Thanks for all the phishing in 2013


I am thankful that I’m incapable
Of doing any good on my own
I’m so thankful that I’m incapable
Of doing any good on my own
From Thankful by Caedmon’s Call

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2013. The things I’m thankful for.

I’m thankful for old business associates from past, failed scams who saved my cut for me, despite the fact that I have no recollection of those events.

From: Barrister Benson <>
Sent: Wednesday, November 27, 2013 10:52 AM
To: Recipients

How are you with your family? I hope fine. I’ m happy to inform you about my success in getting those funds from BOA (Bank of Africa) transferred under the cooperation of a new partner from Venezuela, Presently i’m in Venezuela for investment project, meanwhile I didn’t forget your past efforts to assist me in transferring those funds despite that it failed us some how. Now contact my secretary in Benin Republic West Africa through his e -mail id ( ) ask him to send you the A.T.M  VISA CARD worths sum of ($850,000.00 US Dollars) which I kept for your compensation for all the past efforts and attempts to assist me in this transaction. so feel free and get in touch with my secretary Mr.Mike Horton  he will send the A.T.M to you.
Barrister Benson

I’m thankful for people who die with enormous amounts of money floating around in dormant accounts with no heirs.

From: Creg Badmus <>
Sent: Friday, August 2, 2013 1:39 PM
Subject: Hello Dear.

Private Banking Division
HSBC Banking Corporation.

Greetings with due respect ,

Before I introduce myself, I wish to inform that   this letter is no hoax so I urge you treat with respect and endeavour to observe utmost discretion in all matters concerning it.My name is Mr.Creg Badmus ,accountant with Private Banking Division of (World’s Local Bank) HSBC in this regional branch . I  have secured and protected transaction record of $9.8 Million US dollar discovered floating in a dormant account,without documented evidence of next of kin.The HSBC will release and transfer to account you will provide within seven working days under active partnership with my insider role.

This  is possible only if you trust and  willingly capable to work in confidence .More details shall be given to you as soon as you indicate committed interest with full data. This Proposal however is not mandatory nor in any manner compel you against your wish,I suggest you call on my private phone number but if you  feel uncomfortable ,please ignore.I need your strong assurance that you will never let me down,I guarantee that this will be executed under legitimate arrangement that will protect you from any breach of the law.

Yours Sincerely,
Mr Creg Badmus.
+60 1126394325.

I’m thankful for opportunities to take part in war profiteering for fun and profit.

Sent: Monday, September 2, 2013 7:23 PM
Subject: Look Good Here

Do you wish to become rich due to armed conflicts? It`s right time to do it. Just as the first bombs descend to Syria,
petrol prices will move up just as MONARCHY RESOURCES INC. (M O_N K) stock price! Go make $$$ on September, 3rd,
get M O_N K shares!!!

I’m thankful for the opportunity to literally remake myself into someone new.

From: Travelling Documents <>
Sent: Tuesday, March 5, 2013 2:21 PM
Subject: Passports, Driver’s Licenses, ID Cards, SSN Cards, Birth Certificates

Selling Passports, Driver’s Licenses, ID Cards and Birth Certificates
Erasing Criminal Records (Finger print and Eyes Scan)
Get your self a new identity with the highest security and discretion.
Highest Quality, Extrem Security and International Delivering
If you are interested contact us to

Best Regards
Travelling Documents

What a fortuitous combination of offers! First my old buddy Barrister Benson was kind enough to save my $850,000.00 US Dollars cut from BOA (Bank of Africa) by way of Venezuela deal that went south. Then an accountant in a branch office of Private Banking Division of (World’s Local Bank) HSBC who, no doubt got my name from Barrister Benson who was feeling bad about that BOA deal wants to cut me in on $9.8 Million US dollar – which he guarantees will be executed under legitimate arrangement that will protect me from any breach of the law although the “Hello Dear” subject is a little creepy (Creg, dude, I don’t swing that way). And then the semi-anonymous offer to invest in MONARCHY RESOURCES INC. (M O_N K) for a bit of petrol war profiteering and finally the good folks at Travelling Documents provide me a way to dash away with all that loot. Hey – they must be legit with that address, right? I mean, what could possible go wrong?

I’m thankful for companies who alert me to arrest records, financial aid notifications and credit score updates

From: |Attention| <>
Sent: Monday, June 24, 2013 2:28 PM
Subject: Arrest-Records for [your email here] {Mon, 24 Jun 2013 15:28:10 -0500}

Arrest- Records for [your email here] {Mon, 24 Jun 2013 15:28:10  -0500}

Click-to – View

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: 2nd-Attempt <>
Sent: Monday, June 24, 2013 2:17 PM
Subject: Financial-Aid Notification for [your email here] [Mon, 24 Jun 2013 15:17:26 -0500]

Financial – Aid Notification for [your email here] [Mon, 24 Jun 2013 15:17:26  0500]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: [Second-Request] <>
Sent: Monday, June 24, 2013 2:23 PM
Subject: Score-Updates for [your email here] [Exp/TransU/Eqfx] Mon, 24 Jun 2013
15:22:47 -0500

Score- Update for [your email here] [Exp/TransU/Eqfx] Mon, 24 Jun 2013 15:22:47 -0500

View Your Documentation

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

How about that? A one-stop phishing shop for all your fake alert needs! But wait – it gets even better:

I’m thankful for (the same) company who sends me gift cards from Wal-Mart  and Wendy’s.

From: WAL-40993-01 <>
Sent: Monday, June 24, 2013 1:42 PM
Subject: Someone just sent you a Wal-Mart Card [1000USD]

Someone just sent you a Wal – Mart Card [1000USD]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: WEND-773662801-1
Sent: Monday, June 24, 2013 2:19 PM
Subject: Your $50 Wendy’s Card [Mon, 24 Jun 2013 15:18:51 -0500]

Your $50 Wendy’s Card [Mon, 24 Jun 2013 15:18:51 - 0500]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

How sweet is that? The same Phoenix, Arizona USA address for all those different companies and email addresses! In case you were wondering, the alert links all go to and the gift card links all go to Maybe it’s outsourced phishing.

I’m thankful for politicians who request permission to keep me personally informed – even though I’m way outside their district.

From: Congresswoman Cheri Bustos
Sent: Thursday, November 14, 2013 2:14 PM
Subject: Requests Your Permission

Congresswoman Cheri Bustos would like to email you periodically regarding legislative issues in
Congress that are vital to you, your family, and the 17th District of Illinois.

Receiving this information by email is a fast and efficient way to learn more during these
significant times and will provide you with timely information and important news.

Email is part of an ongoing effort to keep constituents informed and engaged. If  you would prefer
not to receive these email messages, please click here .

Best Wishes,
Congresswoman Cheri Bustos
1009 Longworth HOB
Washington, DC 20515
(202) 225- 5905

Who knew that the federal government was reduced to issuing congresswomen email addresses. Ah, such sad fiscal times are these.

I’m thankful for banks that alert me to automatic transfers with handy attachments containing nasty surprises.

From: Ricardo Duffy <>
Sent: Monday, February 25, 2013 5:52 AM
To: [Whole bunch of email addresses in the clear]
Cc: [Whole bunch of email addresses in the clear]
Subject: Automatic transfer notification
WIRE transaction is completed. $3302 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.

*** This is an automatically generated email, please do not reply ***

Attachment: payment -> Contains: payment receipt.exe -> Contains: Backdoor.Agent.RS malware

From: Payment notification system <> Sent: Thursday, February 21, 2013 11:44 AM
To: [Whole bunch of email addresses in the clear]
Cc: [Whole bunch of email addresses in the clear]
Subject: Automatic transfer notification
Importance: High
WIRE transaction is completed. $962 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.

*** This is an automatically generated email, please do not reply ***

Attachment: payment receipt – -> Contains: payment receipt – 884993762994.exe -> Contains: Backdoor.Androm malware

I’m thankful for banks that notify me with credit card statements and unauthorized access notices with handy forms containing surprise destinations.

From: Citi Cards <>
Sent: Friday, December 14, 2012 4:17 AM
Subject: Your Citi Credit Card Statement

Add to your address book to ensure delivery.

Your Account: Important Notification
Your Citi Credit Card statement is ready to view online

Dear customer,

Your Citi Credit Card statement is now available for you to view online. Here are some key pieces of information from
your statement:

Statement Date:  December 13, 2012
Statement Balance:  -$9,676.80
Minimum Payment Due:  $355.00
Payment Due Date:  Tue, January 01, 2013

Want help remembering your payment due date? Sign up for automated alerts such as Payment Due reminders with Alerting Service.

This form contains mostly fraudulent links, including many of the graphics which are primarily from;
The money links (i.e. where your money will go if you click them) are these:

From: <>
Sent: Friday, November 8, 2013 3:09 PM
Subject: Unauthorized Access Notice
Attachments: Citibank.html
Trouble reading this? Add alerts@al to your Address Book

We recently have determined that different computers have tried to log on to your Online Banking account and multiple
password failures were present before logons.

We now need to re-confirm your account information   with us.

Please download and open the document attached to this e-mail in order to verify your records. Please follow the
instructions from the document.

If this is not completed by November 10, 2013 we will be forced to suspend your account indefinitely, as it may have
been used for fraudulent purposes.

PLEASE NOTE: This is a mandatory measure. Failure to verify your records will lead to permanent service suspension.
After verifying your records you will be able to use your account as usual.

We thank you for your cooperation.
This Alert was sent according to your account settings; please do not reply to this message. Please do not contact us
directly as this issue is mainly processed by the Online System.

