With a stroke of luck, you have just been informed that you are the recipient of your long lost Nigerian uncle's vast fortune that he is leaving to you after he has passed. God rest his soul. The only thing that is needed is your bank account information, some personal information like your SSN, and to agree to providing a commission to those that are taking time out of their day to send you this money.

If you haven't received an email like that by now then you are definitely hidden from reality or your spam checker is the best there ever is or ever could be.

The unfortunate fact is that there are less than ethical people out there that will prey on overly ethical people. Additionally, there are always people that are willing to take a chance of sending several hundred dollars in hopes of getting several million in return.

We are here to tell you that these are all scams. The intention is to either get you to send money or to send some form of information that would allow these people to steal from you in the future. That is, assuming, that just clicking the link to be able to respond doesn't compromise your device with some form of malware.

According to various sources, in 2019 almost $667M was lost to imposter scams, identity fraud was at $1.7B, and generally older Americans lose around $2.9B per year. The unfortunate fact is that there is a criminal economy based around scamming people and plenty of victims to keep that economy going.

So how do these scams work? First almost all of them start with an email of sort. These emails can come in a variety of flavors though ranging from Nigerian uncle scams to requests to partner with foreign investors. Clearly, the intention is to entice the victim to either click the link or respond with some sort of enthusiasm.

So, assuming that the victim "clicks the link", then there is a high probability that the attacker now has access to the victim's computer (see the Arrakis phishing article) and, unfortunately, the game could very well be over for the victim.

However, assuming the victim didn't click the link and simply responded, then the attacker has other options available. Generally, the attacker is almost always not working alone. The simple fact that a victim has responded has now put that victim on a list that everyone in the attacker group will be aware of. Once the victim responds with any amount of exploitable data or, even worse, the victim has transferred money then the attacker that started the attack takes lead. After it is clear to the attacker that they have gotten as much as they can from the victim then another member of the attackers team will start up a different attack to keep the momentum going and hopefully sucker more money out of the victim.

This process repeats over and over until either the victim is out of money or the victim has figured out the scam.

How can you protect yourself, your family, your friends, and your coworkers?

First, and likely the most important, is understand the attack methodology and noticable features of the attack itself. These attacks almost always are through some form of electronic transmission with email being the most common followed by text messages. Attacks through voice are rare because the attacker almost always doesn't speak the english language in a manner that gives the victim the impression that english isn't their first language. Thus the only way the attacker can solve that problem is to remove voice as a method of detection.

This leads the attacker down the path of email or text message however this is based on their understanding of the english language and grammer. You will see wording that is contrary to normal language such as "brain cage" instead of "skull" or messages that start with "hello dear". Other key indicators would be the title of the person emailing the victim...unless the victim routinely interacts with royalty then it's extremely unlikely to get a random email from a "prince". Another common sense indicator would be areas of business. For example, if a dentist was receiving a business proposition from a person from Dubai for the purposes of investing in an oil drilling operation the first question that should come to mind is what is the connection between the two...why would someone from Dubai connect with a dentist in Spokane, Washington in order to be more profitable in drilling for oil?

Another great indicator of an attack is how the email is composed. Almost all attacker emails either want to give you something and the victim is the only person who can make this happen...or...the email reads like the person is in trouble, but in a safe place, but can't go anywhere unless you help. A common example would be a person you know that indicates they are on vacation in Paris, got robbed, and can't pay for the hotel room with the hotel manager holding luggage/passports as hostage until you pay. Obviously, in this case, the person you know was likely already compromised. Another example would be anyone claiming they needed support due to war (Iraq, Syria, etc...) with frozen assets in some country and the person who needs help in another country. In this case they need to transfer the frozen asset to the victim and will eventually ask for personal information to make that transfer happen. Another great, and currently popular, scam is when the attacker indicates they have screen shots of the victim surfing adult websites and possibly masturbating. This leads into the attacker attempting to blackmail the victim. Obviously if the victim has no webcam then this would be an easy one to figure out.

To relate this subject to legitimate business operations, most sales people have a grading system to determine the value of a client in relation to client needs, likelihood of wanting to do business, and if the client has budget. The same process happens with scams, with the attackers giving you points for opening an email, more points for responding, and the most points for falling victim to the attack.

Arrakis has experience in dealing with these scams as well as supporting victims getting out from under the attack. Unfortunately, victims come to us after the attack is well underway. At this point the best and only thing to do is stop the bleeding.

Contact us if you feel you have been compromised or have suspicious activity that could give you the impression you are compromised. Your safety is our priority and we are sensitive to your needs.

See some examples of online scams below (in red), taken exactly as how they were sent, and with follow on comments and key parts bolded.

  • Center for Disease Control

    U.S. Public Health Service

    Department of Health and Human Services

    investigation and control of contagious disease in the nation.

