Threat Management, Malware, Phishing

The luck of the Irish

Advance fee fraud of the 419 persuasion isn't exactly novel. We can trace a direct line of descent from the “Spanish Prisoner” scam, going back at least to the 19th century, though the action moved to Nigeria a long time ago. The theme has since been taken up in many other parts of the world. However, it still retains the dishonorable name 419, from the section of the Nigerian criminal code meant to address fraud. Evidently, the approach still works, despite the sometimes stereotypical nature of the phrasing. In fact, these scams often come up with an unexpected twist that inspires a certain reluctant admiration in a jaded scamwatcher (the Nigerian cosmonaut needing help to return to earth, the Pope's secret fund for doing good works, the ethical hitman who has decided that you don't deserve to die).

And, as my colleague Urban Schrott of ESET Northern Ireland suggests, they've learned the value of targeting. Well, you might wonder whether a country in the throes of a debt crisis is the best possible target, but I guess prosperity is relative. At any rate, Ireland has been blessed with several targeted or semi-targeted 419 scams of late. In fact, I discussed one of the scams Urban brought to my attention here.

While the Irish connection is fairly tenuous in the scam described by Urban in his latest blog – the supposed sender (an old-ish lady dying of cancer and wanting her fortune to go to good causes) claims to be “from republic of Ireland, born in the State of Ohio, USA” – but then, the poor old dear seems to be even more confused than I am, though not much older. If she's 71, has lived in South Africa since 1985 and lived with her husband for 32 years in Switzerland before that, doesn't she have to have been married at the age of 12 or 13? I'm fairly sure that's not legal in Ireland, Ohio or Switzerland, the marital adventures of Jerry Lee Lewis notwithstanding.

Still, the scam message has some interesting features. It's accompanied by a heart-rending photograph of the supposed sender lying in her hospital bed with a priest in attendance. It's not the first time I've seen this kind of “evidence” used in 419s, but it's not common.

By way of further spurious supporting evidence, the message includes a link to a BBC news article announcing the plane crash in which her husband is supposed to have “been involved,” though the link doesn't actually work. Other archived instances of the same scam quote this, which actually refers to a more recent crash and gives no information about the individuals killed in the 2000 crash. Of course, it's not uncommon for 419s to relate to real people without proving any connection between those victims and the supposed sender of the scam message.

I also notice the obligatory quotation from the Bible. I'm not sure if Solomon really said that “wealth acquisition without God is vanity,” but an awful lot of scammers seem to think he did. And that brings us to one more interesting feature. Most phishing scams and many 419s try to panic the victim into responding quickly (perhaps before they have time to check or even think about the plausibility of the claims). There is an element of urgency to any scam that uses the “I'm about to kick the bucket and want to leave my money to you” ploy, I suppose, but there's a certain dark humor to “Esther's” assertion that she has “one month and two weeks to live” – how can she be so precise? In fact, back in January, she didn't expect to see April, so you'd think she had cause for optimism. I also notice that her fortune has been reduced by nearly half, though, so maybe she spent that 10 million dollars on doctors with better prognostic skills.

You have to laugh at this stuff. Getting angry at this heartless (if stupid) emotional manipulation is bad for the blood pressure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.