Attachment: payment receipt – 884993762994
This attachment is a web form that is almost completely sourced from – except for this little gem:
<input name=”submit_to” value=”,” type=”HIDDEN”>

I’m thankful for lovelorn ostensibly Russian beauties like NastyaOlga 1 and Olga 2 who are dying to meet me.

From: Anastasia <>
Sent: Monday, May 20, 2013 6:53 AM
Subject: How are you??
How is it going?? I’m Nastya. i look for a second half! I love travelling and pottery. Send me mail. Yours, Nastya!

From: Olga <>
Sent: Monday, February 11, 2013 11:39 AM
Subject: I wait for the answer
You have drawn my attention to a site of acquaintances. I hope, as I shall like you. How I to you in a photo? The truth -
pretty? :) But in a life I more nice!!!
And as I cheerful , kind, sociable and fluffy! I like to go in for sports, read books, to listen to music. I love winter and
summer. I do not love spring and slush.
If I have interested you, with pleasure I shall tell about myself more in the following letter.
I wait for the answer on

From: Olga Ivanova <>
Sent: Monday, February 4, 2013 12:00 PM
Subject: your profile to produce on me greater impression
hello webjoseph!

how are you today? What is your name?
my name is Olga, You frequently are on this site ?
I today wanted to talk to you in a chat
You have yahoo or hotmail ID? if you write to me, ok?
I shall wait from you the letter with impatience


Wow! What a hard (sic) choice to make. I mean, with a name like Nastya how can I go wrong? And she’s looking for a second half – just like the Broncos! But Olga 1 is charming in a sort of can’t-figure-out-Google-Translate kind of way as well as cheerful, kind, sociable and fluffy. Maybe she’s a cat. But apparently Olga 2 is familiar with my devastating charm and rapier wit from my profile on Oddly I can’t actually remember ever going to that site, much less setting up a profile. Oh well that’s one of the downsides to living fast and not dying young.

I’m thankful for kind people who win big lottery prizes like Allen and Violet and Dave and Angela who want to spend those millions making me rich.

From: Allen & Violet Large <>
Sent: Thursday, March 21, 2013 1:09 PM
Subject: Generous Act
Dear Sir/Madam

This is my seventh time of writing you this email. My wife and I won a Jackpot Lottery of $11.2 million in July and have
voluntarily decided to donate the sum of $1,000,000.00 USD to you as part of our own charity project to improve the lot
of 5 lucky individuals all over the world.

If you have received this email then you are one of the lucky recipients and all you have to do is get back wit h us so that
we can send your details to the payout bank.

You can verify this by visiting the web pages below. -canada -11699678

Good Luck,
Allen & Violet Large

From: Dave and Angela Dawes <>
Sent: Tuesday, August 20, 2013 10:53 AM
Subject: Happy Celebration In Advance
Dear Lucky Recipient,
You are receiving this message because my wife and I have listed you as one of our lucky selected millionaires of 1.5
million Pounds. If you are wondering how you were selected, we Utilize the service of website and search Engine That
Gives away cash prizes to help in the selection.
To Verify the genuineness of this email, watch our interview by visiting this web page so That You can be 100% sure That
You Have Not received an email hoax kindly click here -jackpot -winners-Dave-and -Angela -Dawes -to -give -millions-to -friends -and -family.html
Kindly Provide us with the below requested information, so that we can issue your draft.
Zip Code:
Happy Celebrations in Advance,
Dave-and -Angela -Dawes.

I’m thankful for all of the swell job offers like Consumer Service Critic, Mail & Package AssistantShipping/Receiving Clerk and Tour Manager all from the comfort of my home.

From: Joseph webster
Sent: Monday, April 22, 2013 2:40 AM
To: Webmaster
Subject: Consumer Service Critic
MCA -LOGISTICS INC.™ is currently drafting a LIMITED sum of VALUE CRITICS .

MCA -LOGISTICS INC® is a public survey company that uses analyticalShopping to measure the manner of service
It’s an advent to amass definitive perception about products and services.

We work with some of the largest, popular businesses in the America; from Banks to Fast Food to Petroleum,
Technology, Fashion retailers, and others more.

You will be employed to conduct an all charges paid survey and opinion task on behalf of MCA -LOGISTICS INC.
As our EVALUATIOR/ANALYTICAL clientele, you will be askedto POSE as a normal consumer while going to different places of work.
You’ll be required to discharge exact under- taking such as obtaining a merchandise or utilizing a service.
Your task will be to assess and measure the virtue of retail services rendered.
You’ll covertly evaluate their customer service while appearing as a normal customer When you’re done, you will be expected to fax your EVALUATION RECORDS (which we will provide to you) to us and then you will get paid for your opinions .
That is all there’s to it !

Peculiar expertise are not required for this task.
If you became interested in the vacancy, please reply to with the following informations:

Your name,complete mailing address,telephone and email address.

We will send you the details and the employment contract.

*****MINIMUM AGE DEMAND IS 30 YEARS************ Matured ANALYZERS ONLY, due to sedulity.

MCA -LOGISTICS INC. ©1992-2013

From: Joseph webster
Sent: Thursday, May 2, 2013 12:41 AM
To: Postmaster
Subject: Easy, fast, profitable
My name is Michael Watson, I’m Hiring Manager with Royal Mail 4 Delivery, Inc. I lately reviewed your CV with great
interest and I think that you may possess the experience needed prescribed for an occupation with our company.
You may see into this work as a part – time one or as an another earning and profit. I can mail you in more detail
description of Mail & Package Assistant per your letter of inquiry through email.
Please, do not hesitate to ask me any questions.
Thank you for the provided opportunity.

Yours faithfully,
Michael Watson
Royal Mail 4 Delivery Inc.

From: Joseph webster
Sent: Sunday, January 20, 2013 10:39 AM
To: AOL Users; Webmaster
Subject: EU deliveries is hiring
EU Deliveries is employing for the position of Shipping/Receiving Clerk.
We have many years of experience transportation individual parcels, papers and heavy cargo and have become pleased associates with USPS, UPS and FedEx.
As a Shipping/Receiving Clerk, you will be working from home. We suppose
our Shipping/Receiving Clerk to conduct the next activities:
– Suggesting our purchasers with the best level of buyer assistance service possible;
– Supervising and monitoring customer’s package sending operations; -
Keeping records of the processed pa ckage and mail Your typical daily tasks will contain:
– operating with a remote helpdesk (it helps to schedule your daily work, send message to otherteam members, download and share project documentation and other materials);
– answer client emails and calls.
Salary and remuneration:
– usd 40000 yearly (paid in parts, every month).
– Working hours: 9AM – 5PM Mon – Fri
In order to apply for this position, please email us a copy of your most recent CV. We will check the submitted information and call back you in 1 -2 business days to tell you about the status of your application.
Bruce Grossman, EU Deliveries Human Resources dpt.

From: Joseph webster
Sent: Monday, March 4, 2013 6:51 AM
To: Postmaster
Cc: Administrator
Subject: Work for those who wishes to earn money

Our company, Grand Tour tourist agency offers you a part-time position of a Tour Manager. We are one of the largest 10 travel agencies in Europe, we also work with t he United States.

At this moment, our firm is searching for interested individuals who will be able to become our reps in the USA. So this ad is only for people with the USA citizenship or a work permit. Your main role will be providing support for our clients from the United States, while they are voyaging in Europe.


– Basic skills with PC, including e-mails and word processing;
– Must be able to multi-task;
– Must be at least 19;
– High School Diploma or a college degree is a benefit.

Your pay will be usd 4000 monthly according to the work plan that should be executed. For further details, please write us at: . Upon receiving your message, we will forward you all the required
information to get acquainted with.

Yours sincerely,
Laura Pennington
Grand Tour

Wowzers! I had no idea you could be a Tour Manager or a Shipping/Receiving Clerk with no experience. From home. In your skivvies (OK TMI). But the really interesting thing about these offer letters is that they all appear to have been generated from the same faulty template. Note that the emails are always From: Joseph webster with different spoofed email addresses. Oh well, they just got several of the properties mixed up. Or maybe not, after all Michael Watson thanked me for the provided opportunity. You’re welcome, Mike. It was nothing. No really.

So there you have it – my list of stuff that I would be thankful for if they were even marginally real.

Don’t be the One

Cos I don’t wanna be the one
Only overjoyed
Yeah, I don’t wanna be the one
Making all the noise
Yeah, I don’t wanna be the one
From Be The One by The Ting Tings

In the last post the topic of  safe web browsing was discussed as an attempt to update earlier advice from circa 2008. So that should keep you safe on the internet. Right? Sorry. Unfortunately, browsing the web is only half the story. The other, and arguably more dangerous half, is the part where you are automatically directed to web sites by emails, SMS texts, QR codes and nowadays NFC tags. Most of the time these automated links are desirable and very convenient like when you want to find out about a new product or go directly to your bank site to check on your accounts. But what happens when the originator of these convenience links is a malicious impostor? In other words the email, SMS, QR code or NFC tag is a phishing attack. This can be especially serious when the phisher is pretending to be your bank. Because the payoff is potentially large, these fake requests from your bank can look pretty convincing. This post from Rob Waugh at the WeLiveSecurity blog puts it this way.

Technologies change, but cybercriminals will always dream up new ways to fool you into handing over your bank details – whether via phishing emails, SMS or by phone.

These days cybercriminals will use phone calls, SMS messages, emails – and even couriers – in an effort to get your money.  Many of these attacks can seem very convincing – at least at first.

