| | | Effective PR

Monday spam: United Nations and World Bank aid scheme.

Nigel Morris-Cotterill

It is often said (by our boss, Nigel Morris-Cotterill) that those who succumb to Nigerian (419) frauds are either greedy or stupid. And that old scams never die, they just hibernate for a while and that spam-scammers often time their contact to hit while people are in a sanguine or relaxed state of mind. This spam-scam, he says, proves all of that.

It was 9 pm on Sunday evening in the UK, which is where the fraudster sent his mail. People would be mellow. I would have been mellow. Except that I'm in Kuala Lumpur and so the mail was awaiting my arrival at my desk on Monday morning, when I'm marginally more alert than at 9pm on a Sunday evening

Just moments earlier, an e-mail arrived headed "Your funds Valued @ ₤1,850,000.00" True, the grammar and punctuation mistakes warned me that this did not come from my bank, even before I read the sender's name and e-mail address ("Ndjengua, Katjiukua (kndjengua@unam.na)") and before I looked at the "reply to address ("johnmolny45@gmail.com").

I read the mail because they amuse me. Then I delete them from the server before even downloading them to my PC. This one demonstrates my long-expressed view that those who fall for the Nigerian Scam, as it used to be called in the 1970s when fraudsters used to send actual letters, on paper, from Nigeria with stamps that were, usually, not enough to cover the postage and a return address at a, usually, Lagos post box address, are greedy or stupid. The e-mail that arrived targets both. This mail has a return address of a domain in Namibia.

Namibia's internet domain registry is interesting: apparently owned by SPF Lisse Family Private Foundation, it says that it is "implementing Google Authenticator" which, Google says, is a two-factor authentication process for users on mobile devices although there are, Google says, ways of using it without a mobile phone or, even, internet connection. Any attempt to access the registrar's website sends the visitor to the login page with no indication as to how to set up an account and no contact information. That suggests (and I put it no higher than that) that the registrar deals only through third parties, known as resellers. That is very common but sadly it also means that I could not check the whois for the offending domain and nor could the information service within our anti-spam systems. This, also, is becoming more common as the effects of GDPR ripple across the world, even though it can be argued that, in the case of domain ownership, there is an exemption.

I digress. The email attacks the greedy and the stupid because it claims to be offering me a substantial sum of money (almost GBP2 million) won in a prize "organized by the United Kingdom in conjunction with the United Nations and the World Bank for the Reduction of Global Poverty so that through you, many people and Charity Organization will be assisted."

So, let's look at that: I've won something that they imply I'm supposed to give away to aid in poverty reduction. Well, that's not going to happen, is it? How many people would take the money and give it away. And the fraudster doesn't expect it to happen: he talks of "your funds." Then again, every aspect of the e-mail screams fraud: it's cobbled together from techniques honed over almost half-a-century of such scams.

"Attn: Beneficiary," it starts. In the UK, that usually means someone has left someone else something in a will.

And then the Blighton-isation of words begins with capital letters all over the place. And the misspelling of "programme" by truncating it in the American style, establishing that this was not penned by someone who has been educated with English as a first language (or who thinks that misspelling is a sign of modernity or, even, officialdom).

" We are Happy to announce the annual Email Award Promotion; your email address came out in the first category and entitles you to claim the sum of ₤1,850,000.00 {One Million Eight Hundred and Fifty Thousand British Pounds Only, from the 2018 UK National ONLINE Lottery Promotion."

The putting of a number and then spelling it out is a long-established tactic of such fraudsters. They think it makes their spam sound in some way "official" but this idiot seems to have suffered from a failure to press the key for the correct style of bracket, and then failed to count to two. Also. while the UK does have a National Lottery, it does not have a "UK National ONLINE Lottery."

"It is a Promotional Program organized by the United Kingdom in conjunction with the United Nations and the World Bank for the Reduction of Global Poverty so that through you, many people and Charity Organization will be assisted. You are to contact Mr. John Maloney on the information to Assist You with The Claim so that you will quickly receive your funds."

In the UK, only those who have undergone certain re-education at Oxford University use the -z- form of words such as "organised" or "organisation." The sprinkling of the names of supra-national organisations is supposed to make it impressive but in this, if the recipient is even half-awake, it oversteps the mark. The UN and the World Bank have carefully managed aid systems. As a result, they would not hand over money to random people in the hope that it would find its way to where it needs to go. Well, actually, that's not true : they do exactly that but they do at least have nominal systems in place to approve recipients and monitor the use of the money. But once it's handed over, they have remarkably little ability to make sure it is is not diverted through corruption, waste, etc.

And then there's the contact name. John Maloney has been used for many years. This time, there's the added amusement that the fraudster thinks that reversing a name makes it sound more official, like in a directory. But he got it wrong.

Mr. John Maloney
Maloney John Consulting Services
Certified Associate of Goldratt Institute
Tell: +44-745-219-9506
Fax: +44-872-331-6282
Email: johnmolny45@gmail.com
E-Mail: johnmolny45@gmail.com

The e-mail is so great, they named it twice. And "tell." No, that's another indication that this is not a native English speaker. It's a "tell." Haha.

And so it signs off with the requirement to start the process of getting the money:

"Your complete official Names, Country of origin and country of residence/work, Contact Telephone and Mobile Numbers, Address, Amount won{₤1,850,000.00} free ticket number (9DF09317), lucky number (UKLO17) Sex, Age, Occupation and Job Title.

Please NOTE: For Security Reasons you are advised to keep your winning information Confidential till your claim is processed and your money Remitted to you in what ever manner you Deem fit to receive your funds. This is Part of Our Precautionary Measure to avoid Double claim and unwanted abuse of this Program by some unscrupulous elements please be warned

Mr. Saint William
Online Director
UK Lottery Online Email Winning
Notification Department"

Er, no. You can **** right off. I'm not giving you any of that information, St. William. There's more than one Saint William, by the way, and this chap isn't any of them. We know that because they are all dead.

If anyone replies to this mail, in the hope of gaining some money, they are stupid or greedy or both. There is no logical analysis of this that would result in the recipient of the mail getting any money. In the worst case, such correspondence has resulted in targets being lured overseas and robbed or, even, kidnapped.

Are you still feeling lucky?