Tag Archives: Email Scams

Retired couple gives away $11 million lottery win, but not to you

This message was waiting in my inbox this morning. It may actually be one of the best examples of social engineering I’ve yet come across:

Dear sir/madam
 
This is a personal email directed to you. I and my wife won a Jackpot Lottery of $11.3 million in July and have voluntarily decided to donate the sum of $500,000.00 USD to you as part of our own charity project to improve the lot of 10 lucky individuals all over the world. If you have received this email then you are one of the lucky recipients and all you have to do is get back with us so that we can send your details to the payout bank. Please you have to help me in prayer for my wife, You can verify this by visiting the web pages below.*(allen.violet.large01@filipinos.ca)*
 
http://www.msnbc.msn.com/id/40009180/ns/us_news-giving/t/retired-couple-gives-away-million-lottery-win/
 
Note: YOU HAVE TO CONTACT MY PRIVATE EMAIL *( allen.violet.large01@filipinos.ca )* FOR MORE INFO
 
Goodluck,
Allen and Violet Large
Email: allen.violet.large01@filipinos.ca

Here’s what was so brilliant about it: you know how these scam email messages always contain disguised links (e.g., the link says “chase.com” but really takes you to some spyware-infested website with a .ru domain)?

The website shown in the message wasn’t disguised at all. Furthermore, it really takes you to an MSNBC article. Further furthermore, there really was an elderly couple from Nova Scotia named Allen and Violet Large, who really won $11 million playing the lottery, and who really did give it all away. I didn’t remove the link from the message quoted above—it’s safe to go ahead and click on it (it’s actually kind of a neat story).

So how do I know it’s not real, and is in fact just another Nigerian 419-style scam?

First off, it arrived via email. To me, it’s already suspicious. Secondly, it’s an email that’s telling me I’m going to get a large amount of cash for doing nothing. At this point, I’m already one thousand percent sure it’s fraudulent.

But let’s really make a case against it, shall we? Read the first paragraph of the MSNBC article (emphasis mine):

An elderly couple who won around $11 million from a lottery ticket in Canada have given the money away to good causes and family, according to media reports.

Have given. Not “are giving.” It’s a done deal, dude; if you’re not a good cause or related to the Larges, and if you haven’t already received money from them, you’re not getting any ’cause there ain’t no more.

Finally, the senders made a rookie mistake: the “from” line didn’t say Allen Large or Violet Large, nor did it contain the “filipinos.ca” email address; instead the message appeared to come from a completely different name with a scasd.us email address (it’s that of a real person, so I won’t give any more details than that).

I don’t know where this scam is coming from, so I can’t say if it’s just a plain old Nigerian 419-style scam or a Nigerian Nigerian 419 scam, but I noticed the signature at the end uses the word “Goodluck” instead of “good luck,” and it only stood out to me because I know that the President of Nigeria is actually named Goodluck Jonathan.

Then again, that could just be a typo; since we already know it’s a scam, we’re really just sort of nitpicking at this point.

Nigerian 419 Scam: “Your Bank Draft”

Often, phishing emails are tricky because they contain an offer that many people would find tempting. This one I received over the weekend does not have that problem:

From: Dr Lawrence Burns <test@mir-grp.com>
To: ss@yahoo.com
Subject: YOUR BANK DRAFT

Dear Friend,

It is my pleasure to let you know about my success in getting those fund transferred under the cooperation of a new Partner from Greece. I didn’t forget your past efforts to assist me in transferring those funds.

Now contact my secretary Mr. Goodluck Okeke his email is (good_okeke@w.cn) ask him to send you the total $3.2 certified bank draft which I raised for your compensation so feel free and get in touched with him and give him your Address such as Full name Home address direct phone number where to send the draft.

Let me know immediately you receive it for us to share the joy. I am very busy here with investment projects which I am having at hand, finally, I left instruction to the secretary on your behalf, so feel free to get in touch with him.

Best regards,
Dr Lawrence Burns

$3.2? As in three dollars and twenty cents?

I don’t want to come off as some kinda spoiled, complacent jerkface here, Doctor Larry, but that seems like an awful lot of work for $3.20.

Obviously, they left out the word “million” and I’m just being snarky here, but there are some interesting things. We’ve got the usual email-address-salad going on here, with the mysterious “mir-grp.com” domain, the China-based “w.cn,” and someone at yahoo.com. We’ve also got a mention of someone named “Goodluck,” which is apparently a popular first name in (wait for it…) Nigeria.

In other words, all the evidence of a Nigerian 419 scam is present and accounted for.

Not even the FBI Director is above falling for a phishing scam

I spend a lot of time on this site repeating (explicitly or implicitly) these two ideas:

  1. You can take steps to vastly reduce your chances of becoming a victim of fraud or identity theft
  2. That said, nobody is ever 100% safe, and nobody is “too smart” to walk right into a scam

The following is an excerpt from a recent speech by FBI Director Robert S. Mueller, III:

Most of us assume we will not be targets of cyber crime. We are not as careful as we know we should be.  Let me give you an example.

Not long ago, the head one of our nation’s domestic agencies received an e-mail purporting to be from his bank. It looked perfectly legitimate, and asked him to verify some information. He started to follow the instructions, but then realized this might not be such a good idea.

It turned out that he was just a few clicks away from falling into a classic Internet “phishing” scam—“phishing” with a “P-H.” This is someone who spends a good deal of his professional life warning others about the perils of cyber crime. Yet he barely caught himself in time.

He definitely should have known better. I can say this with certainty, because it was me.

After changing all our passwords, I tried to pass the incident off to my wife as a “teachable moment.” To which she replied: “It is not my teachable moment. However, it is our money. No more Internet banking for you!”

If I didn’t dislike vapid clichés like “it really makes you think” so much, I’d probably say that right now. I mean, it would be funny (but not ha-ha funny) enough if someone like myself fell for a phishing email, but the FBI Director?

I think the Soup Nazi-esque “no online banking for you!” response is extreme, although I can see how a high-profile figure like Mueller could have his reasons beyond just his own personal finances for going offline—namely, his very credibility.

For the rest of us, though, online banking and bill payment is still very safe, as long as you’re informed when it comes to the dangers. If you get an email that appears to be from a financial institution, don’t click on any links within that message. Go directly to that bank, credit union or credit card company’s website by typing the URL manually, or by running a search on Google, and log in from there. Of course, if it’s from an institution you don’t even have a relationship with, you’re pretty safe in assuming it’s phony.

The full text of Mueller’s speech is an interesting read, if you have a few minutes, by the way.

Worst. Scam. Attempt. Ever.

Here’s an attempt at an email scam that nobody should ever fall for. Seriously, it’s like they weren’t even trying:

From: “Mr. R. Jan” <[removed]@gmail.com>
Sent 9/6/2009 3:21:48 PM
To: [removed]
Subject: ATTENTION NEEDED

My name is Mr. Jan and I am contacting you from Liberia for
a mutual business relationship and investment.
I have some funds realized through contract brokerage and I
need your cooperation to invest the funds.
The first stage requires transferring the funds to your
account for subsequent investment.
I therefore want you to work with me as a partner.  On
receipt of your response, I will send you full details of
the transaction and more information about myself.  I
am waiting for your prompt response.
Jan

I’m not even going to bother picking this thing apart. Yes, it’s a total scam. Yes, you should just delete it. No, it’s not a real investment opportunity.