Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence

419-Style Scam Seeks "Muslim Brother or Sister" to Retrieve Funds from Alleged Christmas Airline Bomber

Created: 14 Jan 2010 • Updated: 14 Jan 2010
Paul Wood's picture
+1 1 Vote
Login to vote

This post is made on behalf of Nicholas Johnston, Senior Anti-Spam Engineer, Symantec Hosted Services.

Earlier today we saw a 419 or advance fee fraud scam claiming to be sent by Hassan Ali Abdul Mutallab, the brother of Umar Farouk Abdul Mutallab, who allegedly attempted to blow up Northwest Airlines flight 253 over Detroit on Christmas Day.

The message (see screenshot) has a subject of "Take my Salaam and respect", and the scammer purporting to be Umar Farouk Abdul Mutallab's brother claims he is looking for a "Muslim brother/sister" to help retrieve funds belonging to the alleged bomber. Without replying to scammer it's impossible to be sure exactly how the scam works, but we have every suspicion that it operates like most 419 scams. Before the non-existent money can be released, various increasingly inventive fees and charges have to be paid. These fees continue until the victim of the scam eventually realizes that they have no chance of getting any money, and gives up. Victims are often too embarrassed to contact police, and the scammers continue.

The scam message also included a PDF attachment with the same content as the body of the email. The PDF appears to have been created with ordinary word processing software and there is nothing to suggest it is malicious. It has become increasingly common for scammers to attach their messages in PDF or other formats in an apparent (but ineffective) attempt to evade filters. It is unusual for scammers to attach a file and include the same content in the body of the mail - normally when attachments are used, the body of the mail simply contains "SEE ATTACHMENT" or similar.


This message shows how 419 scammers are skilled at using recent news events - particularly high profile ones such as this - to their advantage. After the alleged failed attack, it was widely reported that Umar Farouk Abdul Mutallab had lived in his father's luxury London apartment, so perhaps scammers are hoping that some victims might have heard this and might therefore think it is plausible that Umar Farouk Abdul Mutallab himself did indeed have a fortune stashed away.

Symantec Hosted Services has advanced technology to protect against 419 and other advance fee fraud scams.