Advanced fee fraud or phishing?

June 2007

419 scams, also known as advanced fee fraud, usually involve an email offering the recipient the opportunity to share in a percentage of millions of dollars (often described as 'forgotten', locked by or inherited from someone arrested or deceased) in return for helping the author transfer the money out of the country.

The scams originated in Nigeria, but come from across the globe these days. The scammers elicit payments from the victim by describing the requirement to pay taxes, fees, and/or bribes to local officials, or for the creation of special ban accounts. The victim in required to make these payments, with the promise that all expenses will be reimbursed as soon as the funds are released. Of course, the money is never repaid because the millions of dollars do not exist, the scammer simply disappears (with the victim's money), and the victim ends up with nothing. (For more detailed descriptions of 419 scams see Martin Overton's articles An African A-F-F-air... and Out of Africa.)

Phishing is an elaborate form of data theft, targeting clients of banks, online banking services, e-commerce sites and even government agencies. Phishers develop counterfeit web pages which imitate the corporate identity of well-known, trusted service providers. A message with a credible subject is sent by email, requesting confidential data, inviting the recipient to access a website or even to fill in a form in the email itself. The email is constructed in such a way that the request seems plausible.

Now, imagine a combination of the two concepts described above: an email coming from a well known bank, Barclays Bank, containing a message about credit which has been blocked by some 'dubious officials', and the invitation to solve all these problems simply by sending your contact details to someone whose email address is provided in the email.

Scam message

There are a couple of things about the email that set it apart from most phishing emails, the most important being the fact that it does not contain any links to fake website(s). Instead, the message provides an email address to which the victim is required to send their address, telephone and fax numbers.

So, if we count the features indicating a 419 scam and those indicating a phishing scam, we have:

419 scam Phishing scam
- Bank involved
Usually the email address is not fake Spoofed email address
Money involved Money involved
Subject containing sum of money Subject only sometimes refers to sum of money
A very elaborate story about the money Simple story
Contains contact address Rarely contains contact address
No URLs in the message Only sometimes
Fake headers Fake headers
Require contact data at the beginning, financial data later Require contact and financial data, usually in the same step, on the fake website

Fortunately, in this instance the fraudsters proved not to be very technically skilled, giving several clear indications that their emails were scams:

  • the FROM and TO email address are the same and the address is from Google Mail
  • the subject is written in upper case letters and contains reference to the sum of money
  • some of the words in the body of the message are written in upper case letters
  • the body of the message contains badly constructed HTML code (the content-type of the message is text/html)
  • the headers are clearly forged

Sorin Mustaca, Avira

Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 43 comments
Jobs Recruit Sidebar

Jobs

In Virus Bulletin's jobs pages among others:
    Virus Bulletin currently has 144,119 registered users.