Sick 419 scammers use name of London bombing victim in attempt to steal money, Sophos reports

Sophos Press Release
Man at PC
Scammers are sending emails exploiting the name of a victim of the London terror bombings.

Spam researchers at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, are warning computer users to be wary of a new email scam, which dupes innocent people into believing they are in line to receive millions from the estate of a victim of the recent bombings in London, in order to steal their identity and make a profit. The scam has been spammed out widely across the internet.

The email, which claims to come from the executive director of a London bank, claims that the recipient has been identified as Giles Hart's next of kin, and will receive the sum of 9.8 million Euros (approximately US $12,000,000) allegedly left in his bank account. Mr Hart, a 55-year-old worker for BT, died in a bomb blast onboard a bus at Tavistock Square, London, on 7 July 2005.

The scam email urges recipients to respond quickly with their bank account details, so the money can be transferred. However, Sophos warns computer users that this is a ruse to steal personal details, and that the fraudsters behind the scam campaign can use such information to steal money from bank accounts and commit identity fraud.

A section of the scam email reads as follows:

I am <details removed> It is just brought to my notice that our client Mr.GILES HART a British Telecom worker,55 years who was involved in the bumb blast which took place in North London who died during the terrorist attack which was a hearth breaking event.

The bank auditor who found out that he left the sum of 9.8 million Euro in his domiciliary account. After various enquiring i found out that he you are the next of Kin being what was seen in the banking deposit certificate.

I am just written to you from my desk now and i request you make a quick decision if you want to come for change of ownership or if you have an existing account were you want this funds to be transfered to please call me on this line <contact details removed>

The email also links to news reports on the web concerning Mr Hart's death in an attempt to give the scam more credibility.

"Mr Hart was a genuine victim of the terrible bombings in London. Sick criminals are deliberately using his name in an attempt to steal from others, without a thought for Mr Hart's grieving family," said Graham Cluley, senior technology consultant for Sophos. "Everyone should be wary of emails which claim that an unexpected inheritance has appeared out of the blue, as it is a common trick used by fraudsters to steal money and bank account information."

This email con-trick is the latest of many 419 scams. These scams are named after the relevant section of the Nigerian penal code where many of the scams originated and are unsolicited emails where the author offers a large amount of money. Once a victim has been drawn in, requests are made from the fraudster for private information which may lead to requests for money, stolen identities, and financial theft.

Other examples of 419 email scams include a message claiming to come from a persecuted widow of the late Nigerian head of state, an associate of the massacred Nepalese royal family, and even an African astronaut stranded on the Mir spacestation.

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses; and that users do not open or reply to unsolicited emails.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at