Scams and the Beautiful Game

We like to give you plenty of warning when we suspect that something unpleasant is coming down the pike, even if it’s just one of those likely bursts of Black Hat SEO (web search poisoning) that come with a media-friendly event.

Still, I suspect that if I told you we expect lots of malicious activity around the FIFA World Cup in 2014, you’d probably say “Why the heck are you telling me about that now?” The answer, of course, is that it’s already here (the malicious activity, not 2014).  Yes, I recently picked up my very first 419 lottery scam based on the World Cup. As I went into some detail on that and another 419 in an article for SC Magazine’s Cybercrime Corner, I’ll just give you the pointer for that article rather than describe it here.

However, I just came across another World Cup related scam that I thought was worth a blog in itself. In this instance, it’s not a lottery scam, and it uses the last World Cup (held partly in Cape Town) as a hook, not the next.

Photograph ©Small Blue-Green World 2007, used by permission

In fact, it’s one of those “I’m a bank manager looking for a foreigner to help me plunder the account of another (dead) foreigner” scams. Let’s take a closer look at what Donald Malema, allegedly the Chief Accounts Supervisor for the AMERICAN EXPRESS BANK OF SOUTH AFRICA (his capitalization…), has to say.

I would like us to work as partners in transferring the sum of $ 5 000 000 00 [FIVE MILLION UNITED STATES DOLLARS] into your bank account.

So far, so bad. Same old stuff.

These funds were deposited into our bank by one tourist from Netherlands   MR. SRAN VAN DER VON whom has visited South Africa for the FIFA WORLD CUP TOURNAMENT. After his country lost to SPAIN in the final, the man committed suicide in his hotel room the same night after the soccer match. Latter a report came to our bank that the man took his own life as a result of his country loosing to Spain and the main reason for his action is that the man has gambled with his MINING COMPANY in Netherlands and this company is said to worth about 50 million united states dollars thinking his country will surely win but unfortunately the match did not go his way.

Heartrending, huh? When you’ve wiped your eyes and blown your nose, let’s move on. He goes on to tell me how the late Mr VAN DER VON left no family contact details, and he needs me to get the funds out of the bank. Standard stuff. But the next bit is really rich.

I give you a 100% assurance that these funds will be released to you only if you will work with me in truth and honesty.

Say what? You want an honest man to help you scam the bank you work for and the estate of a dead Dutchman. Well, that’s normal. Not. Did I mention the bit at the top of the letter where he tells me that:

this is not one of those junk emails you may have received by strange dishonest individuals who uses people’s personal details for  fraudulent acts.

OK. I’m convinced. And so are my friends the pixies.

This doesn’t have much in common directly with the mail I described in the earlier blog. Apart from being a different kind of 419, using a different email address and contact phone numbers (both apparently in South Africa, though, as was the case with the lottery scam). It has two significant resemblances, though.

Firstly, the email account used is at representative.com (which does seem to be 419 provider of choice at the moment).

Secondly, the message isn’t, as you might expect, contained in the body of the email, but attached as a Word document. The other message was also contained in an attachment, though in that case the attachment was a JPEG.

It’s not unusual for scammers to attempt to avoid spam filters by making the main message part of an attachment, and while 419s are still often basic text messages, it’s by no means unknown for them to be transmitted as Word docs, graphics files or PDFs, though I have yet to see one sent as a spreadsheet.

Come to think of it, that would almost make sense from a rogue bank manager ;-)

And here, in sympathy with the erratic chronology of these 419s, is a photograph of football on Green Point, Cape Town, around the time construction began on the  stadium for the 2010 World Cup.

Photograph ©Small Blue-Green World 2007, used by permission

Not great resolution: it’s a detail from a panoramic shot taken from Signal Hill. I could have included the shoreline, but then you’d have needed a 50″ monitor to see the goalposts, let alone the people. :)

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

 

Author David Harley, ESET

  • Martijn Grooten

    HELLO I AM THE SON OF THE EMIR OF QATAR I NEED YOUR HELP TRANSFERRING $5,000,000.00 (FIVE MILLION DOLLARS) TO A BANK IN THE CARIBIAN TO EXPRESS MY GRATITUDE FOR OUR SUCCESFUL WORLD CUP BID. etc.

    • David Harley

      What’s the matter, Martijn? VB not paying you enough? :-D

  • Kim

    I got the same mail from  
     
     
    Joe Hansen.
    Accounts Supervisor,
    CAPITEC Bank Plc,
    Tel: +27737235165
     
    Dear Sir/Madam, 
     
    Before reading this email I will like to inform you that this is not one of those junk emails you may have received by strange dishonest individuals who uses people’s personal details fraudulent acts. Do take this email very seriously and confidential because it contents are 100% truth.
    My name is Mr. Joe Hansen, I work for CAPITEC BANK PLC, Am contacting you for a business proposal which I have no doubt will benefit us both at the end. I would like us to work as partners in transferring the sum of $5 million into your bank account.
     
    These funds were deposited into our bank by one tourist from Netherlands MR. SRAN VAN DER VON whom has visited South Africa for the FIFA WORLD CUP TOURNAMENT. After his country lost to SPAIN in the final, the man committed suicide in his hotel room the same night after the soccer match. Latter a report came to our bank that the man took his own life as a result of his country losing to Spain and the main reason for his action is that the man has gambled with his MINING COMPANY in Netherlands and this company is said to worth about 50 million united states dollars thinking his country will surely win but unfortunately the match did not go his way.
    In our bank records he has no family we could contact to inform them about the deposited funds and when making the deposit with our bank, he stated that the funds were meant for an investment in mining here in south Africa because of its rich in mineral resources.
     
    Am contacting you so we work together on how the funds can be transferred from our bank to your bank account in your country or anywhere else you feel will be secure for us. And do note that I cannot make the transfer of the funds out of the bank alone without contacting a foreigner to work with me and that’s why I have contacted you so that the bank will notice any foul play.
    I give you a 100% assurance that these funds will be released to you only if you will work with me in truth and honesty. Am aware of things going on over the internet but please take this proposal very serious because this is a life changing opportunity.
     
    Do give me a call as soon as you have received this email so I can give you more details and how the transfer will be carried out.
    Thanks.
    Joe Hansen

    • David Harley

      Thanks, Kim. I’m not sure that I’d kill myself if I was down to my last $5m, but perhaps the cost of living is higher in the Netherlands.

    • Stephen Cobb

      Thanks for sharing Kim, they just won’t give up this con-game until they are jailed, or people stop falling for it, or both.

  • don

    this is the jpg i got

    • Stephen Cobb

      That is a pretty impressive piece of fraud. Thanks for sharing.

  • http://teamtarget.ro/ Dragos Tinta

    Hi, i got a new one – but is still based on old good 419 – mine refers to online buying from local sales sites – check the attached pic to see how they forge paypal’s addresses

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.