"THOSE PEOPLE YOU ARE DEALING WITH ARE FAKE." So starts the Nigerian-style scam email submitted to us by Daniel Sefton. In such schemes, the sender attempts to swindle the recipient out of money, often by convincing the victim to pay some fee to transfer a prize, an inheritance sum, or money from another unexpected source.
Contents the Fraudulent Email
The message we received offers an interesting twist on the scam by warning the recipient to be careful when receiving such messages. The email claims to come from Susan Walter, a US citizen living in Texas. "Susan" writes, "I am one of those that executed a contract in Nigeria years ago and they refused to pay me, I had paid over $70,000 trying to get my payment all to no avail."
The message explains how "Susan" traveled to Nigeria in an attempt to collect the funds owed to her. There, she met with Barr. Mat Oto, a "member of CONTRACT AWARD COMMITTEE." He then "took me to the paying bank, which is Zenith Bank, and I am the happiest woman on this earth because I have received my contract funds of $4.2Million USD."
"Susan" also explains that she saw documents that listed the recipient of her email as a victim of such a fraud. She advises the recipient to contact Barr. Mat Oto via the supplied contact details. This will allow the recipient to retrieve the money that might be owed to him or her, at the mere cost of $1,200 payable to the Internal Revenue Service (IRS).
A web search revealed that such messages began circulating in late April, 2008. April's message I encountered used a specified a different name for the helpful Nigerian official, "Barrister Afam Richardson Esq," and used the subject "Your happiness is my concern." A message sent in May used "Susan Walter" as a sender. One specified the amount paid to IRS as $980; another as $1,200.
Investigating Fraudulent Messages
If you receive a suspicious message, consider searching for its elements on urgentmessage.org. This website archives and indexes spam messages of fraudulent nature. The most interesting feature of the site is the correlation it performs across contact details specified in the messages, such as names, email addresses, and phone numbers. This helps you find related messages to understand the scope and history of the scam.
Consider the diagram the website generated for "Susan's" message described above:
The diagram on the website is clickable. Clicking on "Susan's" email address brought me to a page that showed a related message and additional elements worth investigating:
Do you have your favorite tools or websites for investigating fraudulent emails? Let us know, and we'll share your tips with our readers.
Lenny teaches a SANS course on analyzing malware.
Jun 5th 2008
1 decade ago