A memo to Middle- East Asia Promotion. Thank you for letting me know that I’ve won $720,000.00 in a promotion sponsored by Dell and the Emirates Foundation. Four days running: nothing suspicious about that, nor the fact that my wife has apparently won the same amount in the same promotion every day for the past week. We’re just a lucky family.
Having been a security professional for nearly 20 years, I have of course never heard of a 419, advance fee fraud, or a lottery scam, and will be pleased to contact you immediately to find out how much money I need to send to you before you can release the funds due to me. Not.
I’ve seen some badly executed scams in my time, but this is in a class of its own. Although…
It seems another old favourite among 419 scams has succeeded in mildly embarrassing the UK government, even if it failed as a fraud. The Register reports that Jack Straw, the UK’s Justice Secretary, was used as the hook to hang a 419 on. A message was sent to constituents, colleagues and so on, allegedly from Straw himself, claiming that he was in trouble in Nigeria, having lost his wallet while promoting a charity.
Connoisseurs of the advanced fee fraud will immediately recognize this as a vintage scam: if it’s new to you, please be aware that such scams are not always focused on public figures and celebrities. Nor do they always claim a Nigerian connection: 419 gangs are as aware as anyone of the country’s bad reputation as regards this kind of fraud. Indeed, they sometimes exploit it by disguising their scams as some kind of anti-scam initiative.
Why is this case potentially embarrassing? Well, anyone can be used as the innocent hook for this particular fraud: however, there’s a question mark over the fact that the scammers were able to send the fraudulent message to the contacts associated with that address, which suggests that they gained access to an address book.
When I say that this scam is vintage, I’m perfectly serious. While this particular wrinkle dates back a few years, it’s clearly inspired by the Spanish Prisoner scam, where the "victim" is a rich and/or high-born individual held to ransom in a foreign country: Wikipedia says that this goes back to the 1920s, but other sources believe it goes back much earlier. Of course, most 419s can be traced back to the Spanish Prisoner trick in some respect, but the line of succession here is particularly obvious.
By the way, having spent several weeks in the US recently, a habit that generally involves my seeing more repeats of cop shows on television than is good for me, I was fascinated to discover that 419 is also a Hundred Code designation for a dead human body. Wikipedia, however, failed to hold my interest by telling me that it’s also the area code for the NW corner of Ohio. :)
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET