Afghan millions and the European Lottery from Cuba

07/19/2018
G DATA Blog

We currently see an uptick of phishing emails which aim to trick unsuspecting victims into giving up personal data. Two of those mails show that scammers never seem to grow tired of cooking up new stories.

Fraudulent emails which promise enormous sums of money to the recipient have been around since before the internet. Some of those scams have even been known to circulate via “snail mail”. Currently, we are seeing an uptick in those emails – and some of them are just too good not to share.

Lieutenant Andrew Ferrara

Our first email was allegedly sent by a member of the armed forces, although the nationality of said forces remains unclear. What sticks out in the German version of the email is the fact that there are Cyrillic characters all over the email. Those are missing in the English version.
Anyway, „Lt. Ferrara“ claims that he and his platoon have intercepted a „radical Taliban courier“ (sic!) who was found transporting a significant amount of money. Since it is feared that the Afghan police officials that the suspect is to be handed over to would just use the confiscated money to line their own pockets, it would be better if YOU (the recipient of the email) benefit from the money.
In order to make this happen, you are expected to provide your full name, a phone number and a postal address.

That said, you need to give the fictional „Lt Ferrara“ one thing: he is very open and upfront about his intentions, as he makes an “obscure business proposal” in his opening line, which is probably a translation error. Whichever language the email was written in originally, it probably does not make a linguistic distiction between "confidential" and "obscure".  

Questionable prizes

„Brief and directly to the point“ – that best describes out next email.
You are apparently in luck and won 650.000 Euros in the „Euro Millions“ lottery. To claim your prize, you are to provide your name address, age phone number and position (sic!) per mail. Another oddity in this email is the sender domain: Cuba. Towards the end of the email you can also find information about the "7th Cuban Congress for Local Development" which is said to take place in March 2019. To give credit where it is due: Lotteries and local development seems like a very broad range of business areas to be in, but diversification is key - or so they say.
What we failed to get our heads around, though, is the fact that we should contact a „damage regulation agent“, in order to claim a lottery prize.

 

Those emails follow a long-standing tradition of email-based phishing and fraud schemes. It seems that the more outlandish the story purported in those emails is, the better. Maybe the people behind this count on the fact that people believe the story simply because „you simply couldn’t make this stuff up”.

Our current favorite from this collection of stories remains the Nigerian astronaut who has been stuck in space since the collapse of the Soviet Union in 1990 and who would really like to get home now – with the help of the email recipient of course. It goes without saying that such messages belong in the bin straight away. You should never share any personal details with whoever sent the email and also never reply to it.

As funny as those stories may sound, they actually have a pretty serious background. Emails such as the ones mentioned above are designed to collect personal information from people. In other cases we are dealing with advanced fee scams (also known as „419 scams“, after the corresponding paragraph in the Nigerian penal code) where a victim is expected to pay certain fees or make a down payment in order to leverage access to a significantly larger sum, of which he/she is the beneficiary. Sometimes, a large sum is to be transferred into one’s bank account. The scammers then ask the recipient to forward the money into a different account; as payment they can keep a percentage of the sum as a commision. Large inheritances from some obscure member of nobility are also a favorite theme in connection with this.

Tried and tested methods

In  all of these cases, the victim never receives any compensation, payment or goods. Worse still, in case a victim has fallen for the request to transfer money from one account into another, they may face criminal charges for assisting in money laundering operations.
Any data snarfled up by the criminals may either be abused to purchase goods online in the name of (and payable by) the victim or sell the data for profit.

We are looking at a classic social engineering approach here: the victims are promised something desirable (such as a large sum of money or luxury goods). In order to obtain those, very little or no effort is required on the part of the victim. “Get rich quick” reference lines such as  „Make $ 2.500 per week from home!” are not an accident.  

Bottom line:
If someone promises you “money for nothing”: It’s a trap!