C-Poll

The latest C-Poll is closed. You can read all about it here!

April 29, 2009

Lamest attempt at en e-mail scam that I've seen in a long time

You would think that by now the folks that perpetrate the Nigerian-style e-mail scams (where someone offers you fabulous riches in exchange for just a little bit of your money) would have figured out some Basic Rules For Scam Composition. You have to establish a certain level of credibility in order to get your victim to bite.

Granted, different people have different thresholds of credibility, so the scammers have seen a good measure of success even when their messages have laughable formatting and atrocious grammar and spelling.

Today I received a scam message that was so bad, I had to conclude that either (1) someone is trying to break into the business and hasn't learned the rules yet, or (2) someone is researching human gullibility for his or her PhD dissertation.

Here's a screenshot of the message. Click to view a larger image.


The message body is quite illiterate, and should immediately cause a reader to ask: Why would a FedEx employee be entrusted with this task if she has the writing skills of a fifth grader?

Here's the text of the message, with original formatting preserved:*
Subject: CONFIRM OWNERSHIP (PARCEL) Via Mail fedexcustomerservices_dep23@yahoo.com.hk

We have been waiting for you to contact us. Your package itself is a Bank Draft which worth over $500,000.00.usd As you know, FedEx do not ship money in CASH or in CHEQUES but Bank Drafts are shippable.

However, you will have to pay a sum of $291.00 USD to the FedEx Delivery Department being full payment for the Security Keeping Fee of the FedEx Company as stated in our privacy terms & condition page.

FedEx Delivery Post Contact Person: Mr. Peter Luis Tel: +234-8078-082-201 Email: fedexcustomerservices_dep23@yahoo.com.hk Kindly complete the below form and send it to the email address given above. This is mandatory to reconfirm FULL NAMES:. TELEPHONE:.. ADDRESS :..COUNTRY:.

Yours Faithfully,
Mrs Victoria Wallison
FedEx Online Team Management
This has the hallmarks of a typical scam message, including the phenomenon of a global corporation using Yahoo (in Hong Kong, no less) as its contact address. It also has the aforementioned problematic formatting and grammar.

But the message body is not what made me laugh out loud. If this was a legitimate message from FedEx informing me that I -- and nobody else -- had a valuable package waiting for me in the form of a $500,000 bank draft, I would expect the message to be addressed to me -- and nobody else (assuming of course that a company would use a nonsecure form of communication like e-mail to deliver such a notice). But the loser who sent this one had several dozen addresses in the To: field in addition to mine. Lame!

Oh, and the From: field referenced a Michael Booker, hailing from a domain for an electronic components business located in England. No sign of FedEx or Mrs. Victoria Wallison. Lame!

More accomplished scammers will put a bogus-but-legitimate-looking address in the From: field, and then put the real address (for the throwaway Yahoo, Hotmail, etc. account) in the Reply-To: field (which many e-mail programs do not display).

With a quick look at the detailed mail header (in particular the Received: fields), it was obvious to me that the message was in fact sent from the mail server of that English electronic component business. That leaves two possibilities (that I can think of at the moment):
  1. Michael Booker is himself the scammer, and deserves all of the hate mail he'll receive because he wasn't clever enough to conceal his actual e-mail address, or
  2. Michael Booker inadvertently downloaded a spyware/trojan horse program that has turned his PC into a zombie -- generating spam e-mails at the behest of some unknown party, using Booker's e-mail account.
I suspect the latter, because this is a well-established method of operation for spammers. If this is the case, perhaps the hate mail he receives will persuade him to be a little more diligent to keep his PC invader-free.

Whoever the actual scammer is: C'mon guys, you're dissapointing me! But thanks for the laugh.


* Reproduced here as search engine bait. If I can help just one person keep his money in his wallet, I'll be a happy man.