Sophos first sounded the alarm on the fraudulent messages in a Wednesday blog post, alerting users that the emails carry a subject line that reads “We have mandated your payment, kindly view below attachment", have a file named DETAILS.doc attached to it, and even contain a link to their blog!
The good news about the attached Word doc is that there’s no evidence that it contains malware. However, the bad news is that it has the makings of a 419 scam (aka advanced-fee scam).
Dressed as an official notice from the IC3, DETAILS.doc tries to lure recipients into the scam by telling them that their contact details were found on computers confiscated from cybercriminals that recently got pinched, and that they are being offered a million dollars as compensation.
To help build credibility for the backstory, a link to an entry posted on the Naked Security blog back in June covering the arrest of 24 individuals in a suspected online credit card fraud ring is included in the doc.
Of course, to collect their cool million, recipients must first provide personal information – and likely pay some kind of fee before the funds can be released. Suffice it to say, there are no funds, so the user will be out whatever money they pay.
Here's the spam email:
PAYMENT APPROVAL MANDATE IN YOUR FAVOR:
We are hereby to inform you that we have been able to trap down some of the scam artists which have troubled the general public in name of helping our individuals to get their benefited fund or to indulge into business with them the aim of defrauding our individuals.
Upon the course of our investigations, we found some documents bearing your name and your email address in the computer hard disk of the scammers. Having reported this matter to the World Bank president (Jim Yong Kim) who instructed that the assets confiscated from the scammers should be shared to those that their name and email address was found in the possession of the scam artists as refund of loosed money in the form of cash payment which you are among. You are therefore to be compensating with the sum of One Million United States Dollars (1US$Million).
Also we arrested some men who claim to be bank officials, Contract managers, Barrister, and Lottery Agents from London who has been sending you bogus letters and SMS via your telephone numbers indicating that you have won a lottery which does not exist, claiming to release your fund via ATM CARD, proposing you business which never exist and those using the HSBC Bank London, South African Reserve Bank, First Commercial Bank London, Financial Intelligence Center, FBI to scam the general public.
Below is the link of the arrested fraudsters for your perusal.
Therefore you are to contact the South African reserve bank through the Deputy Governor (Mr. Francois Groepe) through this email [REMOVED] with the below information for his verification and instructions to guide you on the refund process of your money, we advise you to stop all communications you are having with any other agent or bank officials in African, Europe (London) and Asia regarding any form of release of fund to you as their aim is to defraud you.
- Your Full Name:
- Physical Address:
- Age and Sex:
- Direct Telephone Number:
Mr. Chennal Sri Sudhakar
Assistant Commissioner of Police
Cyber Crime Cell Commissioner Office
What to Do If You Receive IC3 Spam
- Avoid replying to the email or providing any personal or financial information.
- Report the email to the Internet Crime Complaint Center (IC3) by filing a complaint (their FAQ says you can do this since they do not have a specific email address setup to receive spam emails). You can also report it to SpamCop.
- Delete the email immediately.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.