To mash up P.T. Barnum, who is often credited with saying “There’s a sucker born every minute” and The Matrix, “You are the One, Neo“, [just go with me here] how do you avoid being the One? The key is to recognize stuff your bank will never do. Again from the WeLiveSecurity post:

The key to staying safe is to recognize behavior that isn’t quite “right”. Here are ten things a bank will never do – but a fraudster, phisher, or thief will.

Text you asking for details to “confirm” it’s you

Your bank may well text you – for instance to confirm a transaction on PC – but bank texts will not, ever, ask you to confirm details, or for passwords in a text. Banks also won’t update their apps in this way. If you’re suspicous, don’t click links, don’t call any numbers in the text. Instead, call your bank on its “normal” number.

Give you a deadline of 24 hours before your bank account erases itself

Many legitimate messages from your bank will be marked “urgent” – particularly those related to suspected fraud – but any message with a deadline should be treated with extreme suspicion. Cybercriminals have to work fast – their websites may be flagged, blocked or closed down rapidly – and need you to click without thinking. Banks just want you to get in touch – they won’t usually set a deadline.

Send you a link with a “new version” of your banking app

Your bank will not distribute apps in this way – instead, download from official app stores, and ensure yours is up to date.

Use shortened URLs in an email

Cybercriminals use a variety of tricks to make a malicious web page appear more “real” in an email that’s supposedly from your bank – one of the most basic is URL-shortening services.

Send a courier to pick up your “faulty” bank card

The courier scam is a new one – your phone rings, it’s your bank, and they need to replace a faulty bank card. One of the new services they offer is courier replacement – and the bank tells you that a courier will arrive shortly to collect the faulty card.  A courier turns up, asks for your PIN as “confirmation” – and your money magically vanishes.

Call your landline and “prove” it’s the bank by asking you to call back

A common new scam is a phone call from either “the police” or “your bank”, saying that fraudulent transactions have been detected on your card. The criminals will then “prove” their identity by “hanging up” and asking you to dial the real bank number – but they’ve actually just played a dial tone, and when you dial in, you’re talking to the same gang, who will then ask for credit card details and passwords.

Email you at a new address without warning

If your bank suddenly contacts you on your work address or any other address than the one they usually use, this is [not right]. Banks will not add new email addresses [for you on their own].

Use an unsecured web page

If you’re on a “real” online banking page, it should display a symbol in your browser’s address bar to show it’s secure, such as a locked padlock or unbroken key symbol. If that symbol’s missing, be very, very wary.

Address you as “Dear customer” or dear “”

Banks will usually address you with your name and title – ie Mr Smith, and often add another layer of security such as quoting the last four digits of your account number, to reassure you it’s a real email, and not phish. Any emails addressed to “Dear customer” or “Dear [email address]” are instantly suspicious – often automated spam sent out in vast quantities to snare the unwary.

Send  a personal message with a blank address field

If you receive a personal message from your bank, it should be addressed to you – not just in the message, but in the email header. Check that it’s addressed to your email address – if it’s blank, or addressed to “Customer List” or similar, be suspicious.

Email you asking for your mother’s maiden name

When banks get in touch – for instance in a case of suspected fraud – they may ask for a password, or a secret number. What they won’t do is ask for a whole lot more information “to be on the safe side”. If you see a form asking for a large amount of information, close the link and phone your bank.

Remember this, grasshopper: your bank already has your money so they aren’t that interested in spending any of theirs on unexpected communication with you – particularly something like courier services. The bad guys, on the other hand want your money and are willing to invest a little and try phishing thousands or millions of potential suckers hoping to find the One big payday. Your mission, should you decide to accept it, is to not be the One.

Note to self: Ease up on old TV and get out more.

Thanks for all the phishing in 2012
Thanks for the information
Oh never give a sucker an even break
When you’re on to something it’s a
Dime in a dozen people start
Coming out of the woodwork
Thanks for the invitation
I know I must be on to something big
From Thanks for the information by Van Morrison

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2012. The things I’m thankful for.

I am thankful for Someone associated with the Benin Republic who wants to give me $950K (I think) in $5K (or is it $4K) chunks and it will only cost me $50.



RECEIVER NAME:okoye Lawrence



I’m pretty sure I understand that…
OK seriously that pegs the old WTF meter, but hey it’s got to be legit since Mr. Pius is THE NEW MANAGER OF WESTERN UNION. And how can you possibly not trust that security question and answer. This is the hands down winner of the Most Egregious Misuse of Google Translate award in the Found Money category.

I am thankful for all of the US and international government organizations who are dedicated getting my money back from those nasty Nigerian Miscreants, Hoodlums and Touts.

Office Of The National Security Adviser
Federal Republic Of Nigeria
Aso Rock Villa, Asokoro District,

Based on our investigations,we wish to warn you against some Miscreants, Hoodlums and Touts who go about scamming innocent people by claiming to be who they are not and thereby tarnishing the image of this wonderful country. I am Lt General Peter Olu (Rtd),National Security Adviser to the new Nigerian President Dr Goodluck Ebele Jonathan,(GCON).

I am delighted to inform you that the contract panel which just concluded its seating in Abuja, just released your name among listed beneficiaries to benefit from the Diplomatic Immunity Payment. This Panel was primarily delegated to investigate manipulated inheritance claims, contracts and over-invoiced payment as the effect has eaten deep into the economy of our dear country.

However,we wish to bring to your notice that your contract profile is still reflecting in our central computer as unpaid beneficiary while auditing was going on. Your payment file was forwarded to my office by the auditors as unclaimed fund, we wish to use this medium to inform you that for the time being,the Federal Government of Nigeria have stopped further payment through bank to bank transfer due to beneficiaries numerous petitions to United Nations against Nigeria on wrong payment and diversion of contract/inheritance funds to different accounts.

In this regards, we are going to send your contract part payment of $4.1 Million USD to you via our accredited shipping company and I have secured every needed documents to cover the money while the diplomat will get it delivered to you right in your door step.

Note: The money is coming in 2 security proof boxes. The boxes are sealed with synthetic nylon seal and padded with machine. Please you don’t have to worry for anything as the transaction is 100% risk free.

Best Regards,

Lt General Peter Olu (Rtd).
National Security Adviser to the President
Federal Republic of Nigeria.

And this helpful organization as well.

Good day,
I am Dr. Sofia Hill, I am a US citizen, 48 years Old.  I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $20,000 while in the US, trying to get my payment all to no avail. So I decided to travel over to Nigeria with all my compensation documents, and I was directed to meet Mr. Michael Craig, who is a member of COMPENSATION AWARD COMMITTEE, and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake. He took me to the paying bank for the claim of my Compensation payment.

Right now  I have received my compensation funds of $1,500,000.00 Moreover, Mr. Michael Craig, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you.

I will advise you to contact Mr. Michael Craig directly through the below information.

Name: Mr. Michael Craig
E-mail: michaelcraig44@…

You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Mr. Michael Craig was just $420 for the paper works, take note of that.

Thank You and Be Blessed.

Dr. Sofia Hill, MD
Childrens Hospital Outpatnt Ctr

Wow! All of these folks falling all over themselves just to help me get satisfaction from those scammers. Although I can’t actually recall being scammed, it was hard to choose which of these individuals was the most trustworthy – Lt General Peter Olu (Rtd). he’s ex-military, and National Security Adviser to the President (of Nigeria) or Mr. Michael Craig who comes highly recommended by Dr. Sofia Hill, MD who was scammed out of $20,000. You can choose which should win in the Help from Nigeria category.

I am thankful for all of the wonderful folks who recognize what an honest, astute investment adviser I am and want to make me rich for assisting them in philanthropic endeavors.

Beloved, Please read this letter carefully.
Don’t be surprise to receive this message; I got your email address from a mail directory. I am Mrs. Joy Armstrong a National of Ivory Coast; I am married to Late Engr. Daniel Armstrong. We were married for 17 years without a child but still waiting upon the lord before my beloved husband`s death in the year 2006.

Since after the death of my late husband, I decided not to re-marry. When my lovely husband was alive, he deposited the sum of US$8 Million (Eight Million United States Dollars) in fixed /suspense account in one of the leading Bank here in Ivory Coast. Presently the bank management contacted me as the next beneficiary because, the initial agreement which my late husband reached with the bank for withdrawal of the fund has expired and due to my critical health am not opportune to apply for the release of the fund to me because, I have a deadly disease called CANCER OF THE LUNGS.

Recently my doctor said my conditions is really deteriorating and is quite obvious that my death is very close because, the CANCER stage is becoming worst. I have been hospitalized for the past 7 months. Base on doctor`s report, am scared because death can come at anytime I now decided to share my feelings and plans with you at this moment in good faith to donate this inherited funds through your great influence and assistant by utilize 70% of the total money to the following like Churches, Orphanages Home, Handicaps, Widows and Widowers, while you keep the remaining 30% for yourself for carrying out my last decision.

Kindly reply me if you can do my wish so I can give you more details on how best the fund will be transfer to you. and will also issue you a letter of authority declaring you as the next of kin or beneficiary to the fund. Please kindly assure me that you will act accordingly and keep all details confidential.

I expect your prompt reply. Thanks and God bless you.

Yours faithfully

Mrs. Joy Armstrong.

And this person who entices me with coy romantic innuendos.

