The Latest in IT Security

Scams and the Beautiful Game


We like to give you plenty of warning when we suspect that something unpleasant is coming down the pike, even if it's just one of those likely bursts of Black Hat SEO (web search poisoning) that come with a media-friendly event.

Still, I suspect that if I told you we expect lots of malicious activity around the FIFA World Cup in 2014, you'd probably say "Why the heck are you telling me about that now?" The answer, of course, is that it's already here (the malicious activity, not 2014).  Yes, I recently picked up my very first 419 lottery scam based on the World Cup. As I went into some detail on that and another 419 in an article for SC Magazine's Cybercrime Corner, I'll just give you the pointer for that article rather than describe it here.

However, I just came across another World Cup related scam that I thought was worth a blog in itself. In this instance, it's not a lottery scam, and it uses the last World Cup (held partly in Cape Town) as a hook, not the next.

Photograph ©Small Blue-Green World 2007, used by permission

In fact, it's one of those "I'm a bank manager looking for a foreigner to help me plunder the account of another (dead) foreigner" scams. Let's take a closer look at what Donald Malema, allegedly the Chief Accounts Supervisor for the AMERICAN EXPRESS BANK OF SOUTH AFRICA (his capitalization…), has to say.

I would like us to work as partners in transferring the sum of $ 5 000 000 00 [FIVE MILLION UNITED STATES DOLLARS] into your bank account.

So far, so bad. Same old stuff.

These funds were deposited into our bank by one tourist from Netherlands   MR. SRAN VAN DER VON whom has visited South Africa for the FIFA WORLD CUP TOURNAMENT. After his country lost to SPAIN in the final, the man committed suicide in his hotel room the same night after the soccer match. Latter a report came to our bank that the man took his own life as a result of his country loosing to Spain and the main reason for his action is that the man has gambled with his MINING COMPANY in Netherlands and this company is said to worth about 50 million united states dollars thinking his country will surely win but unfortunately the match did not go his way.

Heartrending, huh? When you've wiped your eyes and blown your nose, let's move on. He goes on to tell me how the late Mr VAN DER VON left no family contact details, and he needs me to get the funds out of the bank. Standard stuff. But the next bit is really rich.

I give you a 100% assurance that these funds will be released to you only if you will work with me in truth and honesty.

Say what? You want an honest man to help you scam the bank you work for and the estate of a dead Dutchman. Well, that's normal. Not. Did I mention the bit at the top of the letter where he tells me that:

this is not one of those junk emails you may have received by strange dishonest individuals who uses people’s personal details for  fraudulent acts.

OK. I'm convinced. And so are my friends the pixies.

This doesn't have much in common directly with the mail I described in the earlier blog. Apart from being a different kind of 419, using a different email address and contact phone numbers (both apparently in South Africa, though, as was the case with the lottery scam). It has two significant resemblances, though.

Firstly, the email account used is at (which does seem to be 419 provider of choice at the moment).

Secondly, the message isn't, as you might expect, contained in the body of the email, but attached as a Word document. The other message was also contained in an attachment, though in that case the attachment was a JPEG.

It's not unusual for scammers to attempt to avoid spam filters by making the main message part of an attachment, and while 419s are still often basic text messages, it's by no means unknown for them to be transmitted as Word docs, graphics files or PDFs, though I have yet to see one sent as a spreadsheet.

Come to think of it, that would almost make sense from a rogue bank manager ;-)

And here, in sympathy with the erratic chronology of these 419s, is a photograph of football on Green Point, Cape Town, around the time construction began on the  stadium for the 2010 World Cup.

Photograph ©Small Blue-Green World 2007, used by permission

Not great resolution: it's a detail from a panoramic shot taken from Signal Hill. I could have included the shoreline, but then you'd have needed a 50" monitor to see the goalposts, let alone the people. :)

ESET Senior Research Fellow


Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments