December 2, 2013

Spam Can: "419" UN winning scam

Previous Spam Can posts looked at the minimalist approach to phishing, but today I finally got something with a bit more meat to it to disect.

The email I received from "Mr. Boisard" is almost word-for-word from the 419 scam example at the site 419Scam.org. The only differences between the 419Scam's 2012 example and my 2013 email is the subject and email address. The phone number +44701114872 is a United Kingdom number that redirects the caller to a cell phone in another country. Phishing scams will often list cell phone numbers, so the scammer can easily answer the call on the go or sitting at an Internet cafĂ©.

419 Scam UN Lotto Winner

The "officials" listed use free web-based email services instead of professional email services. For instance, US government emails would end with ".gov," military emails would end with ".mil" and United Nations email would end with "@un.org." The email appears to come from a Mr. Marcel A. Boisard. Based on a quick Internet search on this name, he is listed as the Under-Secretary General to the United Nations and former Executive Director of United Nations Institute for Training and Research. Scammers will often use real names to add a sense of legitimacy to their email; however, I'm certain that the real Mr. Boisard has an efficient staff to reach contacts on his behalf. While I admit that I'm a pretty cool person, I doubt that any Under Secretary will personally contact me, let alone from mrmarcelboisardH234@hotmail.jp

The scammers insert official sounding language to lull the receiver into a false sense of security. Why would the send you the "PIN code" and "Password" into a single email then ask you to verify yourself by sending sensitive information. While more and more people are becoming more comfortable with passing sensitive information through emails, please hesitate to do so when you don't even know the identity of the sender.

Another sign that this email is a phishing attempt is the poor use of the written language. Written correspondence from officials will not switch back and forth between using capital or lower case letters.
Enhanced by Zemanta

No comments:

Post a Comment