in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Phishing Scam Uses Real BBC Article On Lost Iraq Money

Normally, this blog deals with security breaches and how data protection software like AlertBoot's hard disk encryption could be used to prevent future ones.  However, I'd like to cover a phishing scam that seems to have been making its rounds since earlier this year.

The other day, I received an e-mail from a SGT JIM WHITE:

Good Day,
 
My name is Jim White, a member of the U.S. ARMY 3rd Infantry Division in Iraq. I would like to share some highly classified information about my personal experience and the role which I played in the pursuit of my career serving in the U.S. ARMY. However, I would like to hold back certain information for security reasons until you have the time to visit the BBC website stated below. This will enable you to have insight as to what I'm intending to share with you.
http://news.bbc.co.uk/2/hi/middle_east/2988455.stm
Please get back to me after visiting the above referenced website to enable us to discuss the matter more. I'm uncomfortable sending this message to you without knowing if you are indeed with me or you decide to go public.

At first glance, I didn't realize that this was a phishing scam.  Based on the first couple of sentences, I thought that maybe this guy was looking for a job with AlertBoot, or perhaps wanted to send us some information regarding a data breach (we're not a news organization, but we do cover data security breaches via this blog).

But when I saw that BBC link...well, that's when I suspected that this was probably a phishing scam, or an attempt to remotely install malware after I had clicked on the link.  Normally, I would have ignored it, but my curiosity got the best of me in this case.

I copied the link and googled it, and lo-and-behold, it was a legitimate link. An excerpt:

Stash of money found in Baghdad
Foreign currency worth nearly $200m has been found in a Baghdad neighbourhood, the US military say.

Troops found $100m and 90m euros in 31 containers, US Central Command said.
The money has been flown out of the country to a "secure location" for counting purposes and will eventually be returned to Iraq to help rebuild the country, the US said.
Last week, US troops found more than $650m in the same area of Baghdad.

Phishing scam.  For sure.

Had I contacted this Sgt. White, I'd probably have gotten some story about needing to transfer the funds out of an undisclosed location in the Middle East, but the US government couldn't do so due to issues of international politics, blah, blah, blah, and needed my help.

This scam has been around for a while, it looks like.  To begin with, the original BBC article was published on April 2003, so this scam has been around for at most 6 years.

Also, doing a search for "phishing scam Iraq money" in search engines has brought up a bunch of results. If blog posts are any indication, it looks like this particular phishing scam has been making its rounds around March of this year.

Attempts at phishing money from honest people are legion, but this one has an interesting twist to it in that it uses a legitimate site (not a legitimate-looking site) to carry out its fraud.  I must admit that, after having vetted that the link was for an actual BBC news site, I let my guard down: I forgot to check the date on the article.

Of course, once I read the "Three Kings" scenario in the article, I knew it was a scam...but what if you're not into George Clooney movies?  Can't let your guard down....

Related Articles and Sites:
http://news.bbc.co.uk/2/hi/middle_east/2988455.stm
http://www.thunderbayit.com/phishing.asp?show=28

 
<Previous Next>

Full Disk Encryption: PA Consulting Breach Figures Revised Upwards

Data Security: US Governors Get Free Laptops, FBI Investigates

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.