First of all, we've got this one. You may not recognize it as advance fee fraud, because, in this initial message, it just says that you have won the lottery. However, lottery winnings, particularly for a lottery that you have never entered, have become a very common come-on for advance fee fraud.
This is, of course, very fancy and official looking. After all, nobody could go online and get the logo for FIFA in order to create a fake, could they? It's even got a barcode, so it *must* be official! (There are lots of sites on the Internet that will help you create all kinds of barcodes.) In terms of lotteries that you have never entered, it says that it is your *email* address that has won. That sounds reasonable, right? Well, it has become an indicator that this is, in fact, an advance fee fraud. That particular rationale has been used in a lot of examples of this type of fraud.
You will notice that it does not, initially, mention any kind of fee. But you'll also notice that there are all kinds of oddities in regard to releasing the funds to you. For one thing, it says to keep this confidential. That is common in order to discourage people from discussing this message with others, and possibly being warned that it *is* a fraud. Also, the money is to be released to a bank in South Africa. This then allows the scammers to claim all kinds of bank transfer fees, and you'll have no way to verify that, because it isn't likely that you live in South Africa.
They seem to want a lot of information about you. Even if you only replied with that data, and refuse to pay any fees, They could likely collect and use, or sell, that information for subsequent phishing scams.
Then there is the fact that, even though this is supposed to be associated with FIFA, the contact email is a GMail account, which anyone can create. Then there is the verification of the winning number, which is to be via the PowerBall lottery in the United States. (They probably pick a combination of numbers that *has* been drawn in the PowerBall lottery. Which would have nothing to do with a FIFA lottery.
Oh, and the FIFA lottery? You don't win money in the FIFA lottery. You win the chance to pay FIFA a lot of money in order to buy tickets for one of the FIFA games ...
This is a message I received, recently, that was the opening of the gift card variation on advance fee fraud. I replied to it, wondering what it was about, and got this in reply:
I did a bit of digging on this one, and this person is, actually, Senior Pastor at the church noted above. But the message is undoubtedly not from him. I have received messages in a similar vein, from unknown people, people that that I do know, and even relatives. In this case, their email address and account have been obtained, probably through a phishing attack, and then is used for this type of scam. As with the grandparent scam, the rush and urgency will require, at some point, that you send the gift card numbers, probably in another email, and then, as previously noted, the value is used and gone.
In this list, notice that several mention cash or benefits. Once again, supposedly you have come into some kind of windfall, and you only have to claim it! (*After* you pay the fees, of course.
But also notice that at least four of the messages are addressed to "Josefina." One of the things that I am very used to is people incorrectly giving *my* email address as *their* email address. So I have lots of email messages addressed to Ralph, Rufus, Roger, Ruth and others instead of my actual name. And I'm used to spammers trying to *guess* at what my name might be. But how do you get "Josefina" out of my name, or email addresses? So I started to suspect that this is actually deliberate. The scammers, trying to trick the greedy, and deliberately addressing a name that is very uncommon. Social engineering comes into play again, since they assume that some people will feel that they can get in on cash that is rightfully Josefina's! (And, figuring that they are pulling a fast one, will not be as aware of the fact that they are the ones getting taken ...)
But also notice that at least four of the messages are addressed to "Josefina." One of the things that I am very used to is people incorrectly giving *my* email address as *their* email address. So I have lots of email messages addressed to Ralph, Rufus, Roger, Ruth and others instead of my actual name. And I'm used to spammers trying to *guess* at what my name might be. But how do you get "Josefina" out of my name, or email addresses? So I started to suspect that this is actually deliberate. The scammers, trying to trick the greedy, and deliberately addressing a name that is very uncommon. Social engineering comes into play again, since they assume that some people will feel that they can get in on cash that is rightfully Josefina's! (And, figuring that they are pulling a fast one, will not be as aware of the fact that they are the ones getting taken ...)
And this is probably something along the same line. The greedy will possibly assume that they can get away with someone else's Bitcoin purchase, by intercepting the email invoice that has gone astray. And they are less likely to be watching for the indications that this is, in fact, a fraud.
At one point they were doing a lot in this regard with casino winnings.
Another very common variation in the advance fee space is in regard to inheritances. Someone has died, and you are part of the estate. Sometimes somebody has died, and you actually *aren't* part of the estate, but an unscrupulous barrister is willing to split the takings with you. Beware of all enterprises involving the purchase of new identities.
Introduction and ToC: https://fibrecookery.blogspot.com/2026/02/online-scams-frauds-and-other-attacks.html
Next: TBA
No comments:
Post a Comment