Spammers take advantage of Naked Security writing about spammers

Filed Under: Featured, Phishing, Spam

GreenCard3-250It was nearly two years ago that our very own Graham Cluley wrote a story about a 419 scammer who was posing as a woman name Karen Shaw.

Thanks to Naked Security readers, we discovered that the photograph used was in fact a press photo of then Australian Prime Minister Julia Gillard.

In a strange twist of fate, this photo has once again crossed paths with Naked Security.

Earlier today I received an instant message from Joe Kirwin from SophosLabs here in Vancouver, Canada.

He pointed me to an interesting message in our spam trap. This one was related to a scam suggesting you had won a United States green card in a lottery.

Yes, there really is a green card lottery, better known officially as "Diversity Visa Immigrant Program".

I guess the first hint of trouble is you aren't likely to win any sweepstakes, lottery or contest if you haven't entered to begin with.

GreenCard1-500

Winning-No: WAC20147730094DD

Dear Winner:,
Congratulation's!- We wish to notify you that you are among the selected lucky winners of the U.S visa Lottery (Green Card) through our email ballot lottery program held on the 22th of MARCH 2014 in Arkansas (USA) The Green Card email ballot lottery program was conducted under the terms of Section 203 of the Immigration and Nationality Act (INA) Section 131 of the Immigration Act of 2006 (Pub.L.101-649).

Fortunately for the recipients, the English is very poorly written and should be spotted by most native speakers.

Of course those most likely to be interested in a green card are also likely to speak English as a second or third language and may not be as adept at spotting spelling and grammatical errors.

As far as identity theft scams go, this is a great ruse. The criminals are asking recipients to submit official US government documentation to them containing every conceivable component of a modern identity.

In addition to the US government PDF document, they also need a copy of the photo page from your passport. Just to be sure you understand, they link to an example. . .

GreenCard2-500

On Naked Security. Yes, that's right, criminals are using Naked Security as an image hosting service for their spam campaigns.

I dug a little deeper into the domain name used and it the top level domain belongs to a pair of Australian islands in the Southern Indian Ocean. Population zero.

It does beg the question of why it has a top-level domain, but for the moment it is fair to say that .hm domains are not likely to represent local businesses.

Stay vigilant, keep your eyes open and if it sounds too good to be true, it almost always is.

Oh and just because one of the images comes from one of the most trustworthy sources in the world, don't be fooled. Only trust news you get directly from NakedSecurity.Sophos.com.

Special tip of the hat to Joe Kirwin from our lab in Vancouver for spotting this message and suggesting we make note of it.

Note: Many of you have suggested replacing the image with one that warns the viewer it is a hoax. This is a work in progress, but because of the CDN we use to host the site it is taking longer than desired.

, , , ,

You might like

6 Responses to Spammers take advantage of Naked Security writing about spammers

  1. That's quite something... I wonder if they got it from Google image search, or if they did in fact read the article and decided to use it. (In which case you would assume they would be smarter)

  2. Ryk Edelstein · 216 days ago

    I don't remember the source of the article, but some time back, there was an article published on the bad spelling, grammar and syntax used in 419 solicitations. Having been the recipient of countless 419 solicitations by mail, fax, and email, I was always aghast at how poorly written these solicitation letters were. I remember thinking how these scammers would probably have a better chance at succeeding if they corrected their solicitation.

    The article explained that the poor grammar was, in most cases intentional, and designed to appeal to those of an intellect where such glaring warnings may not be apparent, The concept being that if the recipient responded to such a poorly written solicitation, that they would make for an easy target.

    Sounds somewhat plausible.

    • Paul Ducklin · 216 days ago

      It seems like a needlessly complicated explanation to me, and I don't buy it.

      After all, someone who misses that sort of glaring warning will surely be no _more_ likely to reject a correctly-written message, and will get on the hook anyway. (And if the crooks can tell well-written from badly-written, they'll be able to judge the English language proficiency of the respondent for themselves.)

      IIRC, I have also seen suggestions that the crooks do it deliberately to trick the recipient into a false sense of security by appearing to demean themselves, or in order to appear uneducated and thus unlikely to be smart enough to get the better of the victim. Seems a bit speculative.

  3. jvrudnick · 215 days ago

    nice to have you "back" Chester....missed you!

    • Life on the road has its price. While I like writing for NakedSecurity, I also love meeting the public at conferences and sharing experiences with fellow security nerds.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.