Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec.cloud

It has only been a few days since the resignation of Egypt's long-standing president, Hosni Mubarak, who resigned after intense political pressure following days of widespread protest across the country. As we've seen in the past, 419 or advance-fee fraud scammers (who typically promise large amounts of money, but demand upfront fees or payments first) are quick to react to current events. For example, in the aftermath of Haiti's devastating earthquake in January 2010, 419 scammers impersonated the Red Cross, requesting donations.

We recently saw a German language 419 scam claiming to be from the former Egyptian president's lawyer:

The scammer claimed that he needed the recipient's help to retrieve $2.5m of the president's funds, frozen in a Belgian bank account. The scammer further claims that he'll pay for assistance.

The recent uncertainty about Hosni Murabak's whereabouts and health, as well as reports that many jurisdictions are considering seizing his assets could perhaps lend credibility to this particular 419 scam.

As usual for many 419 scams, the message is poorly constructed, and has probably been automatically translated to German. Our advanced monitoring systems alerted us to this scam, which seems to be targeted to German-speaking users. Although these types of mail are generally low volume, they can still cause significant nuisance.