I was catching up with my email after having to concentrate for a while on a nearly-due conference paper and other writing deadlines. Well, being behind on email is nothing new, but this time I found a couple of entertaining items on the 419 front.
Item 1: another contender for the most incompetent 419 of this decade so far.
– – -Original Message – – -
From: frank dowie [mailto: ]
Sent: 29 May 2011 11:51
To: undisclosed recipients:
Subject: you have won
Yep. That's it, apart from a mail-to address in the [From:] field which I've deleted a very Nigerian-sounding yahoo.com address, just in case you're tempted to reply to it on my behalf. Although, if you really think you might respond to a message like this, I suggest that you stop reading security articles and give all your possessions to a worthy cause, before some scammer gets them.
Item 2 is less amusing but may be a little more interesting.
From: Me [mailto:]
Sent: 29 April 2011 11:25
Subject: See attachment for your winning information!!
Yep, that's it, apart from the address, which again I've deleted, and the attachment, which is worth a look in its own right, though I haven't shown the whole thing here.
(Perhaps “frank dowie” also intended to send an attachment, but there's no indication of that in the message.)
If nothing else, it's the first scam tied to the 2014 World Cup to hit my radar. Well, full marks for forward thinking, Mrs Angela C. Elvis (Zonal Coordinator).
At first glance, it might look moderately convincing. It includes a slightly distorted version of the official FIFA logo, and lots of reassuringly long reference numbers that I'll need when I contact the Fiduciary Agent, who apparently has a South African telephone number and a representative.com email address. In fact, apart from the logo, this “Euro Afro British Lottery Promotion” doesn't seem to have much to do with Brazil at all. Though the “Brazil 2014 Worldcup Lottery Programm” (sic) apparently has 32,000,000 pounds to give away to people who haven't even bought a ticket: since I received the news via a little-used AVIEN administrator account, does that mean I have to share my 800,000 pounds with the rest of AVIEN?
Of course, this is all window dressing: What the scammers want me to send them is the usual contact info that we see in less ornate lottery scams. But I don't plan to play ball.
This is far from the first 419 scam to try to evade spam filters by hiding the scam message in an attachment: We see these as JPGs, Word documents, PDFs, even Powerpoint presentations. Curiously enough, Graham Cluley recently flagged a scam reverting to an older generation of 419 dissemination. One of his colleagues apparently received a 419 through the post. You know the sort of thing. In an envelope. With a stamp. You know, snailmail. Given the cost of a stamp in the UK nowadays, you have to wonder about the ROI... Surely the UK Post Office couldn't be in on the scam?