My Dearest,

Good day to you, I know you will be surprise to receive this email, Before I proceed I must first apologize for this unsolicited mail to you, I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, my dear I will like you to understand that, I am writing this mail to you With due respect trust and humanity, I have decided to contact you after much thought considering the fact that we have not meet before, but because of the circumstance oblige me, I decided to contact you due to the urgency of my present situation here in the refugee camp, honestly i am writing this email to you with pains, tears and sorrow from my heart, I am Miss Alice Kipkalya Kones, 25yrs old female and I from Kenya here in Africa; my father was the former Kenyan road Minister. He and Assistant Minister of Home Affairs Lorna Laboso had been on board the Cessna 210, which was headed to Kericho and crashed in a remote area called Kajong’a, in western Kenya. The plane crashed on Tuesday 10th, June, 2008.

After the death of my beloved father my wicked step mother along with my uncles team together and sold everything that my late father had and share the money within themselves. Unfortunately to me I fined my father’s briefcase and when I opened it I found a document, which my late father use to deposit the sum of Nine Million Four Hundred Thousand United State Dollars ($9.400.000.00) in a Bank, here in Burkina Faso West Africa with my name as next of skin, right now I am in Ouagadougou Capital of Burkina Faso to withdraw the money so that i can start a better life and also further my education.

But on my arrival to the Bank, the Bank foreign Operation Department Director whom I meet in person told me that my father instruction to their bank is that the fund would only be release to me when I am married or present a trustee/partner who will help me and invest the fund overseas after the transfer, and the bank ask me to go and look for a foreign partner, that was why I decided to contact you, which I believe that you are going to be honest and reliable person that will help me and stand as my trustee/partner, so that I can present you to the Bank for the release and transfer of the inheritance fund into your bank account in your country, and It is my intention to compensate you with 40% of the total fund for your services and help and the balance shall be my capital in your establishment. As soon as I receive your positive response showing your interest i will put things into action, in the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction, awaiting your urgent and positive response, Please do keep this only to your self, i beg you not to disclose it to any body till i come over because am afraid of my wicked stepmother, i will send you my picture in my next email, with due respect, i am pleading that you help me, i am giving all this detailed information with every transparency believing that you will have a clear picture of the base of help i need from you.

I hope to hear from you soon, May truth and love be the guiding word in my refuge,

Best regard,

Yours Sincerely
Alice Kipkalya Kones.

Yet another hard choice to make – do I go for the widow who’s dying of a deadly disease called CANCER OF THE LUNGS but is only offering me 30% of $8 million or the damsel in distress (I’m a sucker for sob stories that involve wicked stepmothers) who implies that I could get not only romance but control of $9.4 million. Again you can choose which should win in the Help with Investments category.

I am thankful for long lost relatives who leave me obscene amounts of money.

Dear Friend,

I am Joseph Onalia, an Attorney by profession from Republic of Togo, Senior Advocate of Togo, (S.A.T).

It might interest you to know that I have a deceased client that bears the same surname with you.

Mr A I.(your last name) came to Togo in 1988 and was working with Shell Development company, Lome Togo.

In 1996 Before his death, I assisted him in making a 15years fixed deposit worth $9.5M which has now Matured to USD$21M payment by the financial institution.

The bank has notified me to provide the next of kin or have the account Confiscated within the next 60 official working days.

I am contacting you for two reasons. Firstly, you both have the same last name, which makes the claim most credible. Secondly, I strongly believe that the financial firm does not deserve to inherit the funds.With your permission, I wish to  proceed to establish you as the next of kin/Beneficiary to my late client.

Do not be afraid as I am his representative attorney and stand the capability to provide all the necessary paperwork to back up this claim until the funds are released to you, We will split.

As it is currently valued at US$21M USD. I intend to split the total US$21M USD with you equaly 50%/50%, after deducting any expenses that comes up during the process of this transaction and thereafter i shall invest my own share in real estate business in your country. Let’s work this out for I have all the documents to prove you as the heir to my deceased client.  If this is against your principles, I do humbly apologize and please do keep very secret.

Kindly get back to me with your;

Full name…………………
Telephone number……………….

I look forward to hearing from you if you are ready to proceed on this transaction.

Best regards,

Barrister  Joseph Onalia
Senior Advocate of Togo, (S.A.T).

Ah yes, good old uncle A I.(your last name), I remember him well before he left for Togo… But that lawyer Joseph Onalia seems a little sleazy – even if he is Senior Advocate of Togo, (S.A.T). I mean taking 50% of my $21 million – after deducting his expenses – seems harsh. I’m not really sure why he needs to know my profession but he’s definitely the winner in the Inheritance category.

I am thankful for uncouth oil companies who want me to assist with business investments.





Although I’m usually wary of crude organizations like Fox Media, this offer is so obtuse that how can it not be legit. This is the clear winner of the Most Egregious Misuse of Google Translate award in the Shady Deals category.

I am thankful for the outrageous prizes I’ve won in various contests I’ve never even entered including WRM Media, Asia Pacific Lottery, YAHOO & WINDOWS LIVE prize, BP Biannual Webmail Sweepstakes, UK National Online Lotto and Yahoo Awards promotion.

Hello Joseph Webster,


Your eMail address was exclusively selected as a possible winner.

Well done – you made it!

You have qualified for the free-choice sweepstake and are therefore amongst the chosen few in the final draw for 3 Apple products: iMac, iPhone, iPad.


Asia Pacific Lottery Organization
80b Phetchamnork Avenue,
Bangkok Thailand.


We write to Congratulate you as regards your Email Address success in our Online Computer Balloting Sweepstakes Program from the Asia Pacific Lottery Organization online draws of 5th Day of the Month held in Bangkok Thailand.

All participants were selected through the Registered Computer Internet Users ballot system drawn from 10,000, Personal Email Addresses & official Email Addresses, from Asia, Australia, New Zealand, Europe, North and South America, Middle East and Africa, as part of our International Promotions Program.

Your Email Address has subsequently won you one of the two Jackpot prizes in the 5th category? You have therefore been approved to claim a Total Sum of USD$368,000.00 (THREE HUNDRED AND SIXTY EIGHT THOUSAND UNITED STATES DOLLARS) Only.

Your Email Address attached to ticket number APLA286067-00-805 with Serial Number ANGR9-3088 that drew the Lucky Numbers of 8641146.

You have therefore been approved of a lump sum payment of USD$368,000.00 (THREE HUNDRED AND SIXTY EIGHT THOUSAND UNITED STATES DOLLARS) Only in cash credited REF NO: ASIAPLOTTOORG00-03803.


British Microsoft Award
Headquarters: Customer service

33 YatchBasinMarina Offices,
UponTyne Newcastle London.


Your email addresses have just won YAHOO & WINDOWS LIVE prize money of GBP£2,000,000.00 (TWO MILLION = GREAT BRITISH POUNDS STERLING) On Friday, 8/3/ 2012. Award winners emerge through random selection of all active email subscribers online. Six are selected monthly to benefit from this promotion.

Payment of Prize and Claim

Winners are to be paid in accordance with his/her SettlementCenter. This promotion was drawn based on email address as the key identification for setting up online accounts. All valid email addresses in the World Wide Web Draw used/participants for the online email promotion version were selected randomly via computer balloting from a global website collaboration with internet companies like eBay, pay pal, liberty reserve, and Google whom also built their systems and based their membership registration identity on email addresses supporting this computer draw system done by extracted email addresses from over 100,000 unions, associations, and corporate bodies  and  affiliated members to the National Lottery website and their advertisers listed online.

these are your identification numbers:
Batch Number: YPB/08/APA-43658
Reference Number:  ZA/YPN/270992008
Award File Security code:  UK/+QU03005

Please note that you’re lucky winning ticket file and number falls within our African booklet representative office in Johannesburg South Africa, as indicated in your ballot played coupon. In view of this, your (£2,000,000.00) would be released to you by our payment department in South Africa


Reference Number: BP12/0117/2012
Batch Number: PBSS102/1414
Dear Sir/Madam,

Winning Notification

The BP Promotions Office hereby notifies you that you are a winner of our Biannual Webmail Sweepstakes Program which took place on the 21st of March 2012 in our head office.

Participants were obtained from a database of one billion email user accounts and no tickets were sold because email addresses were assigned play coupons which were randomly generated using our Quick-Pick Automated E-ballot Software.

You have therefore been approved for the lump sum pay out of £750,000.00(Seven Hundred and Fifty Thousand Pounds Sterling) allocated to Ref No: BP12/0117/2012 because your play coupon bears one of the lucky winning number sequences [21-24-32-43-36-45] Bonus (16). This is from the total promotional budget of £16,000,000.00 (Sixteen Million Pounds Sterling) which is to be shared amongst the winners in this category



Are you the correct owner of this email address? If yes then be Glad this day as the result of the UK National Online Lotto and e-mail address free-ticket draws of The 2012Promotion Award has just been released and we are glad to announce to you that your email address came out in the first category and entitles you to claim the sum of ₤1,850,000.00 {One Million Eight Hundred and fifty Thousand British Pounds, From the UK National ONLINE Lottery Promotion

Your email address was entered for the online draw on this free ticket number: 9DHHDF09373 and won on this Lucky number: UKLO647UZGDJ2.

Please remember you did not enter or buy the ticket to earn you this Prize. It is a Promotional Program to encourage the use of Microsoft and Internet Programs.


Yahoo Awards Center
124 Stockport Road,
Longsight, Manchester M60 2DB – United Kingdom

Dear winner,

This is to inform you that you have won a prize money of Eight Hundred,Twenty Thousand Great Britain Pounds (£820,000,00.)for the month of May, 2012 Prize promotion which is organized by YAHOO AWARDS & WINDOWS LIVE.

