The Benign Phish of West Africa
Whilst the rest of the world flounders in insolvency there are several individuals whose scales are overflowing with ready cash.
These pesky phishmongers claim to have several million dollars spare to allow the world economy to come up for air. Unfortunately this is a rather fishy business where mere minnows are swallowed up whole. It is called “Nigerian Phishing” and has been around for some time now.
Today, however, we saw a rather unusual variant of the traditional scam email. This time the entire phish message has been carefully places in the FROM entry in a carefully constructed MIME message:
FROM: DR.DECLAN.KELVIN@<domain>,BANK.OF.AFRICA@<domain> (BOA),
BENIN.COTONOU@<domain>,WEST.AFRICA.PHONE.NUMBER
+229<phone number>@<domain>,
Dear.Friend@<domain>, “I.know.that.this.message.will.come.
to.you.as.a.surprise..I.am.a.banker.by.profession.in.
BENIN.COTONOU”@<domain>,<”WEST.AFRICA.and.
presently.holding.the.post.of.assistant.foreign.remittance.director.
in.our.bank.I.need.your.urgent.assistance.in.transferring.the.sum.
of.million.to.your.account.within.14.banking.days..This.money.
has.been.dormant.for.years.in.our.Bank.”
The body field of the message is empty. The email appears to originate in Benin (299 is the country code for Benin) with clear contact details in case you wish to be “done like a kipper”. Think about it, though. Why would anybody want to give you money and a million at that, even if it were Zimbabwean currency?
Of course SophosLabs blocked the phishing email as spam with proactive rules. Nevertheless we encourage vigilance and urge common sense.
- Image of the West Afican “Binga” (Giant Tigerfish) courtesy of fishinginternation.com
Filed under: Spam
Windows 7 security - A great leap forward or business as usual?
