Live sample of an inheritance scam: A dissection

I recently received a spam email in my inbox, and some aspects of it interested me enough I figured I would write a blog post about it. It's basically the 419 scam you all know and love, but with some minor twists to it that seem new (at least to me).

The email claimed to be sent from a Mrs. Rose(mary) Williams, although the actual email address behind it is dondgarciaext123@gmail.com. I was blind carbon-copied on this, presumably to keep it looking like a direct communication and without tipping off any potential victims about the existence of others. The body was a sole JPG image file with no other text; the file is reproduced below for the reference point of my analysis.
Let's go over this message bit-by-bit.

First, let us note that it actually tries to look like a formal-ish letter (although a serif font would have been probably better suited for this purpose). Also, a letterhead and footer are used to establish the name and professional title of Mrs. Rosemary Williams. Clearly, with this level of professional detail, it must be genuine!

Next, let us look at the greeting:

Dear Friend Horton,

Not the tone I'd expect a supposed lawyer I've never heard from before to use, but whatever.

RE: TEN MILLION FIVE HUNDRED THOUSAND DOLLARS INHERITANCE CLAIM (US$10, 500, 000, 00).

We're unexpectedly smacked with this majestic burst of baloney right between the greeting and the body proper. This needs its own sub-dissection to fully appreciate:

  1. This line is in bold. And underlined. And in ALL CAPS. Our attention is immediately drawn to this and the obscene amount of money it promises. Are you feeling excited yet?
  2. It starts off with "RE:", often used in the subject lines of reply emails. What the heck it's doing here, I have no idea.
  3. "Ten million five hundred thousand dollars" is an impressively long number when written out. That extra five hundred thousand dollars pads out the rest of the line quite nicely, in fact extending it to two lines. Besides, if the scammer had just simply said "ten million" and rounded it, it just would not have looked as credible.
  4. This is an "inheritance claim", although I don't remember ever making a claim. Maybe they're claiming that this is actually about an inheritance?
  5. A common theme in these scam emails is that the money amount is always specified in US dollars explicitly, despite the fact that the target audience is American and would just assume that's the currency in question.
  6. Also, check out that wonky spacing on the numerical version of the dollar amount.
  7. Also, commas are now apparently both thousands separators and decimal points. So convenient!

Now we finally get to the body:

My name is Mrs. Rose Williams. I am a Legal [sic] representative, An Attorney [sic] and private account manager to my late client.

Weird capitalization aside, the grammar so far (and in the rest of the message) is surprisingly good. Those Nigerians must be getting pretty fluent with English nowadays.

In the Year [sic] 2014, my client Mr [sic] Marshal Horton, [sic] passed away, leaving behind a cash inheritance of Ten [sic] million Five [sic] hundred United States Dollars [sic] ($10,500,00,00).

"In 2014" would have been more concise and looked less like the intro text to some sci-fi story. Capitalization and punctuation errors continue. Also, we now have correct spacing on the numerical dollars amount, although that handy comma remains as flexible as ever!

My late client and bosom friend grew up in a "Motherless Babies Home".

Has anybody other than William Shakespeare ever really used the word "bosom"? Also, I believe the correct terminology is "orphanage". Unless he still had a father?

He had no family, no beneficiary nor next of kin to the inheritance left behind at his Bank [sic].

Except me apparently, right?

The Financial [sic] law of inheritance clearly allows for the deceased Bank [sic] to use deceased money [sic] as deemed fit, should the inheritance money be left unclaimed for a period of seventeen months after the death of the account owner.

So not only Marshal is dead, but his bank and money are too! Death is so contagious, it can spread to businesses and inanimate objects.

The reason that you have been contacted now is because you bear the same last name as the deceased, and I can present you as the beneficiary and next of kin.

Wow, one whole section with no errors! These Nigerians are getting really good at their English nowadays.

The Inheritance Law [sic] clearly leaves the onus of proof of who is or not [sic] the kinship, [sic] to the deceased Lawyer [sic] to prove. As the deceased Lawyer [sic], the Law [sic] says I have the final say of who is the beneficiary of the deceased estate.

So, let me get this straight: I am entitled to this $10.5 million dollar inheritance merely because I have the same last name by some sheer coincidence (or possibly some clever phishing). And a single lawyer has the sole uncontested power to say this random dude he emailed his legal message to in JPG format can have it all?

Seems legit.

This is 100% percent legal.

Seems legit ×2. (Also, redundant percent is redundant.)

As a lawyer I know this.

Seems legit ×3.

If you are interested in this proposition and you are ready to keep this proposition in absolute confidentiality and trust, then contact me at once, and we can work out the details, and the issue of your compensation.

I think "keep this proposition in absolute confidentiality and trust" is how Nigerians try to say "please don't tell the authorities about this scam" in English. They still haven't quite found the right phrase for everything yet.

If you are not interested, and have found this email offensive or you think this is a scam, please do not reply.

LOL. The scammer thinks that by suggesting the recipient might think this is a scam, they can persuade them that it is in fact not a scam. And if you do think it is a scam anyway, then "please do not reply". Not just "feel free to ignore/delete this message", but please don't contact the scammer back. It's like they know some recipients are going to figure them out and try to have some fun messing with them.

Regards,

Barrister Mrs. Rosemary Williams Esq.
Senior Advocate, International Legal Practitioner
Rosemary Williams Chambers & Financial Attorney
Private Email: mrs_rosemarywilliams@yahoo.com

And here is the footer. Looks nice enough, until you notice that there is no phone number of physical address, and Rosemary Williams herself is completely fictitious, as a quick online search will readily verify.

Well, let me take that last bit back. Rosemary Williams is apparently a real attorney, but she does health care law. I'm no lawyer, but I feel inheritance law might be outside her area of expertise. No mention of where she has worked at has made its way into this message, either. I wonder how she would feel knowing her name was plastered on this crap?

Basically, the above message is a sample of an "inheritance scam", which is apparently a common problem (but not common enough to get its own Wikipedia article yet). But as a computer-savvy user who has had some light education in security in the past, I find the following aspects of this particular message interesting:

  1. For an email, it went to the trouble of trying to format and phrase a professional-looking message, even though it ultimately falls flat. The grammar was honestly far better than most scam emails I have received in the past despite the errors still present.
  2. These emails typically have a tone suggesting a rush is needed to respond. This one lacks that, however. If I'm lead to believe that the inheritance money will stay put for "seventeen months", then that is quite a generous time span on the scammer's part for the victim to think this over.
  3. The message was delivered as a JPG image, which makes it an instance of image spam. One might think that this was because the scammers had not heard of a handy HTML email formatting tool called CSS. I think this was done to avoid detection by spam filters. Perhaps Google needs to add OCR capabilities to their Gmail spam filter, if they haven't already.
Well, that was fun. Time to report and delete it.

Popular posts from this blog

Setting up my custom domain with GitHub Pages and Google Domains

My thoughts on the Soylent Cafe flavors

Fun Run 2: Tips, Tricks and Strategies