Normally, this blog deals with security breaches and how data protection software like AlertBoot’s hard disk encryption could be used to prevent future ones. However, I’d like to cover a phishing scam that seems to have been making its rounds since earlier this year.
The other day, I received an e-mail from a SGT JIM WHITE:
My name is Jim White, a member of the U.S. ARMY 3rd Infantry Division in Iraq. I would like to share some highly classified information about my personal experience and the role which I played in the pursuit of my career serving in the U.S. ARMY. However, I would like to hold back certain information for security reasons until you have the time to visit the BBC website stated below. This will enable you to have insight as to what I’m intending to share with you.
Please get back to me after visiting the above referenced website to enable us to discuss the matter more. I’m uncomfortable sending this message to you without knowing if you are indeed with me or you decide to go public.
At first glance, I didn’t realize that this was a phishing scam. Based on the first couple of sentences, I thought that maybe this guy was looking for a job with AlertBoot, or perhaps wanted to send us some information regarding a data breach (we’re not a news organization, but we do cover data security breaches via this blog).
But when I saw that BBC link…well, that’s when I suspected that this was probably a phishing scam, or an attempt to remotely install malware after I had clicked on the link. Normally, I would have ignored it, but my curiosity got the best of me in this case.
I copied the link and googled it, and lo-and-behold, it was a legitimate link. An excerpt:
Stash of money found in BaghdadForeign currency worth nearly $200m has been found in a Baghdad neighbourhood, the US military say.
Troops found $100m and 90m euros in 31 containers, US Central Command said.
The money has been flown out of the country to a “secure location” for counting purposes and will eventually be returned to Iraq to help rebuild the country, the US said.
Last week, US troops found more than $650m in the same area of Baghdad.
Phishing scam. For sure.
Had I contacted this Sgt. White, I’d probably have gotten some story about needing to transfer the funds out of an undisclosed location in the Middle East, but the US government couldn’t do so due to issues of international politics, blah, blah, blah, and needed my help.
This scam has been around for a while, it looks like. To begin with, the original BBC article was published on April 2003, so this scam has been around for at most 6 years.
Also, doing a search for “phishing scam Iraq money” in search engines has brought up a bunch of results. If blog posts are any indication, it looks like this particular phishing scam has been making its rounds around March of this year.
Attempts at phishing money from honest people are legion, but this one has an interesting twist to it in that it uses a legitimate site (not a legitimate-looking site) to carry out its fraud. I must admit that, after having vetted that the link was for an actual BBC news site, I let my guard down: I forgot to check the date on the article.
Of course, once I read the “Three Kings” scenario in the article, I knew it was a scam…but what if you’re not into George Clooney movies? Can’t let your guard down….
Related Articles and Sites: