Phishing Scam on Computer
Home ScamsPhishing Scams Nigerian Government ‘Office Refunding Today’ Phishing Scam

Nigerian Government ‘Office Refunding Today’ Phishing Scam

by Brett M. Christensen


Email purporting to be from the Central Bank Of Nigeria claims that a fund previously promised to the recipient has finally been approved and will be paid before Christmas if the recipient provides details requested in an attached file.

Brief Analysis

The email is not from the Central Bank of Nigeria or the Nigerian Government. At first glance, it looks like a typical “second sting” advance fee scam. But, in fact it is a crude phishing scam designed to steal the recipient’s Google account details.


Date: 2013/12/19


We have a great news for you this end of year. The Government have finally approved that every penny/dime you have spent in regards to your fund will be returned before Christmas.

This must be done within the next 72 hours so that we can begin the transfer/delivery process of your fund.

Now to confirm you are the actual beneficiary of the said fund.You are advised to open the attached file and then fill in your information.
Your information should not be written on email but inserted on the file attached so you must open the attached file to fill in your information.

We need you to do this today so that things can be finalised before the end of the year.The file attached is encryped to it is only for you and you alone.
You are therefore advised to open the attached file to confirm you are the actual beneficiary as you know so many people have came to cliam your fund..

Open the attached file and congratulations in adavance.


Detailed Analysis

According to this email, which purports to be from the Central Bank of Nigeria, a fund previously owed to the recipient has finally been approved. And, claims the message, any fees already paid in relation to the fund will also be returned.  The email instructs the recipient to fill in a form contained in an attached file to confirm details so that the fund can be transferred.

At first glance, the message looks like a typical second try advance fee scam. Scammers often try to revictimize people caught out in previous scams by sending follow up messages some months later claiming that a fund has finally been released. Of course, these messages are of themselves advance fee scams designed to trick hapless victims into sending even more money to criminals.
Some previous victims are apparently desperate enough to grasp at straws and may willingly comply with instructions in these follow-up scam messages in the forlorn hope of finally getting the promised payout or – at least – their money back. Alas, victims will once again become embroiled in the scam and send off their money and personal information to heartless criminals.

But, in this case, the scammers have used a different tactic. Instead of trying to trick victims into sending money they instead attempt to fool them into divulging their Google account login details via a classic phishing scam.

The email attachment contains a .html file that, when clicked, will open in the user’s browser. The file is designed to resemble a typical Google account login page and asks for the user’s Google email address and login details.

Login details submitted on the fake form will be collected by the scammers and can then be used to hijack the victim’s Gmail account and other associated Google services.  The criminals can use the hijacked accounts to launch scam and spam campaigns in the names of their victims.

Meanwhile, the desperate victims of the previous scams will wonder what happened to their final chance to get their promised riches and may not realize until it is too late that they have now also lost control of their Google account as well.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,