I received the following email today:

ANDREW & ASSOCIATES

(ADVOCATES & SOLICITOR ANDREW ERICKSON A & L. LOU.)
  9274,TAMAN INDAH SECTION 2

  BUKIT SEBUKOR

  75150 MELAKA

   MALAYSIA.

Dear Alan Shimel

I am Andrew Erickson,barrister at law.A deceased client of mine,by name  Mr. Dian Shimel,who herein after shall be referred to as my client,died as the result of a heart-related condition in March 12th 2005. His heart condition was due to the death of all the members of his family in the tsunami disaster on the 26th December 2004 in Sumatra Indonesia.
http://en.wikipedia.org/wiki/2004_Indian_Ocean_earthquake

I have contacted you to assist in distributing the money left behind by my client before it is confiscated or declared unserviceable by the bank where this deposit valued at $19million dollars is lodged.

This bank has issued me a notice to contact the next of kin,or the account will be confiscated.My proposition to you is to seek your consent to present you as the next-of-kin and beneficiary of my late client, since you have the same last name,so that the proceeds of this account can be paid to you. Then we can share the amount on a mutually agreed-upon percentage.

All legal documents to back up your claim as my client's next of kin will be secured gradually and forwarded to you. All I require is your honest cooperation to enable us see this transaction through.This will be executed under a legitimate arrangement that will protect you from any breach of the law.

If this business proposition offends your moral values,do accept my apology.Please contact me at once to indicate your interest.

Regards,        

Barr.Andrew Erickson

Senior Advocate/Solicitor.

You have to admire it though. From personalizing the name of his client to match mine to the wikipedia link on the Indonesian earthquake.  Also not just 1 or 2 million dollars either, a nice round 19 million is at stake here.  I am sure if I just passed him some of my personal information to help make his case that I am the next of kin of the deceased he would not mind sharing some of that 19 million with me!  When does it end?

I received the following email yesterday purporting to be from the BBB. It looked phishy to me, so of course I did not click the link and did a little investigating. However, I could see how someone would be fooled on this one, thinking someone filed a bogus complaint against them. Almost as good as the subpoena story I heard from a customer last week. Beware of stuff like this!

BBB CASE #841246605

Last week I came down pretty hard on Air Defense (here and here) for phishing WAPs at the InfoSecWorld trade show. Well just to show you that sometimes people make mistakes and if you blog it, you may get it addressed, I wanted to share the following email that I received today. I have redacted out the names to protect the innocent and the guilty.

Alan,

Let me start by first apologizing for any inconvenience I might have caused you or any other vendor at InfoSec World. You can be assured that next time I will collect alarms in the privacy of my own home prior to going to a convention.  I setup a test box during the vendor setup on Monday, this is a tool we use to show some wireless attacks.  After about an hour I shut it off, I was using it to gather some historical data to show in Advance Forensic.  If I recall correctly it did run it for about 5-10 minutes the 2^nd day after the demo crashed and we lost the data I collected on Monday (plug was kicked out).  This was very brief and not intended to be harmful. 

The intent behind using the page with AirDefense was in case anyone who saw the page could at least ask us why it happened and we could apologize and explain that it was just temporary.  JOHN DOE, the gentlemen you spoke with, was not aware of my actions nor was anyone else from AirDefense. I did ask him to point you out so I could apologies and let you know it should no longer be a problem but he didn’t see you.   I unplugged the test box just in case it was still doing something behind the scenes.  Once again I do apologize for any issues I may have caused.  If you have any questions or comments please feel free to call.  Also thanks for making us aware that it may have still been phishing people off their APs.

Thanks,

So to this Air Defense engineer, I take you at your word and apology accepted.  I am glad to hear that Air Defense does not condone this as a legitimate trade show tactic. Go in peace and sin no more ;-)

I am sure you have all received the usual email story of the bank or government officer from some African country that is looking for help in moving millions of dollars out of the country.  It is sometimes the widow or relative of a disposed leader or some other such thing.  Though I never respond, I frankly enjoy reading the stories and wonder how anyone would be stupid enough to get involved.  Do you really think there are 10 million dollars (american) waiting and these people would be kind enough to give you a 30% or better fee to help them?  If you respond to that stuff, you deserve what you get. 

