Nigerian Cake Scams

In another interesting collision of Sweet Element‘s world and mine, Jen asked me one morning to take a look at a really weird set of emails she received from someone inquiring about a wedding cake.

The first email that arrived was nothing out of the ordinary as it was a simple referral from weddingwire.com where Jen is an active advertiser:

From: no-reply@weddingwire.com
Date: February 20, 2012 10:37:33 AM EST
To: Sweet Element
Cc: denisehevak2@yahoo.com
Subject: Denise Shevak would like information about your services!

Denise Shevak found your business directly on the vendor catalog and would like to know more about your services. Please respond to this lead within 24 hours. Here is the lead’s contact information:

Name: Denise Shevak
Email: denisehevak2@yahoo.com
Phone: Not provided

Wedding Date: Apr 29, 2012
Location: Not provided

Message:
Please send me an email with information about your services.

Simple enough, right? I checked the headers on this email and it did come in from weddingwire.com’s servers, but unfortunately their server didn’t include the source IP address of the person filling out the form or anything else that could yield any clues.

Jen, followed up with an email asking for lots of additional info as “Denise” failed to include helpful information and her wedding was 2 months away. What came back was curious, to say the least.

From: “Denise Shevak” <denisehevak2@yahoo.com>
Subject: Re: Wedding Cake Inquiry
Date: Wed, February 29, 2012 3:06 am
To: Sweet Element

Thanks for responding to my posting and apology for my late response. Let’s get down to business, I would love you to take care of our wedding cake and I would want it to be 2 tiers cake for about 120 guests. I know you would really want to make the day a memorable one for me and my fiance.Attached is a preferred design of the cake. If you have an idea you could add to make the creativity more perfect.

The venue for the wedding is taking place in the apartment’s compound I’m relocating to in Bogota, New Jersey 07603. The date is 04/29/2012.Time is 11am.I am currently living HACKENSACK,NJ and still very much around but working offshore in United Kingdom. I will resume back to work next Monday. I am sure we can conclude on everything before I leave.

Please, make the cake color to be two, cream and butter color and not white as shown in the picture but I want you to design it with roses. The color of the roses has to be yellow and white. I love creativity, it’s a sign that I’m getting the best of the cake. The flavor can be 2 for each tier. (1) Vanilla and (2) Coconut.Let me know the total cost for the cake and as regard delivery, I could arrange for pick up and you could make delivery as well.

Thanks as I await your response,

Denise.

Aside from the rather odd language, the one thing that really caught my attention was “HACKENSACK, NJ” standing out like a sore thumb in all caps. Why would they choose such a specific city? If you look up Sweet Element’s phone number, the area-code and prefix is for Hackensack, NJ. In reality, it’s just a phone number and the Sweet Element cake studio is actually quite a distance from Hackensack – but the scammers don’t know that. All the scammer is trying to do is establish that they are from the area and even mention the city of Bogota, NJ which is right across the Hackensack River.

So exactly what is going on here? Let’s find out.

The first thing I did was upload the attached cake photo to TinEye to see if it had shown up anywhere else, hoping to find it referenced on a blog somewhere confirming it was a scam. Nothing at the time I first looked, but I’m sure that will change soon enough as more people become aware of this particular variation of the scam and warn others.

Next, I took a look at the email headers. I’ll spare you the full, lengthy email header, but will include the most critical line below which shows the first time the message hit Yahoo’s servers:

Received: from [41.220.69.9] by web121303.mail.ne1.yahoo.com
via HTTP; Wed, 29 Feb 2012 00:06:01 PST

It’s rather fortunate that, Yahoo Mail keeps the source IP address of the web client in the headers of the message and we can see that the mail originated from 41.220.69.9. Looking up this address at ip-lookup.net, we find that it originates just outside of New Jersey in the country of Nigeria. Another quick check at Project Honeypot shows a great deal of malicious activity from this node as well as many others in the same subnet.

Yeah – it’s a scam.

So how does the Nigerian Cake Scam work? A similar scam has been going on for a while now, although the story has changed a little. The scammer contacts the victim wishing to order a cake and pays for the cost of the cake plus delivery using a stolen credit card but insists on having the cake delivered by a specific delivery company that the victim is asked to wire payment to. The shipping company is the scammer. It would not surprise me to find that the United Kingdom was mentioned in the email in order to make sure the victim doesn’t have issues wiring money to a UK shipping company when the payment phase of the scam begins.

Unfortunately, I have heard of people that actually fell victim to these scams, made the cakes and prepared them for delivery only to be cheated out of their time, resources, money and are then stuck with an extra bill because the credit card processors hold vendors financially responsible for the fraudulent charges.

 

About J-Michael Roberts

Computer guy. Digital forensics guy. Hacker. Slayer of spam. Barbeque pitmaster. Cake engineer. Expert at nothing. Opinions here are mine alone. Topics presented may be a joke, but probably aren't.
This entry was posted in Uncategorized. Bookmark the permalink.

7 Responses to Nigerian Cake Scams

  1. Stephen says:

    Ha! I got the same email and it really just felt like one of those crazy scams. The bold HACKENSACK, the fact that Haceknsack is like three hours from me, the strange wording… I googled ‘wedding cake scam Denise’ and this link came up. Thanks!

  2. We got this one, too! I simply searched Denise Shevak and found your post. The response was almost word for word, though it was changed for a wedding in Andersonville, TN, I guess since we’re in Nashville. Anyone familiar with Nashville knows that Andersonville is not in standard delivery range- hard to ignore all the red flags. 🙂

  3. Jill Brown says:

    and they strike again…..
    I got the original email requesting information back in January, 2012 from a Tony Rock at tonyock@yahoo.com. He even gave me a bogus number of 607-648-7210. My emails used addresses in Missouri as I am in Illinois. I never thought it would be a scam. Word for word, the email I got is almost the same as the one above.
    I went along with everything almost until it was too late. I have bought materials, but thankfully they can be used elsewhere. Even wired the money. BUT I was able to stop it from being delivered thanks to my bank flaging the cashier’s check and calling me. Now I am only out the $95 service fee. A small price to pay for my own education into bad people out there.
    To make it even more interesting, I even got a sob story as to why they called on me from so far away – as their original contact lost her husband and had to travel out of the country. When the payment was delayed I got the story that his bride had a miscarriage and they were postponing the wedding a month. Now she’s in Virgina with medical issues and I need to send the balance there. There was a story for every issue that came up.

    What a piece of work this operation is. I cannot believe there are people out there like this. So sad.
    I finally got a bogus cashier’s check this week.

  4. Liz v says:

    I am a makeup artist and got two emails from “Denise”. I was wary at the first one but did sent a terse response just to feel the client out. Seems her wedding date also changed between emails….just googled her and, boom, here she is.
    I hope vendors keep their ears up for scams like this, thanks!

  5. Patricia says:

    The same here! Only thing she seemed to respond to my emails… And never mentioned a UK Company doing the delivery. I tried to contact her by phone a couple time, left voice mail, and… NOTHING! Denise’s request came to me through Wedding Wire too. Does anybody know if Wedding Wire can do something about it?

  6. Mary's Cakes says:

    We’ve gotten so many of these scams, there is an entire category on my blog for them. Glad nobody lost out on this one. http://www.caketalkblog.com/scam-alert/

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.