Sophos CEO targeted by email scammer

Filed Under: Facebook, Social networks, Spam

Steve MunfordSteve Munford is the Chief Executive Officer of Sophos. When he comes down to my floor and walks towards my desk, I realise I better look smart and pay attention to what he has to say.

It turned out that Steve wasn't delivering my P45, but instead wanted to tell me that he had received an email.

Dear Steve Munford,

I am Dominic Jefferson, Attorney to Late Mr. R Munford, he worked as an Independent Contractor in Togo. June 2008, he, wife and their only daughter were involved in a car accident. I need your assistance in repatriating the fund USD10.5M, left behind by my Late client.

Seeing as he runs a computer security company, Steve knew that it was an email scam.

But what Steve found strange is that his dad was a "Mr R Munford", and he did work in West Africa, and he did pass away fairly recently.

Email to Steve Munford

However, there were some mistakes too. Steve's dad wasn't married, and he didn't have a daughter.

Steve's father's work in Africa was in the early years of the 21st century, rather than 2008, and he's not sure if his dad was ever working in Togo.

So, is this just a random email scammer who got lucky on some of the facts included in his email?

Or was this a concerted effort to scam a specific person, using pieces of information he had managed to find about his intended victim?

After all, you can imagine that a Chief Executive of a large technology firm like Sophos might be attractive to a scammer - as they may have a higher than average income. (Mind you, Steve chooses to cycle to work - so rumours of his richness may be exaggerated).

So, we're not sure what to think of this email scam.

Of course, it's possible that the emailer sent it to the wrong Steve Munford. So, if your name is Steve Munford, and your father died in a car crash in Togo, feel free to get in touch with Dominic Jefferson (we've helpfully left his phone number and email address available for you to use).

But don't bank on ever receiving that $10.5 million..

, , ,

You might like

19 Responses to Sophos CEO targeted by email scammer

  1. Guido · 856 days ago

    This is a well-known scam, which has plagued (and upset) quite a few people in the north of Scotland (at the very least). Apart from email, they also use the postal service as a carrier (leading to complaints to Royal Mail). It's a typical Nigerian scam, where they use known information from and about the recipient to concoct the usual con message.

    • Adrian Stapleton · 855 days ago

      It is happening in the Highlands of N.Ayrshire to my friend i get loads all i send to scams@fraudwatchinternational.com and eventually they will get there cumuppance we hope any way best wishes Butch webmaster

  2. Andrew · 856 days ago

    I suspect that if this email was addressed to a Mr Steve Smith then the reference would be to a late Mr R Smith. No doubt the "fact" of the same surname will form part of the scam if you bit.

    The rest is fluke.

  3. encryptography · 856 days ago

    I believe that 10.5 million was meant for me, if you folks would be kind enough to collect it for me I will split it with you.

    • Farid · 854 days ago

      Dear encryptography,

      As you requested, I have collected the money for you and put it in an account in your name. You don't need to split the money as I just did my bit to help a fellow human-being.

      Unfortunately, I forgot to take the transfer fee before depositing the money in your account. Please kindly send me $2000 transfer fee by MoneyMule Express so I can transfer the funds to you.

      Cordially,
      Prince of Nigeria

      • zeitgueist · 854 days ago

        Prince of Nigeria.... only a mere prince?

        I actually thought you would have taken a side trip to Thailand - had a quick operation, added some second grade silicon (in the strategic locations of course) and posted a photo or three as a further inducement......

        At the moment, I have some 23 notifications - invitations actually - of some fantastic Aladdin's cave of wealth approaching the billions now, waiting for my urgent collection.

        Unfortunately, as I have not had any worthy cause to seek out and distribute such untold wealth, I have just left them in escrow - but now I have two worthy causes that will undoubtedly increase my wealth, so perhaps you can help me to exchange them from either Spanish Pesetas or the Greek Drachma.....

        Naturally the standard transfer fees and assorted legal charges will apply - upfront of course

  4. Does this represent leakage of sensitive information? You've just revealed a number of personal details about Steve (family details, biking to work, etc). Unless of course, you lied about those details (if so, well done!).

  5. @greylines101 · 856 days ago

    The spam itself is as standard as they come. I think they come as fill-in-the-blank templates, probably with a list of leads. The program takes the name of the recipient and uses it to populate the [Dear <BLANKBLANK<] fields.

