Sunday, 23 October 2011

Letter from HM Treasury? Just another scam | Naked Security

Filed Under: SophosLabs, Spam, Uncategorized

Over the past 24 hours we have seen a flurry of emails purporting to be from George Osborne MP, the UK's Chancellor of the Exchequer.

With reference to supposed stalled international fund transfers, the messages attempt to lure recipients into making contact with the fraudsters, in a classic 419 style scam.

We have seen at least two flavours of these scam messages:

Of course, none other than the UK Prime Minister has instructed for all genuine claims to be paid:

The office of the new Prime Minister has mandated me to ensure that all genuine claim and transfers are paid.The Government of the U.K took this major step in addressing these problems of all stalled transfers as a result of the global financial crisis that has affected banks by establishing the HM Treasury Debt office to take over payment responsibility on behalf of all banks operating in the UK.

I particularly like the advice dispensed near the end of some of the messages (no matter the nature of your relationship with any of these crooks):

As Chancellor of the Exchequer (HM Treasury) in the United Kingdom, I want to assure you that your transfer will now be processed through the simple, transparent and authoritative means where you will not be required to pay any unauthorized fees. Please discontinue any form of contact with all those you have been dealing with before now, no matter the nature of your relationship with any of these crooks, including your local attorney. My intention is to quickly reactivate and sort out your transfer without any distraction.

If the contents of these messages were not enough to convince you of their legitimacy, perhaps the email addresses are?

hmtreasuryukoffice@london.com
ukhmtreasurydept1@london.com

Don't be an easy target. Even if you do not fall for the social engineering in these sort of scams, do not hit reply and make contact with the fraudsters. At best you will just confirm for them that your email address is valid. At worst you may open yourself up for further attacks. In the fraudsters' own words:


Please you should not allow yourself to be deceived and extorted anymore.