Posted on behalf of Nick Johnston, Senior Software Engineer, Symantec.cloud
As 419 or advance fee fraud scammers have demonstrated in recent days and weeks, they are particularly adept at using current events to their advantage. We've covered how scammers have also used Egypt's recent revolution to try to get money from their victims.
I recently identified a 419 scam message trying to take advantage of the unrest in Libya. It seems that as countries around the world scramble to evacuate their citizens from the deteriorating situation in the country, 419 scammers are also rushing to send out messages to capitalise on the unrest and publicity.
The scam message claims to be written by someone connected to Libya's Senussi crown (overthrown by Muammar al-Gaddafi in his 1969 coup d'état). The scam follows a fairly normal form: the scammer claims to want assistance in transferring his money out of the country, and is prepared to pay for help. The scammer alludes to his involvement in the oil business, possibly thinking that this will entice people to reply to get a share of the wealth. Of course, the scammer will demand ever-inventive upfront fees and charges, and never send any money.
Example of 419 seeking to exploit Libyan unrest
Further analysis revealed that although the message was sent through a large webmail provider, it was sent from an IP address located in Ghana.