Today, though I saw for the first time a new wrinkle on this one.  Showing that the bad guys know how to use current events, I call this one Kelly's Heroes, named after the Clint Eastwood movie about a bunch of American GI's taking stolen Nazi gold out of Europe at the end of WWII.  In this scam it is some British soldiers looking to ship out dollars from Iraq.  I publish it here for your amusement:

Hello,

I am Major Ralph Harland, I am a British officer attached to UN peace Keeping force in Iraq, I am the commanding officer of the First Battalion of the Royal Irish Regiment, as you may know everyday, there are several cases of insurgent’s attacks and suicide bombs going on here.

We managed to Move funds belonging to some demised persons who were attacked and killed through insurgent attacks. The total amount is US$9.5 Million dollars in cash. We want to move this money to you, so that you may keep our share for us until when we shall come over to meet you.

We will take 60%, my partner and I. You take 40%. No strings attached, just help us move it out of Iraq, Iraq is a war zone.

We plan on using Diplomatic courier and shipping the money out in two large metallic boxes, using diplomatic immunity. If you are interested I will send you the full details; my aim is to find a good partner that we can trust and assist us can you be trusted?

When you receive this letter, kindly send me an e-mail here  ralpharland@yahoo.co.uk , or majorralpharland@aol.co.uk signifying your interest including your most confidential telephone/fax numbers for quick communication and also your contact details.

This business is 100% risk free.

Respectfully,

Major Ralph Harland

In another example of how devious the bad guys are comes this email we received today:

From: operations@bbb.org [mailto:operations@bbb.org]
Sent: Thursday, February 22, 2007 5:43 AM
To: RB
Subject: BBB Case #263064499 - Complaint for RB

Dear Mr./Mrs. RB

You have received a complaint in regards to your business services. The complaint was filled by Mr. Alexander Vanderbilt on 02/05/2007/
Use the link below to view the complaint details:

DOCUMENTS FOR CASE #263064499

link was: a title="a //ronaldwestinvest.com/redirect/default.htm5c694550626c6fbd4a025e481b172875=5d570bdc5a703bde131cbbdaf2943278&04d964a1f1d1cf5f0842a51d40544328=2d24a338e243c427e8aaae4f19f7be30">ronaldwestinvest.com/redirect/default.htm5c694550626c6fbd4a025e481b172875=5d570bdc5a703bde131cbbdaf2943278&04d964a1f1d1cf5f0842a51d40544328=2d24a338e243c427e8aaae4f19f7be30" href="//ronaldwestinvest.com/redirect/default.htm?5c694550626c6fbd4a025e481b172875=5d570bdc5a703bde131cbbdaf2943278&04d964a1f1d1cf5f0842a51d40544328=2d24a338e243c427e8aaae4f19f7be30">http://ronaldwestinvest.com/redirect/default.htm?5c694550626c6fbd4a025e481b172875=5d570bdc5a703bde131cbbdaf2943278&04d964a1f1d1cf5f0842a51d40544328=2d24a338e243c427e8aaae4f19f7be30"

Complaint Case Number: 263064499
Complaint Made by Consumer Mr. Alexander Vanderbilt
Complaint Registered Against: Latis Networks
Date: 02/05/2007/

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

DOCUMENTS FOR CASE #263064499 link removed

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:

·  Claims based on product liability;

·  Claims for personal injuries;

·  Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

When I went to cut and paste it into my blog editor, this hidden text showed up:

'When they find the guy they ought to hang him up by the thumbs,' Bill Norton said. 'Badminton, Ben?'

It was hidden by a font color tag. 

Now of course we recognized it for the phishing it was. However, many a small business I guarantee you, will not and will click on the link, not wanting to have a BBB mark against them.  Of course don't click the links.  These guys are just so devious.