Cybercriminals are offering the “winners” of one 419 phishing scam a 2016 BMW X6M, a $1.5 million check and an Apple laptop in exchange for personal identifiable information (PII).
Malwarebytes researchers spotted threat actors sending emails entitled “Dear Lucky Winner” from the so-called “BMW Lottery Department” requesting the target's name, address, nationality, age, occupation, direct phone, present country, and email, according to an April 12 blog post. The '419' refers to the section of Nigeria's Criminal Code which outlaws the practice, according to the Australian Competition and Consumer Commission. The first wave of such attacks originated in Nigeria.
Researchers pointed out the attackers are asking victims to send their information to an office claims department which uses a Gmail account that misspells the automaker's name as “BWM” instead of BMW.