Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an email scam that poses as a message from a fund manager at Fidelity Investments who has secretly extracted money from the company.
The emails, which pretend to come from someone calling himself William Smith at the USA's largest mutual fund company, claim that the sender has "secretly extracted excess maximum return capital" from one of Fidelity's funds. They go on to claim that the fund manager has already made $22.4 million, and is looking for someone else to assist in the crime.
Sophos researchers believe that the emails are a variant of the commonly-encountered "Letter from Nigeria" scams, also known as 419 Advanced Fee Fraud, that fool innocent users into believing that a large amount of money will be transferred into their bank account, but are really designed to steal information about the user's identity and bank account, or demand a "handling fee" for the money transfer.
The scam claims to come from a Fidelity Investments fund manager.
"Email scammers are attempting to fleece the unwary out of money, and it is the naive who are most at risk of ending up penniless," said Graham Cluley, senior technology consultant for Sophos. "This scam contains spelling mistakes and typos, but even if the scammer had done a better job at presenting himself professionally people need to learn that there is no such thing as a free lunch. If an unsolicited email makes extravagant promises then computer users should be extremely cautious."
Fidelity Investments, which is headquartered in Boston, Massachusetts, is said to be working with the authorities to investigate the source of the emails.
"It's important to realise that Fidelity Investments have done nothing wrong. They are just the unfortunate victim of their own success. The scammers have chosen to pose as them because Fidelity is a well known and highly-regarded name, and they hope it will encourage victims to pursue the dodgy business opportunity," continued Cluley.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against viruses, spyware and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.