YAHOO collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail and few from other e-mail providers. Six people are selected monthly to benefit from this promotion and you are one of the Selected Winners.

Yep – it’s been a great year for my lottery-winner-without-playing career. Aside from the millions of GREAT BRITISH POUNDS STERLING (apparently that’s the currency of choice for these lotteries – and whats up with all that collaboration between Microsoft and Yahoo?) I also won some swell Apple products and was even chosen to be on Deal or No Deal. Of course I’m still waiting for my money, iStuff and for Howie to call but in the meantime these all were winners in the Lottery Winnings category.

I am thankful for all of the offers of thinly veiled money laundering gigs.

Good day.

International Financial company working in the field of medical payments has available vacancy of Account Coordinator in USA.

The main responsibility of this position is to serve payments from our clients in United States.

Requirements :

- Location : USA

- Adult age

- Proven ability to work as part of a team


- Ability to work as home-based employee

- Flexible working schedule

No entrance fees are required.

If you are interested, please send back your resume (CV) with your contact details.

Have a good day.

Strictly speaking these aren’t really phishing attacks. They are real, if not legitimate, job offers. They are, however, related to these phishing scams in that this is how the money is laundered – through bogus financial, travel or shipping companies where all of the Account Coordinators work from home and basically run money through their checking accounts. These solicitations range in veracity from obvious nonsense like this one to really good fake CareerBuilder and Monster notifications. The Money Laundering category contains by far the most messages that I receive.

So there you have it – my list of stuff that I would be thankful for if they were even marginally real.

On a final, more sobering note I received one phishing email that has the dubious honor of being the most chilling and disgusting message I’ve ever received. The background for what makes this message so nasty is this, as described by The Denver Post:

The 10-year-old girl with the gap in her front teeth, who liked to play cheerleader and waitress, giggled a lot, loved the color purple and couldn’t wait to be a teenager, was on her way to school, alone.

She was supposed to meet a friend, a boy her age. The 1,000-foot walk down the street to his home should have taken four minutes, maybe five.

But Jessica Ridgeway, bundled against the cold in a black puffy jacket, never arrived.

The hours and days that followed brought confusion and false leads, moments of hope and dread, leading to the devastating announcement a week after her disappearance that human remains found in a desolate open-space park 9 miles from her home were Jessica’s.

On the afternoon of Oct. 10, maintenance workers were out picking up trash — a routine exercise in a park neighboring a landfill.

Earlier that day, police announced they had ruled out Jessica’s parents as suspects and believed an unknown person abducted her.

At about 2 p.m., workers came across a plastic garbage bag in plain view near a culvert on the side of the road, said Arvada police spokeswoman Jill McGranahan. The bag was heavy and “seemed kind of strange,” she said.

At that moment, animal-management officers who typically chase down stray dogs and escaped livestock drove by.

The maintenance workers flagged them down. An animal-control officer looked inside the bag and saw human remains, McGranahan said. Law enforcement officials have declined to be any more specific than to say they discovered a body that was “not intact.”

Within hours, hundreds of local police and FBI agents descended on the open space to walk the area and look for evidence.

It was 9 miles from Jessica Ridgeway’s house.

Two days later, grim-faced state and local law enforcement officials announced that DNA tests had confirmed that the remains were Jessica’s.

“The focus has changed from the search for Jessica to a mission of justice for Jessica,” said Westminster Police Chief Lee Birk.

“There is a predator at large in our community.”

So against that backdrop – I live about 2 miles from where Jessica was abducted – I receive this email purporting to be from “Neighborhood.Alert” with a subject of “Child Predator Warning”. The email contained only images that linked to some sites where you could “sign up for more information”. Yeah you bet – straight up phishing ploy. Let me close with this friendly warning to the person or group behind that little scam: I will hunt you down and you won’t like it when I find you.

Thanks for all the phishing in 2011

So thank you for showing me,
That best friends can not be trusted,
And thank you for lying to me,
Your friendship and good times we had you can have them back.
From Thank You by Simple Plan

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2011. The things I’m thankful for.

I am thankful that the Nigerian Government has finally recognized their negligence and are going to help me get my rightful inheritance at last.

—————————————-ICPC NIGERIA ( An Anti-Fraud Unit)
………………………………we fight against fraud, funds delay and impersonation.
—————————————–Head Office: Plot 802, Constitution Avenue


 This letter will definitely be amazing to you because of its realistic value.

Sorry for the inconveniences that was rendered to you in your line of Inheritance Payment transaction with some impersonators some while ago.
I know that this letter will hit you by surprise, but firstly I will like to introduce myself; I am (Mr Emmanuel Ayoola ) the Legal chairman of “ICPC”, (Nigeria’s Anti-Fraud Unit).

On the 1st of October  2000 the former President of The Federal Republic of Nigeria (Chief Olusegun Obasanjo) introduced a Commission named the “ICPC”, (Nigeria’s Anti-Fraud Unit) which is duly registered under the United Nations (U.N.O). Secondly, we are mandated by the United States Government to Settle foreign indebted beneficiaries to satisfactory in other to maintain peace in the world at large and also to create a good relationship with the international bodies.

You are being contacted by this office today because your Case data is the very first File on our Settlement Files Cabinet. From our Intelligent investigations and Probing processes we discovered that you are a victim of  delay.
The “ICPC”, is faithfully under my governance as the Legal Chairman of the great Commission and to this Authority I took an oath of allegiance to settle all victims peacefully.
This Memorandum is to notify you that you will be settled by the Nig Govt from our initial Deposit. Your settlement will be actualized within  three working days after your response to this Official Letter.

I was definitely amazed because of the realistic value. And any organization with the motto we fight against fraud, funds delay and impersonation just has to be legit, right? Although I am worried by the address of the Head Office, Plot 802, Constitution Avenue. Sounds like a cemetery.

I am thankful that the FBI is willing to assist me in transferring my funds from the Central Bank of Nigeria which they discovered through attempting to wiretap the internet.


The federal bureau of investigation (FBI).Through our intelligence-monitoring network has discovered that the transaction that the bank contacted you previously was legal. Recently the fund has been legally approved to be paid via Central Bank of Nigeria. We the federal bureau of investigation (FBI) Washington Dc, in conjunction with the United Nations (UN) financial department have investigated through our monitoring network noting that your transaction with the Central Bank of Nigeria legal. You have the legitimate right to complete your transaction to claim your fund US$15.5,000,000.00(Fifteen million five Hundred Thousand united states dollars).

First Mr Emmanuel Ayoola finds my missing megabucks and then ROBERT MUELLER III EXECUTIVE DIRECTOR FBI contacts me directly to let me know it’s all legal. How sweet is that!

I am thankful for 22-year-old princesses from Burkina Faso who want not only a relationship but desire my help in investing large sums of money.

Dear Sir / Madam,
How are you today,I hope fine? I am a female student from University of Burkina-Faso, Ouagadougou. I am 22 yrs old. I will love to have a long-term relationship with you and to know more about you. I would like to build up a solid foundation with you in time coming if you can be able to help me in this transaction. Well, my father died earlier 1 year ago and left I and my junior brother behind. He was a king, which our town citizens titled him over sixteen years before his death.I was a princess to him and I am the only person who can take care of his wealth now because my junior brother is still young and my late mother is also late two years ago before the death of my Late father. He left the sum of )Twelve Million Five Hundred Thousand united state dollars ($12.5mUSD) in a Bank. This money was annually paid into my late fathers account from Gold Exploring companies operating in our locality for the compensation of youth and community development in our jurisdiction. I don’t know how and what I will do to invest this money somewhere in abroad, so that my father’s kindred will not take over what belongs to my father and our family, which they were planning to do without my present because I am a female as stated by our culture in the town.Now, I urgently need your humble assistance to move this money from the Bank of Africa to your bank account after which i come over to meet with you. and I strongly believe that by the grace of God, you will help me invest this money wisely. I am ready to pay 40% of the total amount to you if you help us in this transaction and another 10% interest of Annual After Income to you, for handling this transaction for us, which you will strongly have absolute control over. Please if you are interested to help me, then get back to me urgent so that I will give you more details including my picturs.
Yours sincerely,
Princess Ruki Yaya.

As much as I’d like to help Princess Ruki Yaya I’m concerned about the statement I am a female as stated by our culture in the town. I’m only interested in women who are female in all cultures everywhere.

I am thankful for dying rich guys who recognize my humanitarian fervor and want to leave me lots of money.

Subject: Dearest One,
Dearest One, Assalam Allekum, My name is Abul Kalam Azad. I am a dying man who have decided to Donate the sum of $18million dollars. to you for the good work of the Humanity. Please contact me via. Email: for detailed information on this noble project of mine. Please note that I have WILLED $18m to you by quoting my personal reference number De/Jds/533/0068/HtrI/33ln/eg. So that i can confirm that you actually received my email notice to you. Wassalam and Regards, Abul Kalam Azad

While I appreciate the generous bequest, what’s up with that “Dearest One” stuff and the Yahoo! China email address?

I am thankful for dying rich women who recognize my humanitarian fervor and want to leave me lots of money.


My names are Mrs. Irene Cesarec. I was diagnosed of cancer about 2 years ago, and was receiving treatment for it, but now the doctors are saying I have a short time to live.   

When I was in better health, I never really cared for any body with no children of my own and a late husband I was a selfish and greedy person. I have decided to donate the sum of $10.8M to you, so you can disburse to charities, widows, orphans and less privileged. I was doing this myself but now my health has deteriorated, I wanted my relatives to do this for me but they only saw it as an opportunity to enrich themselves.

I will be going in for an operation soon, I want this last act of mine to be an offering unto God, perhaps he will have mercy on me. Please contact my lawyer with the below:

Quote my ref # : will/Wlaw/Pn/lr/93/ytx/ when responding.

I am sending him a copy of this message as well so he is aware of my intentions, Please use the funds well and always extend the good works to others.

Stay blessed,

Mrs. Irene Cesarec.

Whoa! It’s like deja vu. Sorry Abul but I’m going to have to go with Irene. Even though she’s only giving me $10.8M  she admits to being a selfish and greedy person. My kind of benefactor.

I am thankful for winning contests staged in places I’ve never been to promote products I don’t buy that I don’t recall entering.

We are pleased to inform you of the result of the just concluded annual final draws held on the 1ST OF January,2011 by Toyota Motor Company in conjunction with the Japan International Email Lottery Worldwide Promotion,your email address was among the 20 Lucky winners who won US$1,000,000.00 each on the Toyota Motors Company Email Promotion programme dated as stated above.This is from the total price of $20 million United State Dollars ($20,000,000.00usd)shared among the 20 lucky winners.

The online draws was conducted by a random selection of email addresses from an exclusive list of 35,031 E-mail addresses of individuals and corporate bodies picked by an advanced automated random computer search from the internet. However, no tickets were sold but all email addresses were assigned to different ticket numbers for representation and privacy to make sure the money reaches you.

Uh… Not sure I understand any of that or what it has to do with Toyota, but hey I’ll take the cool mil.

Since 2011 was a terrible year for employment I’m thankful that I’ve received so many guaranteed job offers like this one from a company that respects my awesome database management abilities.

Subject: Database Management Position

We have assessed your curriculum vitae and wish to introduce to you a job opportunity in clerical and administrative services at NHN Team. The ideal applicant must possess outstanding communication skills, be attentive to details, perfect reporting skills, responsible and able to work in a fast paced working environment.
The principal duties of the job include but are not limited to: recording orders for services and merchandise, compiling transaction records, compiling correspondence, performing basic bookkeeping and other clerical duties.
At NHN Group we provide an encouraging working environment. The position offers an attractive performance related commission. Flexible schedules, part time and full time available. If you are interested in entering an organization where contribution matters, please get back to and we will forward to you further information on this opportunity.
Best regards,
NHN Team

I’m not even sure what a curriculum vitae is but apparently mine indicates that I would be good at clerical and administrative services which is apparently database management.

On a more serious note there was a marked increase in the number of phony job offer phishing in 2011. I usually get several good ones per year, but in 2011 out of the 60 funny emails I saved, 37 of them – a whopping 62% – were phony job offers. Some were completely silly like the one above, but others were pretty decent CareerBuilder forgeries. So while I mock these ham-fisted attempts at fooling the naive, it’s sobering to recognize that there are a lot of really desperate unemployed folks out there who are willing to try almost anything to get a job. And the slimeballs who are exploiting that nauseate me.

Once again I’m thankful that Google Translate hasn’t improved significantly since 2010.  Otherwise this stuff wouldn’t be nearly as amusing. So Happy Thanksgiving 2011. So long and thanks for all the phish.

Thanks for all the phishing in 2010

I am thankful that I’m incapable
Of doing any good on my own
I’m so thankful that I’m incapable
Of doing any good on my own
From Thankful by Caedmon’s Call

Last year in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Given the response to the 2009 post, I decided to make it an annual event. So without further ado, here is a sampling of my favorites from 2010. The things I’m thankful for.

I am thankful that my brilliant achievements in medicine are at long last being recognized. At least in England.


Dear Sir/Madam


Congratulations! The entire management of The Royal Society of Medicine, United Kingdom write to inform you of  our RSM Awards 2010, which you have been selected through our electronic database for the best RSM Award for  the year 2010.

After several attempt to reach you on phone, I deemed it necessary and urgent to notify you finally about the outstanding settlement of your Award payment.

This was initiated by The Royal Society of Medicine, United Kingdom in collaboration with Her Majesty (The Queen of England), to compliment your laudable efforts on medical practices, your humanity contribution to life across the world and to also serve as motivation to improve your ability toward quality healthcare service delivery. We hereby inform you of your reward sum of nine Hundred Thousand British Pounds Sterling, (900,000.00) as one of the winners of (The Royal Society of Medicine Awards 2010).

Based on our arrangement, the Award Dinner Night comes up on Monday the 27th December, 2010 therefore, you are advice to indicate your interest of receiving the award by reconfirming the below stated information:

I am thankful for online tech support that is so proactive they send me Skype messages about vulnerabilities on my Windows PC. To my Mac.

[11/20/10 3:04:31 PM] Online Support: WINDOWS REQUIRES IMMEDIATE ATTENTION
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

I am thankful for the thoughtfulness of Western Union, even if they get a bit testy because I’ve yet to claim my windfall. Although I am a bit confused by that partly payment under a loop of batches of payments deal. Probably just a Western Union thing.


Your fund lodged with Western Union® INTERNATIONAL MONEY TRANSFER for your collection. Your fund has been sent to you by Western Union®/ Act on this email ASAP

This is to notify you once more that your fund portfolio/file is in the list of those that will receive their fund payment of $1,240.000.00 (One Million Two Hundred And Fourty Thousand Dollars) this week. You are to receive a total of $5,000.00 (Five Thousand Dollars) everyday and a maximum of $30,000.00 per week until the full approved sum are exhausted.

Since last 2 weeks, Western Union section in Bank Of Africa, Carre N°912, Cotonou 05BP1972, has made first sending to you of a partly payment under a loop of batches of payments of $5,000 each as the Western Union Rules insists that each transaction cannot be above $5,000. BUT YOU HAVE NOT RESPONDED TO US NOR ACTED ON OUR DIRECTIVES.

I am thankful for famous dead people who are concerned about violating my high ethical standards prior to proposing a shady deal. I guess that since the advent of telephones, that telegraph thing hasn’t panned out too well for Sam.

Dear Partner,

Do accept my sincere apologies if my mail does not meet your personal ethics.I knew that this mail will come to you as a surprise, but please do not be discouraged with my proposal; it was due to how things are moving with me. However, this correspondence is unofficial and private, and it should be treated as such. At first I will like to assure you that this transaction is 100% risk and trouble free to both parties.

My name is Mr. Samuel Morse, a Fund Manager with Fidelity Investment, UK. I handle all our Investors Capital Project Funds which enabled me to divert 1.2% of Investors Excess Return Capital Funds to our Magellan Trust Funds Account where anyone can be presented to claim the funds. Total sum of Fifteen Million, Seven Hundred and Forty Five Thousand British Pounds (15,745,000.00)BP has been diverted, representing 1.2% of Excess Return Capital Funds from the Investor Capital Project Funds for 2006/2007 fiscal year.

I need a reliable and trustworthy person with whom I can work this deal out so that we can claim the funds as mentioned above. There is no risk attached and the funds in question can never be dictated or traced.


Mr. Samuel Morse

I am thankful for Western Union MoneyGram office that wants to help me get some of my money back from Nigerian 419 scams that I was apparently a victim of. This guy also has a strangely familiar, albeit misspelled, name. I’m just wondering why a nice American investigating officer has an email address for an outgoing mail server in China. Must be another Western Union thing.

After proper and several investigations and research at Western Union and MoneyGram Office, we found your name in Western Union database amongst those that have sent money through Western Union to Nigeria and this proves that you have truly been swindled by those unscrupulous persons by sending money to them through Western Union/MoneyGram in the course of getting one fund or the other that is not real, right now we are working hand in hand with Western Union to track every fraudsters down, do not respond to their e-mails, letters and phone calls any longer as they are scammers and you should be very careful to avoid being a victim to fraudsters any longer because they have nothing to offer you but to rip-off what you have worked earnestly hard to earn.

In this regard a meeting was held between the Board of Directors of The Economic and Financial Crimes Commission (EFCC) and as a consequence of our investigations it was agreed that the sum of sixty thousand US Dollars (US$60,000.00) should be transferred to you out of the funds that Federal Government of Nigeria has set aside as a compensation to everyone who have by one way or the other sent money to fraudsters in Nigeria.

Contact the Western Union agent office through any of the email addresses stated below;

Yours sincerely,

Adams Smith,
Investigation Officer.
Please note that e-mails, letters and phone calls are currently been made to unsuspecting persons by fraudsters claiming to have access to their funds. Everyday, people throughout the world are falling victim to scams of one way or the other. It could be an unexpected prize draw or lottery win, or a chance to invest in an exciting new money-making or investment programme . In the circumstance, we unreservedly advice you to dissociate yourself from all correspondence and transactions entered into based on evidently fraudulent and fictitious claims.

I am thankful that restoring my lost funds is of such high national priority the the director of the FBI sends me status updates personally. I must admit that I expected Director Mueller to have a better grasp of American English, but he probably has his minions respond to the trivial stuff. But I am concerned that my fund is laying down with DAVIS MARK – that sounds kinky.



After through investigation and many series of complain we found that your fund is laying down with DAVIS MARK which you have to contact him now so that you will have your fund without any delay and stop any further communication with anybody or whosoever we will get them arrested get back to us whatever your communication with him so that it will be brought to notice if anything araises. So contact him now which you have 4working days to recived it.also stop any further communication to whom ever your are dealing with because we are watching you if you like to received your fund conact the said person now.

Mr Davies Mark <>

contact him and call him as well that we sent you to release your fund whatever he said do get back to us and stop any futher communication to whosoever or offices,bank,minstry i hope i have made myself clear.


Robert S. Mueller III
Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue,
NW Washington, D.C.
20535-0001, USA

I am thankful for the broad International human rights effort being made to get me money I didn’t even know I had coming. Again I would have expected that Mr.Kenneth Thomas, being not only national security adviser to the United Nation Owed Debts Payment Recovery Commission Representative but (UN) Human Right Activist In-charge Of All Pending Consignment/Fund Release would have a better grasp of British English and could afford something better than a free Yahoo Japan email account. Must be a UN thing.

(United Nation) Human Right Activist Dept
On Debts Reconcilation On Foreign Payment Matters,
Unit B1, 50 Bank Street London E14 5NS,
London,United Kingdom.


Attention: Beneficiary,

I am Mr.Kenneth Thomas,the newly appointed national security adviser to the United Nation  Owed Debts Payment Recovery Commission Representative,here in London United Kingdom.

I am delighted whole heartedly to inform you that the contract/Inheritance panel and unclaimed  fund which is seating in London,United Kingdom territory just released your name among the presently  approved beneficiaries to benefit from the diplomatic immunity payment. This panel was primarily delegated  to investigate and to genuinely manipulated all debts and claims as it has eaten deep into the economy of  the Great Britain-London.

However, we wish to bring to your urgent notice that your payment profile is still reflecting in our central  computer as unclaimed fund Emanated from Bank In Africa in my department where i work to the (UN) office  while auditing was going on today. Your file was forwarded to my office by the chief auditors as unclaimed  fund. At this moment, I wish to use this medium to inform you that for the time being the Geat Britain -London has stopped further payment through bank to bank transfer which you were previously having with  the Authority from the Originated country where your fund was sent from that country in Africa over a period  of time now due to numerous petitions received from the FBI,IMF and other financial and security agenices to monitoring the UK Government against their banks on wrong payment and diversion of funds to different account in many dimension.

In this regards, I am going to use my good office to send you your part payment in the tune of $6,000,000.00 (Six Million United States Dollars) only by cash to you via a universal immunity diplomatic means. In process  of doing that, i will personally secure every needed documents as a representative of the (UN) office now to cover the money been your still yet unclaimed payment which is now in London United-KIngdom including  the legit affidavit to claim this very particular payment from the British high court here in London UK and also  with a clearance which will bestow the right and legit privilege to you as the rightful beneficiary who is to  recieve this payment after meeting up with the delivery requirement as the law stipulate which are the  documents i’m securing for you right now once you accept to finalise this transaction with me only.

All these will be only on the condition that you will give me only %10 out of the funds which is just ($600,000.00) Out of $6,000,000.00 you are to receive as soon as you receive the money on your door step which will come to you in the form of a consignment method.

Note: The money will be coming on 2 security proof boxes The boxes are already sealed with synthetic nylon  seal and padded with machine by the management of this organiziation and i also want you to know that the  management are not aware of my personal plans or arrangement with you in this transaction, so you have to  keep this as a very top secrect between the both of us till me and you are able to conclude this very  transaction completely.

MOST IMPORTANTLY: for security reasons and to also enable the both of us to conclude this very  transaction successfully, note that the diplomat coming with the consignment boxes will not know the original contents inside the boxes that he will be delivering to you. So what l and our accredited  management here will declare to him that is inside the consignment boxes is a sensitive photographic film material and some classified volume confidential company’s contract documents.

Please note categorically that, before i proceed with the next arrangement, You are adviced to call me  immediately on my direct telephone number +44-792-457-3520, so we can talk and  agree properly before i seal this transaction with you and if you need further clarification I’m pleased to hear that and remember to send the required informations directly to my Email address:  and I will let you know how far I have gone with the arrangement. I will secure the diplomatic immunity clearance certificate that will be tagged on the box to make it stand as a diplomatic consignment.

This clearance will make it pass every custom checking point all over the world without any hitch. All this I  will do with my own money as your partner.

Please, I need urgent reply on phone because the box are schedule already to live as soon as I hear from you. You should call me immediately you receive this message through my confidential number +44-792-457-3520 at once. I am highly submitted in service and willing to serve you better whole-heartedly once you are pleased with my terms & condition.


Highly Submitted.

Respectfully Yours in-service,

Mr.Kenneth Thomas.

(UN) Human Right Activist
In-charge Of All Pending Consignment/Fund Release.
Unit B1, 50 Bank Street London E14 5NS
London,United Kingdom,
Direct Tel: +44-792-457-3520

I am thankful for damsels in distress who thoughtfully provide links to sports stories at the end of their pleas for help and vague promise of riches. What guy could resist that? I wonder what’s up with all the Yahoo Japan email accounts. Think maybe their Captchas aren’t working too well?

Hello,Dearest One,

Good a thing to write you. I have a proposal for you-this however is not mandatory nor will I in any manner compel you to honour against your will. I am Miss Sarah Traore,21years old and the only daughter of my late parents Mr.and Mrs Nathaza Traore .My father was a highly reputable busnness magnet-(a cocoa merchant)who operated in the capital of Ivory coast during his days. It is sad to say that he passed away mysteriously in France during one of his business trips abroad on 12th.Febuary 2007.Though his sudden death was linked or rather suspected to have been masterminded by an uncle of his who travelled with him at that time.But God knows the truth! My mother died when I was just 4 years old,and since then my father took me so special. Before his death on Febuary 12 2007 on our to the hospital and he disclosed to me secretly that he has the sum of Sixteen million,seven hundred thousand United State Dollars.(USD$16.700,000) left in fixed deposit account in one of the leading banks in Abidjan Cote d ivoire Africa.

I am just 21 years old and really don’t know what to do.Now I want an account overseas where I can transfer this funds. This is because I have suffered a lot of set backs as a result of incessant political crisis here in Ivory coast.The death of my father actually has brought sorrow to my life.I am in a sincere desire of your humble assistance in this regards.Your suggestions and ideas will be highly regarded. Now permit me to ask these few questions?

1. Can you honestly help me as your daughter?
2. Can I completely trust you?
3. What percentage of the total amount in question will be good for you after the money is in your account?

Please,Consider this and get back to me as soon as possible.

Thank you so much.

My sincere regards,

Miss Sarah Traore.

I thought you might enjoy this story from
AZ does it

Once again I’m thankful that Google Translate hasn’t improved significantly since 2009. At least the Hausa, Igbo and Yoruba to English translators. Otherwise this stuff wouldn’t be nearly as amusing. So Happy Thanksgiving 2010. So long and thanks for all the phish.

Email advice for the rest of us

Coming up on the second anniversary of Security For All (no, this is not THAT entry – it’s coming) I realize that I’ve been remiss about the “For All” part of Security For All. Lately it’s been all about copyright enforcement shenanigans, e-discovery technicalities, Fourth Amendment, privacy issues and Captain X-Ploit parables and nary a peep about how a real person (read non-ultra-geek) can save what’s left of their privacy and avoid being abused on the Internet. I was particularly struck while reading this article entitled 10 things non-technical users don’t understand about your software (no, this isn’t about THAT article either – although it is quite good in a software engineering kind of way) wherein the author, Andy Brice, makes these points.

Techies are happy to play with software to see what it does. They aren’t usually too worried about trying things because they can rely on some combination to undo, version control and backups to reverse most changes and they can usually judge when a change won’t be reversible. Non-technical users aren’t so confident and won’t try things in the same way. In fact some of them seem to think that a wrong move could cause the computer to burst into flames.

Unskilled users often don’t realize how unskilled they are.

That is a nasty but common combination. The implications include users who are afraid of trying things out, because they might “break something” and when they need help don’t have the skill or experience to ask or even know what to ask. Recently I installed a new iMac for my mom. I made sure that she had all of the necessary security software installed and configured including a password safe, made sure that her iSight camera was working so that she could video chat and even transferred all of her photos, addresses and music. In other words she was ready to roll. Or so I assumed. The next day she called me in a panic because her “screen went blank” and the iMac appeared to be dead. After a great deal of troubleshooting over the phone I determined the root of the problem: the iMac was powered off and she didn’t know where to find the power button. So that great work configuring and securing her new computer was useless when she doesn’t know how to turn it on. All of the preceding is an epiphany and mea culpa. I’m returning to the roots of this blog (for this entry at least) with some email advice for everybody.

I’ve written about sending safe email before, but I recently came across this pair of articles by Chad Perrin in TechRepublic. This first, entitled Basic e-mail security tips and the follow-on Five tips for avoiding self-inflicted email security breaches. I’ve condensed these into a single list with my commentary, but you should definitely check out Chad’s full articles.

1. Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML — or “Original HTML” as some clients label the option.

Chad goes so far as to suggest that you use an email client that doesn’t render HTML at all. I wouldn’t go that far but I would agree that you shouldn’t automatically allow HTML. This is the default setting for most email clients. So let’s step back a second and explain some things. First off “HTML and XHTML” are computer “languages” that allow you to see nice page layouts, pictures, sounds and movies in your email. It’s the same stuff you see when you surf the web. A web page is usually HTML that is rendered (“translated”) by your web browser into all of those previously mentioned cool things. So since HTML can automatically download and display stuff like pictures, movies and music from the web, it can also download bad stuff like links to phishing sites or malware that looks like a picture or movie but is really something bad. So if this is the same thing that your web browser displays all the time, then why is it a problem with email? Unlike your web browser which doesn’t copy anything to your computer unless you allow it to, your email program makes a copy on your computer before it even tries to display it. So the bad stuff is already there just waiting to be activated. So be very careful before you “download pictures” in an email (your email program should ask first) and don’t select “always download pictures”. Even when they’re from Dear Old Aunt Alice. Especially if they’re from Dear Old Aunt Alice.