    Date; 7/9/2020

    Good-day Sir/Madam,

    I am Jose Arrieta information officer,of the Department of Health and Human Services of the US government,and also Centers for Disease control (CDC) and your neighborhood has been chosen to receive the first COVID-19 test kits,all you need to do,is to verify your,Full Names,Home Address,Telephone number,for payment for the test Kits.payment can be paid via,Apple Store card.

    Contact : Dr.Campbell Frenchman for the collection of your test kits

    Email: [email protected]

    Stay Safe and Stay at home !!


    Jose Arrieta

    Information Officer

    Department of Health and Human Services

    Phone Number: +1213-921-8272 text no calls

  • In the above case, and working from the bottom up, the scammer is indicating only allowing texting instead of calls. This is to prevent you from hearing his accent however, if we apply common sense, would you provide payment or payment details over text? No. Additionally, they are providing Covid-19 detection kits from the "investigation and control of contagious disease in the nation" section of the Department of Health and Human Services? That clearly should raise a red flag. Then, apparently this scammer is the information officer for both the Dept of Health and Human Services...and...the CDC. Did one of the agencies run out of money that they had the same guy work for two different agencies? Then, there is the request for address yet previously the scammer indicated that "your neighborhood has been chosen"...if the neighborhood was chosen and it came from the government...wouldn't you think they would already have this information? Of course we also have payment by an Apple store card! Lastly, and this was in the headers of the email, the sender was from a different name than whom signed the email as well as from a foreign country and the email address for the contact doesn't even remotely attach to any personality in the email. Obviously I haven't included any grammer issues.
  • Dear,

    After all the verification's in our office, you have been approved as the legal owner of this Loan fund worth the sum US$1,500,000.00 in our Vault, Place by Pastor Johson Kone, But for the fact that yourpayment have not been activated, you cannot have access to this deposited fund of US$1,500,000.00 until your payment have beenactivated.

    Now all you need to do to pick up this first payment of $5,000.00 USD is to activate the receiver's name to your names, which will take you only $195.00 only to do, this means fixing your names for theactivation of your first payment, so that you can be able to pick it up in any western union office in your country today.

    We submitted the agreement certificate in the ministry of justices high court that no person will not touch your fund. Besides, my dear, this is the opportunity for you to comply and your funds shall be transfer to your designated address. But remember that after (2 DAYS) you did not make the payment then we will divert your funds to Government Account, So to avoid problems, you have to send the fee before 2days so that you can get your funds released without delay.

    Also be informed that what you will fill in on the instruction line is the sender's first and second with the mtcn number and enter the security code in the box below, Then click track transfer, Send this $195.00 only, with the below information’s immediately so that we will activate your first payment, as the receiver of this fund to enable you pick it up in any western union office in your country today.

    Click this website to show up where you can track the information,Then you can track your money to see that your payment is available for pick up, But you cannot pick the payment until you pay for the charges sum of $195.00 only for the activation process.

    Below is your first payment of your new mtcn number sent today. I advised you to tracking your online payment with this website: https://www.westernunion"dot"com/us/en/send-money/app/tracktransfer

    MTCN; 3668248103

    Sender's Name: obinna Nweke

    Question: IN GOD

    Answer: WE TRUST

    Also be informed that what you will fill in on the instruction line is the sender's first and second with the mtcn number and enter the security code in the box below, Then click track transfer, Send this$195.00 only, with the below information’s immediately so that we will activate your first payment, as the receiver of this fund to enableyou pick it up in any western union office in your country today.

    Go to any western union or money gram transfer office near you andtransfer this money, send us the details for confirmation here so that we can activate your payment as the receiver to this deposited fundOnce this is done, you will pick up your first payment $5,000.00 after 30 minutes your payment is confirmed in our office.

    Best Regard

    Mr. John Martin

  • In this example we are chock full of scammer indications. First we have "verification's" in the possessive form, which again shows that English wasn't the first language. Then we have the crazy notion that we somehow would not remember applying for $1.5M loan to even be approved of said loan. However we do quickly get to the scam of requesting $195 to start the process of receiving this $1.5M and we do that by using Western Union. If a bank wanted to give anyone any money would they ever use Western Union? No. Furthermore, banks don't charge money to provide a loan in advance...they charge interest on the loan after the fact. So, why do scammers like to use Western Union? Simple, it's a world wide method of transferring money with very little overhead or tracking and absolutely perfect for scammers. Once the money has been sent it can't be unsent or recovered. It wouldn't be surprising at all if the MTCN number was tracked to some southern African country either. Lastly, we once again have no consistency in names across the entire email.

The essence of the article is if any email comes in that is asking for money or information, and you don't have any idea what it is about or there are spelling or grammar mistakes that would be in line with what a 15 year old child would do....then it's probably a scam or it's phishing. Protect yourself and your Arrakis if you need help!

Contact Arrakis for more information.