Email purporting to be from the Central Bank Of Nigeria claims that a fund previously promised to the recipient has finally been approved and will be paid before Christmas if the recipient provides details requested in an attached file.
The email is not from the Central Bank of Nigeria or the Nigerian Government. At first glance, it looks like a typical “second sting” advance fee scam. But, in fact it is a crude phishing scam designed to steal the recipient’s Google account details.
From: CENTRAL BANK OF NIGERIA <firstname.lastname@example.org>
Subject: THIS OFFICE IS REFUNDING TODAY
We have a great news for you this end of year. The Government have finally approved that every penny/dime you have spent in regards to your fund will be returned before Christmas.
This must be done within the next 72 hours so that we can begin the transfer/delivery process of your fund.
Now to confirm you are the actual beneficiary of the said fund.You are advised to open the attached file and then fill in your information.
Your information should not be written on email but inserted on the file attached so you must open the attached file to fill in your information.
We need you to do this today so that things can be finalised before the end of the year.The file attached is encryped to it is only for you and you alone.
You are therefore advised to open the attached file to confirm you are the actual beneficiary as you know so many people have came to cliam your fund..
Open the attached file and congratulations in adavance.
According to this email, which purports to be from the Central Bank of Nigeria, a fund previously owed to the recipient has finally been approved. And, claims the message, any fees already paid in relation to the fund will also be returned. The email instructs the recipient to fill in a form contained in an attached file to confirm details so that the fund can be transferred.
At first glance, the message looks like a typical second try advance fee scam. Scammers often try to revictimize people caught out in previous scams by sending follow up messages some months later claiming that a fund has finally been released. Of course, these messages are of themselves advance fee scams designed to trick hapless victims into sending even more money to criminals.
Some previous victims are apparently desperate enough to grasp at straws and may willingly comply with instructions in these follow-up scam messages in the forlorn hope of finally getting the promised payout or – at least – their money back. Alas, victims will once again become embroiled in the scam and send off their money and personal information to heartless criminals.
But, in this case, the scammers have used a different tactic. Instead of trying to trick victims into sending money they instead attempt to fool them into divulging their Google account login details via a classic phishing scam.
The email attachment contains a .html file that, when clicked, will open in the user’s browser. The file is designed to resemble a typical Google account login page and asks for the user’s Google email address and login details.
Login details submitted on the fake form will be collected by the scammers and can then be used to hijack the victim’s Gmail account and other associated Google services. The criminals can use the hijacked accounts to launch scam and spam campaigns in the names of their victims.
Meanwhile, the desperate victims of the previous scams will wonder what happened to their final chance to get their promised riches and may not realize until it is too late that they have now also lost control of their Google account as well.