Province:New York
Registrant Postal Code:11776
Registrant Country:US
Registrant Phone:+1.7123240998
Registrant Email:stanley_thomas58@yahoo.com
Admin ID:C8589445-LRMS
Admin Name:Stanley Thomas
Admin Organization:812 hallock avenue
Admin Street1:port jefferson station
Admin City:New York
Admin State/Province:New York
Admin Postal Code:11776
Admin Country:US
Admin Phone:+1.7123240998
Admin Email:stanley_thomas58@yahoo.com
Billing ID:C8589446-LRMS
Billing Name:Stanley Thomas
Billing Organization:812 hallock avenue
Billing Street1:port jefferson station
Billing City:New York
Billing State/Province:New York
Billing Postal Code:11776
Billing Country:US
Billing Phone:+1.7123240998
Billing Email:stanley_thomas58@yahoo.com
Tech ID:C8589444-LRMS
Tech Name:Stanley Thomas
Tech Organization:812 hallock avenue
Tech Street1:port jefferson station
Tech City:New York
Tech State/Province:New York
Tech Postal Code:11776
Tech Country:US
Tech Phone:+1.7123240998
Tech Email:stanley_thomas58@yahoo.com
Name Server:DNS2.STARGATEINC.NET
Name Server:DNS1.STARGATEINC.NET

Here is another email from "DR.GILBART ARNOLD":

Date: 14 Feb 2005 17:03:04 -0000
From: "DR.GILBART ARNOLD" 
To: emailaddress
X-Originating-IP: [209.159.164.74]
Subject: Declear Your Legitimacy of Winning.
In-Reply-To: <2005020901####.#####.qmail@web42202.mail.yahoo.com>
Disposition-Notification-To: arnold_agent@ny.com
Mime-version: 1.0
X-MASSMAIL: 1.0
X-MASSMAIL: precedence.bulk
Content-Type: multipart/alternative;
 boundary="=====================_889472414==_"
Content-Length: 845


--=====================_889472414==_
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

Hello ,
  To avoid any uneccesary delays You are required to fill 
the below detail and send it back via email with the following 
details to help facilitate the processing of your certificate 
and the release of your winnings:
1. Full names____________________________________________
2. Residential address_____________________________________
3. Phone number_________________________________________
4. Fax number___________________________________________
5. Age____________________________________ _____________
6. Occupation ___________________________________________
7. Nationality____________________________________________
8. Next of kin____________________________________________
 You are adviced to forward these informations as soon as 
possible to enable us attend to your file.Please note that 
your funds have been deposited safely in a security firms 
in Europe and your information will be forwarded to them 
before they can release your winnings.You are also to choose 
the mode which you want to collect your funds:
i. Travel down to Europe to collect it yours self?.
ii. By electronic transfer?.

Yours sincerely,
Dr.Gilbart Arnold.

FOR MORE INFOMATION:
CONTACT THE LOTTERY,
AFFAIRS DEPARTMAENT,
+44 2070600487

Sending network (IP 209.159.164.74):

     OrgName:    Direct On PC 
     OrgID:      DOP-13
     Address:    Plot B Block 1 Ilupeju Industrial Estate
     City:       Lagos
     StateProv:  
     PostalCode: 
     Country:    NG
     
     NetRange:   209.159.164.0 - 209.159.164.255 
     CIDR:       209.159.164.0/24 
     NetName:    DIRECTONPC
     NetHandle:  NET-209-159-164-0-1
     Parent:     NET-209-159-160-0-1
     NetType:    Reassigned
     NameServer: NS1.DIRECTONTV.COM
     NameServer: NS2.DIRECTONTV.COM
     Comment:    
     RegDate:    2004-08-27
     Updated:    2004-08-27
     
     TechHandle: SDE40-ARIN
     TechName:   employee name withheld
     TechPhone:  2348037758234
     TechEmail:  saroj at directonpc.com 
     
     OrgTechHandle: SDE40-ARIN
     OrgTechName:   employee name withheld
     OrgTechPhone:  2348037758234
     OrgTechEmail:  saroj@directonpc.com

Another Gilart Arnold email:

Hello Winner,
    How are you doing?Sorry there was a break in the processing 
of prizes,as you know this has to do with a a large sum of money.
    Nothwithstanding,the organisation has make a new protocol of 
claiming prizes.There has been the introduction of investors who 
are willing to invest in winners prize and at the end of the day 
collects a commission for it.
    Right now, all you need do is to work with your investor he 
is going to handle all the expenses that will be incured in the 
processing of your winnings.You are not going to pay a dime/penny 
for any thing.
    You are advised to hook up and once more we sincerely apologised 
for the long break up,it was all the arrangements and agreements 
of the main officials of the organisation (connecticut lottery 
programme) because of the incessent crimes in the internet with 
our sites and programmes.
    So,you are advised to act accordingly and fast.Have a nice day.

Regards,
Dr.Gilbart Arnold.

Message headers:

From: "DR.GILBART ARNOLD" <arnold_agent@ny.com>
To: emailaddress
X-Originating-IP: [192.116.80.163]
Subject: Delay For Security.

WHOIS details for sending network (IP 192.116.80.163):

     inetnum:      192.116.79.0 - 192.116.82.255
     netname:      GILAT-SATCOM-BLOCK-4-27-28-33
     descr:        Gilat-Satcom
     remarks:      For abuse issues related to Gilat, email abuse-gilat@012.net.il
     notify:       abuse-gilat@012.net.il
     country:      GB
     admin-c:      GS3350-RIPE
     tech-c:       GS3350-RIPE
     status:       ASSIGNED PA
     mnt-by:       AS9116-MNT
     mnt-lower:    AS9116-MNT
     changed:      lir@linux.goldenlines.net.il 20050102
     source:       RIPE
     
     route:        192.116.64.0/18
     descr:        Goldenlines
     remarks:      For addressing issues, email lir@linux.goldenlines.net.il
     remarks:      For abuse issues, email abuse@012.net.il
     origin:       AS9116
     mnt-by:       AS9116-MNT
     changed:      lir@linux.goldenlines.net.il 20041121
     source:       RIPE
     
     role:         Gilat Support
     address:      Gilat Satcom
     address:      21D Yagia Kapaim st. Petach-Tikva, Israel
     phone:        +972 3 9255000
     fax-no:       +972 3 9217938
     admin-c:      DR5299-RIPE
     admin-c:      GE2074-RIPE
     tech-c:       DR5299-RIPE
     tech-c:       GE2074-RIPE
     trouble:      abuse-gilat@012.net.il
     e-mail:       customer@gilat.net
     nic-hdl:      GS3350-RIPE
     mnt-by:       AS9116-MNT
     changed:      hank@att.net.il 20040909
     source:       RIPE

Are you sick of spam too? Do you want it stopped now? Try jwSpamSpy, the spamfilter we use to track the spammers! Free 30-day trial version available now!