14 DAY TRIAL // Emails claiming to come from the United Nations Foundation have been launched by crooks in an effort to obtain personal information from recipients.
There is no malware involved as the crooks rely solely on the recipient’s action to send back requested details, which could be leveraged in direct call scams, although more dangerous risks are not excluded.
Personal details required for processing the transaction
However, there is a lure designed to convince users to reply, and it consists in a giveaway offer of $5 / €4.67 million, “to help start a business, grow an existing business or give someone out there a better life,” the deceitful email explains.
Out of sheer luck, the recipient happened to be the lucky winner of the raffle, which allegedly relies on random selection.
As security researcher Christopher Boyd from Malwarebytes said in a blog post on Wednesday, this is just a variation of the “419” scam that has been seen in the wild in different forms since at least one year.
In order to make all the necessary arrangements for transferring the money, the crooks ask for the victim’s full name and the company they work for, the physical address, the phone number, occupation, age and marital status.
Risks involved
This information could be used to contact the potential victim and make the scam look like a legitimate operation. In further communication, the scammers may ask for additional details, more sensitive in nature, such as bank account info.
Alternatively, the crooks may ask the victim to pay an advance fee that could be promoted as costs associated with the money transfer, before receiving the winnings.
Some users should have no trouble recognizing the message as a fake. On the other hand, the UN Foundation’s email address has been spoofed and the crooks used Richard S. Parnell’s name, the organization’s Chief Operating Officer, to sign the message, in an attempt to make the email more believable.