Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Nigerian Government 'Office Refunding Today' Phishing Scam

Outline
Email purporting to be from the Central Bank Of Nigeria claims that a fund previously promised to the recipient has finally been approved and will be paid before Christmas if the recipient provides details requested in an attached file.

Scam mail stamp

© Depositphotos.com/ roxanabalint



Brief Analysis
The email is not from the Central Bank of Nigeria or the Nigerian Government. At first glance, it looks like a typical "second sting" advance fee scam. But, in fact it is a crude phishing scam designed to steal the recipient's Google account details.

Bookmark and Share

Example

From: CENTRAL BANK OF NIGERIA <cbn@cbn.com>
Date: 2013/12/19
Subject: THIS OFFICE IS REFUNDING TODAY
To:

 

We have a great news for you this end of year. The Government have finally approved that every penny/dime you have spent in regards to your fund will be returned before Christmas.

This must be done within the next 72 hours so that we can begin the transfer/delivery process of your fund.

Now to confirm you are the actual beneficiary of the said fund.You are advised to open the attached file and then fill in your information.
Your information should not be written on email but inserted on the file attached so you must open the attached file to fill in your information.

We need you to do this today so that things can be finalised before the end of the year.The file attached is encryped to it is only for you and you alone.
You are therefore advised to open the attached file to confirm you are the actual beneficiary as you know so many people have came to cliam your fund..

Open the attached file and congratulations in adavance.


Detailed Analysis


According to this email, which purports to be from the Central Bank of Nigeria, a fund previously owed to the recipient has finally been approved. And, claims the message, any fees already paid in relation to the fund will also be returned.  The email instructs the recipient to fill in a form contained in an attached file to confirm details so that the fund can be transferred.

At first glance, the message looks like a typical second try advance fee scam. Scammers often try to revictimize people caught out in previous scams by sending follow up messages some months later claiming that a fund has finally been released. Of course, these messages are of themselves advance fee scams designed to trick hapless victims into sending even more money to criminals.

Some previous victims are apparently desperate enough to grasp at straws and may willingly comply with instructions in these follow up scam messages in the forlorn hope of finally getting the promised pay out or - at least - their money back. Alas, victims will once again become embroiled in the scam and send off their money and personal information to heartless criminals.

But, in this case, the scammers have used a different tactic. Instead of trying to trick victims into sending money they instead attempt to fool them into divulging their Google account login details via a classic phishing scam.

The email attachment contains a .html file that, when clicked, will open in the user's browser. The file is designed to resemble a typical Google account login page and asks for the user's Google email address and login details.

Login details submitted on the fake form will be collected by the scammers and can then be used to hijack the victim's Gmail account and other associated Google services.  The criminals can use the hijacked accounts to launch scam and spam campaigns in the names of their victims.

Meanwhile, the desperate victims of the previous scams will wonder what happened to their final chance to get their promised riches and may not realize until it is too late that they have now also lost control of their Google account as well.

Bookmark and Share

Last updated: December 23, 2013
First published: December 23, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Double Dipping Advance Fee Scammers
'European Financial Surveillance Union' Advance Fee Scam




Go to Mobile Version