Spam Alert: Confirm Bank Transfer

A new phishing scheme has begun circulating. Phishing is a spam-related strategy that attempts to deceive email recipients into revealing their personal and private information. This information can be leveraged by unscrupulous individuals to steal identities for the purposes of borrowing money or making unauthorized purchases.

This particular email contains a vague request for information in order to facilitate the processing of 'payments', ostensibly to be sent to the spam recipient. The 'sender', Mr. Mark Morris, claims to be a representative of an organization called the Financial Service Authorities United Kingdom(FSA). Mr. Morris purports to be deeply concerned about the transfer of large sums of money to the email recipient due to the fact that a third party, Mr. Paul Miller, has intervened. We don't know who Mr. Miller might be, but he has supposedly provided evidence that the email recipient is somehow related to the original owner of the funds.

Some unsolicited email, or spam, includes an attachment that includes a virus or some other type of malware. This particular email does not include any attachments. The email does include a link to a web site, www.cua.com.au, that appears to be legitimate, but looks can be deceiving on the Internet. Spammers are very talented at creating web sites designed to appear virtually identical to legitimate commercial organizations. Visiting this site may (or may not) be disastrous and certainly will not result in millions of dollars being transferred to your bank account.

A link to a legitimate site in a spammed email message is intended to give the message some air of validity. Spammers are playing a simple numbers game: if they send out enough messages, they know that statistically they will get a few responses. All they need is a few gullible responders who fervently want to believe that free money is out there, just waiting to be claimed. The link may well be pointing at a valid and reputable company that has nothing to do with the spam. Adding a link to an email is a simply copy-and-paste operation and does not require the approval of the company that owns the link.

A cursory examination of the text of the email indicates that it contains no specific information that can be tied to any particular recipient. In other words, whomever recieves the email can be duped into thinking it applies to them.

Clicking the Reply button will generate a response to the email address "epost1960@live.com." It is important to note that live.com is a free email service operated by Microsoft.Anyone can create free email accounts on the site - no personal information is required. The site doesn't ask for a credit card number or even a physical address. The site supports millions of email addresses. Obviously, a representative of a legitimate financial institution would not request a response to a 'free' email address. Obviously, responding to an email address that is connected to the domain of the financial services company would be expected. Obviously, a spammer would love to have access to an email address from that domain, but that's not something that can be easily faked.

The email contains this sentence:

Furthermore, we received an email from one Paul Miller who told us that he is your next of kin and that you died in a car accident couple of months ago.

This text reveals that the spammer is trusting that his recipient knows someone named "Paul Miller." Paul Miller is a relatively popular name in the English-speaking world, but not too many people know a Paul Miller who would be so kind as to vouch for their next of kin. This particular Paul Miller is rather devious: he is telling tales that someone is deceased in order to assume their unclaimed funds. This could create a sense of urgency in some recipients: "That horrible Paul Miller is trying to steal my money!" might be just enough to coerce some people into responding to the email.

Responding to the email will reveal to the sender that you are a real person. Sending off an indignant missive describing all the horrible ills that you wish on spammers in general may make you feel better, but your email address will inevitably be added to more spam lists. These lists are bought and sold like currency. Everyone is on the lists, but there's a special list of lists for folks who have responded to unsolicited spam messages.

Any kind of response tells the spammer that you are paying attention. Eventually they will concoct a message that fools you. You may be duped by verbiage that appears to come from a e-card site or a financial institution. It might appear to come from your best friend, from the IRS, or from the UPS: the bad guys will keep trying because it costs so little to do so.

Do spammers have feelings? Probably.

Keep in mind that your responses are probably not read by human beings anyway. Special servers process responses, scanning for text patterns that look like social security numbers or bank account codes. A profanity-laden treatise written only for personal satisfaction will almost certainly never be seen by human eyeballs.

However, just because no human spammers read your response doesn't imply that you won't hear back from them. Once they hear from you, computer-generated messages will be routed back to you. You may very well get drawn into a lengthy conversation with a software program.

1. Don't respond.
2. When in doubt, refer to Rule #1

If you insist on some measure of satisfaction, report the spammer to the FBI or some other web site that tracks this type of activity. Simply sending a copy of the message to a tracking service won't help them all that much, save for developing a pattern of behavior to detect future spam messages.

This particular message was routed through a server in Turkey. The server, 212.175.18.134, is owned by a Turkish Telecom provider. We visited the site: it was in Turkish, but based on the structure of the home page it looked friendly enough. We suspect that our unrequested email simply passed through their server without their knowledge.

In many situations, a computer is compromised by a virus: it becomes a 'zombie' that is remotely controlled to send out huge volumes of spam. In this particular situation, that infected computer was probably using our friendly Turkish telecom provider as an email service. Eventually the email service provider notices that large volumes of email are emanating from one of their customers. Usually they shut off the flow of spam before any anti-spam service can track it down. The owner of the computer usually notices that they have a problem when their real email will no longer transmit: they contact their email provider, who lets them know they probably have a virus.

it happens all the time.

Hello,

I am Mr.Mark Morris presently working with the Financial Service Authorities United Kingdom(FSA). I have urgent information which you might find very useful. Following investigations carried out by my office,I have discovered that there are some long overdue payment presently here in the United Kingdom yet to be claimed. These funds have been processed in your name and should be released to you ASAP as directed by financial instruments but we are realizing that the earlier documents validating this sum was re written or altered.

Furthermore, we received an email from one Paul Miller who told us that he is your next of kin and that you died in a car accident couple of months ago.

To enable me confirm the status of the information I have for you, I need you to confirm the account information below, as this is the destination we have for the funds processed in your name and the transfer should be effected by Monday 10th January 2011  13:00 Hrs.

Bank Details:
Credit Union Australia
545 Kent Street
Sydney
New South Wales 2000
Australia
Phone: 133 282
International +61 7 3295 9400
Website: http://www.cua.com.au
Account Name: Paul Miller
Account:
804 - 050 - 30820226
Swift Access Code:CUSCAU2SXXX

We want to hear from you before we can make the transfer to confirm if you are dead or not.And to also know if you authorize the transfer of your funds to the account mentioned above.

When I hear from you, then I can put my investigations together and make conclusions but from what I have here it seems as though your financial entitlements in the United Kingdom is being redirected for personal interest by illegal means and you will aid us by giving me a brief on your dealings when previously trying to process release of your funds.

Kindly get back to me on my e-mail address: epost1960@live.com

And please keep this confidential to enable me work effectively in your favour, when I hear from you, I will prove my personality to you so as to satisfy your worries and to be at liberty to furnish me required information.

Regards,
Mr.Mark Morris