Social Engineering via the US Mail



KrebsOnSecurity has come across a Nigerian prince scam sent via the US Postal Service. Krebs points out that while email is a much more common vector for these frauds, advance fee scams are nothing new, and were conveyed by snail mail long before email was invented. These scams take many forms, but at their core they consist of a scammer promising a victim a large amount of money if the victim sends a small payment in advance.

In this case, the scammer claims to be an account manager at a bank in London. He explains that one of the bank’s wealthy customers died ten years ago and didn’t name an heir to receive his fortune. The banker was unable to locate the customer’s next-of-kin, so he’s settled upon disbursing the funds to someone who has the same last name, which happens to be the recipient of the letter. The money will be split between the banker and the recipient, so each will receive $5.8 million.

At the end of the letter, the scammer provides an email address for the recipient to contact him. The scammer will attempt to rope anyone who responds into all manner of fraudulent schemes before they can receive their money. In the end, of course, the victim will get nothing.

Krebs notes that while the far-fetched nature and clumsy writing style of the letter will strike most people as an obvious scam, it allows the scammers to weed out less gullible people and target the ones who are most likely to pay.

“It’s easy to laugh at this letter, because it’s sometimes funny when scammers try so hard,” he writes. “But then again, maybe the joke’s on us because sending these scams via USPS makes them even more appealing to the people most vulnerable: Older individuals with access to cash but maybe not all their marbles. Sure, the lure costs $.55 up front. But a handful of successful responses to thousands of mailers could net fortunes for these guys phishing it old school.”

Everyone is vulnerable to some form of social engineering, and knowing how scammers operate is the best way to defend against these attacks. New-school security awareness training can help people from all walks of life resist attempts to manipulate them.

KrebsOnSecurity has the story:

Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Domain Spoof Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews