Phishing and 419 scams have been around for a while now. However, sometimes they never cease to amaze when it comes to their tactics. We caught this most recent one in one of our Honeypots and thought we would share due to the “over-the-top” images sent.
Also note the horrific markup of the passport.
—————————————————————————–
Email sent from: usermail.uni-ak.ac.at ([193.170.136.34]
Email Subject: urgent response
Email body:
Apologies for having to reach out to you like this, my name is Gideon Kerkula am from Liberia, I and my mother just arrived with 2 inherited trunk boxes which our late father kept in our under ground flat which we discover and we collected money from it and I took picture with the two trunk boxes, we need your help to clear the money from the custom and help us invest it in any profitable investment that will last for a life time, the US$35,000 we collected from the boxes we use it for clearance on Ivory Coast- Abidjan border and the settlement of the military and police force on the highway. Please I want you to keep it confidential between us.
I have also attached my passport and the picture I took with the 2 trunks boxes, please if there’s anything you don’t understand or you want to know, ask and we will enlighten you.
I appreciate and wait your response.Please reply to this email;GideonKerkula@removed.cn
Thanks,
Gideon kerkula
—————————————————————————–
Images that were attached:
You would have thought Gideon would have given up at this point – however, there is a follow-up. Brace yourself for the sequel:
————————————————————————-
From: Kelvin Kerkular [mailto:kkelvin1979@removed.cz]
Sent: 07 April 2011 06:44
Subject: PRIVATE AND CONFIDENTIAL
From:
Kelvin and Vivian
Tel:233 26 750 6123
Dear Beloved,
My name is Kelvin Kerkular I am 32 years old, and my junior sister name is Vivian Kerkular, 29 years old, we are Citizens of Liberia, currently residing in the refugee camp in Ghana. I am contacting you solely on a business related issues.
I became an orphan some couple of years ago. I am contacting you about a need I have and I believe you are well able to help me after my severe and fervent prayer for God to link me up with some one who will be capable of helping me out from Ghana as my foreign beneficiary. It all depends on our trusting each other but I’ve chosen to contact you prayerfully and believing that you are the person that can help me.
The source of my parent’s death was believed to be from our detractors who are never happy that he was making so much progress. The issue is that my parents are diamond merchants in my country Liberia and they made too much money from the business, that prompted the government of Liberia to probe them.
For this reasons, during the crisis in Liberia, our home was among the first target by the Liberian rebels. They allegedly said that, my late parents have a close relationship with former president of Liberia President Charles Taylor) that was their reason of storming our home. My mother died immediately they storm our resident and my father sustained serious bruises that he could not survive while in the hospital. I and my younger sister Vivian managed to escape during the incident. As i am talking to you now, i and my younger sister are staying in Ghana for some obvious reasons that i will like to relay to you on your response to this message.
This is a confidential matter i will like to discuss with someone whom my spirits accepted to deal with. Because after my parents exit, the government of Liberia have taken over all of our belongings. They have also emptied my parents bank accounts left alone with a deposit which my late father made in a nearby country called Ghana during his trade to Ghana. No one knows of this deposit, it is only me as the next of kin. And my father had earlier warned me not to disclose this issue to anyone before he died in the hospital after the incident that cause his death. Today I and my younger sister fend for ourselves here in Ghana.
And life has been very difficult since the government of Ghana started their deportation exercise which says that we refugees should evacuate their Bujumbura refugee camp to our various countries. Please my dear beloved, our plans now are to relocate from Ghana since we can not afford to go back to Liberia following our past experience as they killed our parents, but we will need to move out the fund left by my late father here in Ghana.
please according to my late father’s lawyer all we need now before these boxes can leave Ghana to is your full contact information so as to enable the lawyer work out the papers that will back up the shipment to your location. Please i believe my lawyer will explain more better to you as soon as you come in contact with him.
Once you agree to help us move this fund, we will link you up with our late father’s lawyer who will help us in securing all the necessary documents for the shipment. As soon as we agree, we will come to your country where I and my sister will invest the money under your guide. So please let us know what will be your compensation or percentage for helping me and my sister out.
In the attached files, you will see a photograph picture which my late father took me before he made the deposit as a proof, and a picture of my sister, Vivian. Please the lawyer have not seen this picture as my father warned me not to disclose the content of the boxes to anyone except to some one whom i have chosen to be my foreign beneficiary, and also attached are the copies of the documents that is covering the fund in the keeping company, so i want you to go through them carefully. sometime ago there was a problem in the camp and my sister lost her Liberia passport but the lawyer agreed to get her a Ghana passport if we are ready to travel out of Ghana to meet with our foreign beneficiary.
Please NOTE that the earlier you help us the better as you will be doing Almighty God a great favor because our lives are no more safe with these people over here. I will need your reply stating your readiness to help in seeing this through.
We will be needing your details as follows:
(1) Your Full Names.
(2) Your Home or Office Address.
(3) Your cell phone Number.
(4) Occupation.
(5) Age.
Please feel free if you have any question to ask.
Thanks and be bless
Kelvin and sister.
————————————————————————-
And yup, you guessed it: more convincing attachments:
And finally, the cream of the crop: a convincing photo of Vivian, Gideon’s or (as he prefers in the second email message) Kelvin’s sister.
Well, Kelvin Gideon Kerkula if that is your real name… consider this. You have been named and shamed. Unfortunately your overzealous tactics in an attempt to ‘social engineer’ or to convince me and everyone else do not work.
I wonder what the next in the trilogy will be…
Of course Websense customers are being continually protected against phishing emails such as these with our Advanced Classification Engine, ACE.
