KnowBe4 Security Awareness Training Blog

Social Engineering via the US Mail

Written by Stu Sjouwerman | Sep 26, 2019 10:47:28 AM

 

KrebsOnSecurity has come across a Nigerian prince scam sent via the US Postal Service. Krebs points out that while email is a much more common vector for these frauds, advance fee scams are nothing new, and were conveyed by snail mail long before email was invented. These scams take many forms, but at their core they consist of a scammer promising a victim a large amount of money if the victim sends a small payment in advance.

In this case, the scammer claims to be an account manager at a bank in London. He explains that one of the bank’s wealthy customers died ten years ago and didn’t name an heir to receive his fortune. The banker was unable to locate the customer’s next-of-kin, so he’s settled upon disbursing the funds to someone who has the same last name, which happens to be the recipient of the letter. The money will be split between the banker and the recipient, so each will receive $5.8 million.

At the end of the letter, the scammer provides an email address for the recipient to contact him. The scammer will attempt to rope anyone who responds into all manner of fraudulent schemes before they can receive their money. In the end, of course, the victim will get nothing.

Krebs notes that while the far-fetched nature and clumsy writing style of the letter will strike most people as an obvious scam, it allows the scammers to weed out less gullible people and target the ones who are most likely to pay.

“It’s easy to laugh at this letter, because it’s sometimes funny when scammers try so hard,” he writes. “But then again, maybe the joke’s on us because sending these scams via USPS makes them even more appealing to the people most vulnerable: Older individuals with access to cash but maybe not all their marbles. Sure, the lure costs $.55 up front. But a handful of successful responses to thousands of mailers could net fortunes for these guys phishing it old school.”

Everyone is vulnerable to some form of social engineering, and knowing how scammers operate is the best way to defend against these attacks. New-school security awareness training can help people from all walks of life resist attempts to manipulate them.

KrebsOnSecurity has the story: https://krebsonsecurity.com/2019/09/before-he-spammed-you-this-sly-prince-stalked-your-mailbox/