Beware the Oxfam charity lottery email, Sophos warns of scam

March 04, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned internet users of a new email scam that pretends to be a lottery notification from charity Oxfam.

The emails claims that the recipient has won £850,000 in a lottery run by the international aid relief organization, and asks for the claimant to reply to get details on how the winnings will be transferred.

The fake Oxfam email lottery notification
The scam lottery emails claim to come from Oxfam.

Part of the email, which has the subject line "Oxfam Grant/Donation Award 2008!!!!!!!", reads as follows:

These funds are freely given to you for your Business, Economic and Educational Development, as well as the enhancement of the overall standard of living of the less previledged people in your region.Your Email was selected from your country's chambers of commerce and you have been confirmed as one of The lucky recipients of this year's donation programme. You are also entitled to the sum of EIGHT HUNDRED AND FIFTY THOUSAND POUNDS STERLING (£850,000.00) as charity donations/aid from the Oxfam GB (UK) International donation scheme.

"Oxfam is one of the world's most respected aid agencies, fighting famine around the globe. But the sick people behind this scam don't seem to have any qualms about bringing the charity's name into disrepute," said Graham Cluley, senior technology consultant for Sophos. "Of course, Oxfam is not responsible for the email and internet users need to learn that any unsolicited lottery win email arriving in their inbox is likely to be sent by a conman, not a charity worker. Replying to the email risks putting your financial well-being in danger."

The scam email tells recipients to contact a live.com email address, and also lists a UK 070 personal phone number for people who wish to make contact via telephone. Last year Sophos revealed that 070 telephone numbers are frequently used by lottery scammers who can redirect calls using the system to any phone number in the world.

"Email lottery scams are abusing 070 telephone numbers to steal money and confidential information," continued Cluley. "By redirecting the number overseas, criminals can fool victims into believing they are speaking to a legitimate agency rather than a bunch of identity crooks focused on raiding bank accounts."

In January Sophos published its annual Security Threat Report, which detailed the different ways in which cybercriminals attempt to steal cash and identities across the internet.

Sophos recommends that all organisations protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.