Mass-spammed lottery email uses BMW to dupe computer users

October 30, 2006 Sophos Press Release

IT security firm Sophos has warned internet users of a new series of widely-distributed email campaigns that pretends that the recipient has won a substantial cash prize and a new BMW car, in an attempt to steal confidential information and money.

The emails state that recipients have won a BMW lottery and is entitled to 950,000 EUR and a brand new BMW 5 Series car. It advises recipients to contact the claims department and provides a fake corporate address, email address and telephone number, to enhance the legitimacy of the message.

The email claims that the recipient has won a prize in a BMW lottery

The email claims that the recipient has won a prize in a BMW lottery.

Sophos researchers believe that the emails are a variant of the commonly-encountered "Letter from Nigeria" scams, also known as 419 Advanced Fee Fraud, that fool innocent users into believing that large amounts of money will be transferred into their bank accounts, but are really designed to steal bank account information or demand a "handling fee" for the money transfer. Sophos notes that this is not the first time a major car manufacturer has been used in an email scam - earlier in 2006, emails purporting to be from the Volkswagen lottery were spammed out to computer users worldwide.

"Few people would say no to a free BMW, or a huge wad of cash for that matter, which is precisely why these lottery scams are proving so successful," said Carole Theriault, senior security consultant at Sophos. "There's little that BMW can do to prevent its name being used in this manner, and email users that take the bait risk handing over their personal details to fraudsters. The only way to stop the distribution of these messages is for users to stop responding."

Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.