2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail. This means avoiding the use of Web-based e-mail services such as Gmail, Hotmail, and Yahoo! Mail for e-mail you wish to keep private for any reason.

What he’s getting at here is that you should not use the “webmail” application with these services. That is don’t check your email from a web browser. All of the services mentioned are also POP3 or IMAP servers that your email program can get email from. Unfortunately this can be pretty tricky to set up and you will probably need to get some help to do it right. The main thing to realize is this: those “free” web-based email services aren’t free (sorry but Grandma was right – there is no free lunch). They make money from their advertisers and YOU are the product they offer to those advertisers. So all of those companies would prefer that you leak as much private information to them as possible. It makes you a more valuable product.

3. It’s always a good idea to ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not. The reason for this is simple: You do not want some malicious security cracker “listening in” on your authentication session with the mail server. If someone does this, that person can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers).

This is very important. It sounds technical – and it is  – but it’s not that hard to find out if your email program is set up right to do this. Just go to the “accounts” set up screen and make sure that the settings include something called “SSL” or “TLS”. If instead it says “cleartext authentication” or “password sent clear” that is bad. Most Internet Service Providers (ISPs)  have been doing “secure authentication” by default for years. They only support the older (bad) stuff for really old computers, but if you have been with your ISP for a long time then you might never have changed your original settings. Definitely check this out. Also be aware that the web-based email services mentioned earlier all have this feature as well, but it is not on by default. They would like everyone to be able to access their service even from broken old web browsers or old smart phones that don’t communicate the right way. That’s not for you. In Gmail (the one I use and know the most about) under the general settings there is a choice to “always use https” which is a fancy way of saying “use a secure connection”.

4. If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

This is spot on. It may be convenient to check your email using a web browser on your laptop, iPad or Droid from Starbucks, but be aware that it’s also very convenient for the bad guys to see everything you do – from afar. I’ve written before about using public WiFi safely. The main point being – don’t be an idiot. There’s a reason public WiFi is called that.

5. Turn off automated addressing features: As communication software accumulates more and more automated convenience features, we’ll see more and more cases of accidentally selecting the wrong recipients. A prime example is Microsoft Outlook’s “dreaded auto-fill feature,” where it is all too easy to accidentally select a recipient adjacent to your intended recipient in the drop-down list.

Yes indeed. Your email software contains all sorts of convenient features with which you can easily shoot your foot off. Or at least seriously embarrass yourself. Just make sure that your outgoing message is really going to it’s intended recipients – and ONLY the intended recipients – before you hit SEND.

6. Use BCC when sending to multiple recipients: It’s a bad idea, from a security perspective, to share email addresses with people who have no need for them. It is also rude to share someone’s email address with strangers without permission. Every time you send out an email to multiple recipients with all the recipients’ names in the To: or CC: fields, you’re sharing all those email addresses with all the recipients.

I can’t count the number of times I have gotten email from a well-meaning friend or acquaintance that has added me to a mailing list where every email address on the list is visible to every recipient. In some cases I might even know many of the people on the list, but that doesn’t mean that they want an unsavory character like myself knowing their email address. In case you are interested – or are one of the egregious offenders I mentioned – I use special email rules for all emails I receive where I’m part of a mailing list. Special in the sense that the message goes straight to the trash and black-lists the sender’s address if there are multiple visible recipients. So long and don’t bother to keep in touch.

7. Save emails only in a safe place: No amount of encryption for sent emails will protect your privacy effectively if, after receiving and decrypting an email, you then store it in plain text on a machine to which other people have access. Sarah Palin found out the hard way that Webmail providers don’t do as good a job of ensuring stored email privacy as we might like.

Boy Howdy! I’ve also written about that very incident, in this entry about Sarah Palin and the great Yahoo! angst.The point here is one of the fundamental principles of security – be it information security or physical security - If you don’t control the location of the thing you want to protect, you can’t protect the thing. Whether it’s a classic car, the formula for Coca Cola or a email message. Last time I checked, you don’t have any control over Gmail, Yahoo! or Microsoft mail servers. You do, on the other hand, control your own computer. Learn from Sarah’s email mistakes.

8. Use private accounts for private emails: Any email you share with the world is likely to get targeted by spammers — both for purposes of sending mail to it and spoofing that email address in the From: field of the email headers. The more spammers and phishers spoof your email address that way, the more likely your email address is to end up on spam blocker blacklists.

If you are someone who insists on sending to mailing lists (we call that spam in the infosec biz) at least do it from some throwaway public email address you don’t care about – just like the real spammers. Because I guarantee that it won’t be long before real spammers are using that address anyway and then you won’t be able to send an email to anyone from that address. And for you Canadian readers, it’s probably best to avoid this behavior entirely as the Canadian government takes a rather dim view of spammers – intentional or otherwise.

9. Double-check the recipient, every time — especially on mailing lists: Accidentally replying directly to someone who sent an email to a mailing list, when you meant to reply to the list, isn’t a huge security issue. It can be kind of inconvenient, though, especially when you might never notice your email didn’t actually get to the mailing list.

This is a corollary to #5. So let’s just keep this real simple – avoid mailing lists. Sure they are convenient for sending out invitations to your soirée but seriously, how many times do you invite the exact same group of people to your soirées? And by the way, that mailing list you keep for sending out those funny jokes and videos – you know the one – where do you think those all end up? See #6 if you are really interested. Otherwise ignorance is bliss. And a complete waste of bandwidth.

Why does Johnny get phished?

I was taught a month ago
To bide my time and take it slow
But then I learned just yesterday
To rush and never waste the day
Well I’m convinced the whole day long
That all I learn is always wrong
From Character Zero by Phish

Pretty much everybody realizes that phishing is not only a growing and painfully expensive problem - in 2006 phishing enjoyed a whopping 70% success rate on social networks – it’s also a demonically difficult attack to prevent and mitigate. We’ve tried detecting and preventing phishing scams by using filters to detect and delete suspicious emails at the server. We’ve tried finding and shutting down suspicious sites that have domain names similar to trusted sites. We’ve even tried using domain keys and Sender Policy Framework (SPF) to verify the DNS domain of the email server and to reject forged addresses in the SMTP mail from address. We’ve built tons of tools to provide visual indicators that help users identify potential phishing scams such as anti-phishing toolbars that display colored icons to indicate the degree of danger of a website, and others that provide risk ratings, information about the age and physical location of a web site. All designed to inform users about potentially fraudulent sites. We’ve even tried legislative remedies such as the CAN-SPAM Act of 2003 in the US and the Fraud Act 2006 in the UK. But after all that, the only really effective weapon we have is user training.

But here’s the rub – users are just not motivated to learn about security. They just want to get their jobs done and socialize with their friends on FaceBook. Until they get pwned. Then it’s our problem. Yep that user education stuff is not easy. In fact it’s so difficult that it prompted Martin Overton, a U.K.-based security specialist at IBM to say “User education is a complete waste of time. It is about as much use as nailing jelly to a wall.” In public and on the record. Recently I came across a presentation by Ponnurangam Kumaraguru (PK) from the School of Computer Science at Carnegie Mellon University where he and his colleagues seriously studied this problem of user education about phishing. Sort of like a Defence Against the Dark Arts class for web users. The fruit of their labors, PhishGuru, which turns out to be more like Finding Nemo than Harry Potter, is a surprisingly effective effort. PhishGuru which has been monetized through Wombat Security Technologies offers cute comic strips and games that, while admittedly silly and derivative (“Phil” is totally like Nemo), are also quite effective.

PhishGuru™ comic strips can help you learn to protect yourself, your employees and your friends from phishing attacks.

Anti-phishing education can be as easy and fun as playing a game! In about 10 minutes you can learn the basics of how to spot phishing attacks. Try out our game, Anti-Phishing Phil™, the first two rounds are free online for anyone to play.

I tried Anti-Phishing Phil myself, thinking “I know this stuff cold (I’m a pro after all)” and was chastened to find that I didn’t get a perfect score. PhishGuru was nice about it though. The point is that the information was great, and presented in a fashion that my mom can understand and identify with. And be able to put into action. Stuff like how to really understand the parts of a URL. I was impressed. So I read the paper on which this is all based: Teaching Johnny Not to Fall for Phish which concludes thusly:

In this paper we have presented the results of a user study that evaluated the effectiveness of existing online anti-phishing training materials. We demonstrated that – contrary to popular wisdom – anti-phishing user education can be effective: users get significantly better at identifying phishing websites when they actually read training materials. We also showed the different strategies that users adopt to recognize phishing sites, and how those strategies evolve due to the training. We also presented an analysis of existing training materials using learning science principles, and derived recommendations to develop further training materials in the context of phishing.

We have not tested the relative importance of the learning science principles in the context of phishing education; we plan to do this as a future work. We also plan to test whether these principles can be generalized to educate users about other online security issues.

So if you’ve ever tried nailing jelly to a wall you’ll be interested in the study. If you just want some help trying to understand and avoid phishing scams check out PhishGuru. And tell your mom about it.