By now we’ve all had at least one email from a relative of a Nigerian Prince, asking for help secretly transferring millions of dollars out of U.S. Bank Accounts. Scams like this are pretty easy to spot and frankly anyone who would fall for something like that is a complete idiot. Sorry if that offends anyone, but seriously, come on…
But the nature of the game the scammers play is changing – this weekend I was almost a victim of one of the most elaborate money scams I’ve ever come across. In fact, it was one tiny detail that had I not actually typed this persons email address multiple times in my life, I probably wouldn’t have noticed it.
Here’s the story… I get an email from a friend of mine, from his actual AOL email address that he’s been using for years, basically saying his sister is in need of about $1500 for a surgery and is reaching out to all of his friends to see if he can get the money together. It was signed the way he normally signs his email, and the typing style was consistent with the way he usually talks, without the odd “English is my second language” typing style you usually pick up on from scams like this. Nothing stood out at all.
I decided I was going to just send him the full amount he needed, and hit the Reply button; and that’s when I noticed the reply-to address looked a little off. There was a zero where an “o” should be.
Again, the message came FROM his real account, from actual AOL servers, and even maintained the same conversation chain from the last time we talked. It wasn’t spoofed. But the reply-to email was that one character off.
Suspecting something was up, I shot him a message over Facebook and sure enough he hadn’t sent the email and had no idea what was going on. Someone had hacked his AOL account and grabbed his contact list. I figured I would see what kind of information I could get out of the scammer, so I replied to the fake email, playing along asking the scammer how I could get the cash to him. He replied (this time from the email account with the zero), thanking me and asking me just to send it directly to his “sister”, gave me her name and said I could do it through Western Union in Clarksville, TN, where she lives.
I admit, I got a little excited here because at this point I thought I was dealing with a scammer in the United States and there would actually be a chance of busting him so I started digging. The so-called sister was a 71 year old woman, and I was able to find her Facebook page, her daughter, etc. But nothing that really screamed “criminal”.
I turned everything I found over to the FBI, thinking maybe its identity theft and we could send some money to bait the perp and have an agent there bust whoever picked up the cash. Up until this point I’m thinking I’m dealing with an American scammer, not the classic nigerian money scam types.
And that’s when the Agent calls me back and gives me the full detail… that the woman in Tennessee isn’t the perpetrator, but also a victim. And it IS still a foreign scam – a fake SURVEY scam.
Basically there are networks of fake survey sites, promising to pay people for filling out surveys, and the “deal” you agree to as a survey-taker is that when you receive payment for a survey, you’re allowed to keep some percentage and then you pay the survey company their fee. Sounds familiar, right? It’s the classic Nigerian money scheme, disguised as a legitimate service. These sites tell the survey-taker that their payments come directly from the companies who contracted them to fill out surveys, and then the site owners rely on “the honor system” to collect their fees.
So these guys are playing both sides at once – one scheme to get a person to receive the money, and another scheme to get a person to send it to them. If I had sent $1500 to this 71 year old woman, she would have thought it was payment for a survey she took, accepted it, and then paid the Nigerian scammers their “fee” from it, never having any idea she was part of a foreign money laundering scheme. I’ve seen a lot of these scams over the years but never one this elaborate, where they actually created an AOL account that was this similar to the person they were pretending to be and combined multiple schemes to make a convincing, seemingly U.S.-based triangle transfer.
I know this is a huge deviation from what I normally blog about, but I hope this message helps someone else also avoid something similar. Stay sharp and always keep your guard up when people are asking for money. If you come across this, or any other online scams, you can report them via the FBI’s Internet Crime Complaint site at http://www.ic3.gov/.
pfSense Firewall Router (6) 1Gb Intel Ethernet Ports AES-NI CPU 4GB RAM 80GB SSD
OPNsense Network Firewall Router Security Appliance
SUPERMICRO sys-5015a ehf ATOM D510 4GB MEMORY 128GB SSD FIREWALL APPLIANCE
Palo Alto Networks PA200 Enterprise Firewall Security Appliance PA-200
Fortinet Fortigate FG-60D Firewall Network Security Appliance v5.4.7
Palo Alto Networks PA-220 NGFW Firewall
pfsense firewall I225-V 2.5 G Quad Core AWS-NI Gateway
NEW NETGATE SG-1000 pfSense FIREWALL SECURITY GATEWAY with AC & MICRO USB
SonicWall TZ500 Firewall - Lightly Used
CISCO ASA5506-X Firewall Unlimited Host FirePOWER ASA5506-K9 Not Affected Serial