    Here's where someones blog name was used to fill in the names.

    http://botlehunter.livejournal.com/392128.html

    (that's not a typo in the URL)

    I think Steven is an example of why these things can work - except for his experience with these things - he could easily have been taken in by the coincidental details. The correct first initial of a relative, the Africa connection, the passing of his father. That's enough to put a sizeable dent in the incorrect details.
    Enough perhaps for someone to ring the number, explain that their father wasn't married and receive a contrite apology involving the accidental mix-up of "two similar cases in the email, so sorry and how would you like to receive your funds - oh but first there's the small matter of the small administration fee/tax"

    The rest is a normal spam. There's a couple of other variable fields; [barrister name], [job] - sometimes Independent Contractor, sometimes Shell Development Company. This one usually uses Togo for its location though, the tragedy field is usually stuck on [car accident] and June 2008/09 seems to be a particularly tragic period in recent Togo history.

  6. Lisa Vaas · 856 days ago

    Tell me about it! Oy! This is like when the makers of that crazy game Far Cry introduced a villain called Vaas, who in the recent release was busy torturing a character called Lisa. I think I play a more prominent, albeit bifurcated between two characters, role than Steve does in this spam, but be that as it may, I sympathize with his unease over personal details being sprinkled into strange context. Well, actually, I was kind of flattered, and I thought of buying a bobble-headed doll representation of the villain. I still might do that...

  7. jake · 855 days ago

    Nice story, but whats a P45?

    • Paul Ducklin · 855 days ago

      P45s are the UK taxation forms that employers provide when you leave their employment.

      Although anyone leaving a job for any reason (including with goodwill on both sides) will receive one, talking about being handed a P45 is a metaphor for getting sacked.

      (In British English, a sacking isn't a outcome in football, though the effect on a sacked employee is even more unpleasant than the effect on an unprotected quarterback. It means to be fired.)

  8. alpha4centauri · 855 days ago

    Online obituaries may have much more detail than that spam revealed. If his father did really die recently, a criminal who actually researched things might have had much more detail. I suspect he just got lucky and was only one step more intelligent than the fellow who sends spams to "info@" addresses and claims the deceased shared a last name with the recipient.

  9. njorl · 855 days ago

    "Steve's dad wasn't married" - I've had some bosses like that.

  10. Mohammad Badi · 855 days ago

    I find it really annoying with this kind of scam. You block a sender but these messages arrive from a different address every time. I feel so annoyed and what makes me angry is that I am more disappointed that "spam" and block sender aren't helping out.

  11. Eloise Lunkenheimer · 854 days ago

    This scam also was sent to me about a month ago with same wording. I read it & deleted it. These greedy, lazy so & so's will try every trick in the book to get you to send them your hard earned dollars. Only thing is, they don't realize, or don't care, how hot their next living space will be for all eternity!!! Wish a vicious virus would attack their systems!!!!!
    Last year there was another spam hitting people that a wealthy CEO had chosen a person to share his wealth ($150,000) with, BUT you had to wire a certain amount of money to them for a UPS driver to deliver the money to your door the next day!!!! I wish the FBI could catch up with these jerks!!!!
    I was also getting emails about earning money online, but there was no name, etc from the sender, just letters & numbers. I deleted without opening it.
    These desparate jerks seem to be coming out of the woodwork!!!

  12. "gunner" · 853 days ago

    i used to truck money around from here to there, but not in a ups truck, we used armoured trucks and armed drivers and guards, and we didn't deal with shady types from uglybuggerland.

  13. fred · 847 days ago

    How come Sophos didn't block it??

  14. Ronelle · 802 days ago

    "Attention Miss Sillifant, I am Dominic Jefferson, Attorney to Late Mr. R Sillifant, ....."

    They even went as far as sending me a message on facebook. Really, like I'm going to take a lawyer sending messages on facebook seriously!

  15. Gert Temmers · 767 days ago

    The same Mr. Dominic Jefferson also contacted me and said that Mr. Ron Temmers and his wife and daughter died in a accident in Togo. He also left 10.5 million dollars and looking for their next of kin. It is only a E-mail scam. I am Gert Temmers from the Eastern Cape. I even really dont know a person with the name of Ron Temmers who was working in West Africa

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.