Feast of the 7 Phishes 2011

Every year at the Siciliano household, we have a holiday tradition based on the Italian Feast of the Seven Fishes, which is, as you probably guessed, a meal consisting entirely of fish. There’s lobster, mussels, clams, scallops, shrimp, smelt, and cod, all either fried or cooked in red sauce, spicy sauce, or white sauce. This year we’re dedicating our feast to “Miles for Miracles,” a fundraiser for Children’s Hospital Boston. I’ll be running the Boston Marathon this coming April in support of the cause.

Another of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used.

1. This first phishing email appears to have been sent from LinkedIn, but the link that supposedly leads to the FDIC’s website is in fact a virus.

“From: LinkedIn linkedXXX@em.linkedin.com

Temporary FDIC insurance coverage news. To obtain more information about temporary FDIC insurance coverage of transaction accounts, please refer to http://www.xxxxxx. Yours faithfully, Federal Deposit Insurance Corporation.”

2. In this phish, the sender claims to be Canadian, but the email suffix “.cn” is Chinese, and the scammer grammar is clearly East African in nature.

“From: Mrs.Martha Chery tesXXX@k.cn

Dear Beloved,

I am Mrs.Martha Chery from Canada,I am 58 years old,i am suffering from a long time cancer of my brain,from all indication my conditions is really deteriorating and it is quite obvious that i may not live for the next two months.”

3. Wow, my “email address has won.” Lucky me?

“From: payofficeXXX@aim.com

WINNING NUMBER: OL/656/020/018

OUR DEAR WINNER, THIS IS TO NOTIFY YOU THAT YOUR EMAIL ADDRESS HAS WON ONLINE LOTTO AND GAMING CORPORATION SUM OF (ONE MILLION EURO).”

4. This scammer responded to a Craigslist ad I had posted. Apparently I “sounded gorgeous in the ad.” I probably did!

“From: Justina Serini justinaXXX@hotmail.com

Hi Robert, I found your posting and wanted to ask you something essential. I am in a relationship and caught my partner cheating on me so I decided to get even! My co-worker said Craigslist list would be the best place to find someone nearby who I can be with for one time only so thought the hell, I would email someone I thought sounded gorgeous in the ad and came across yours!”

5. In this phish, I’m being scammed in Hebrew!

“החינמון!!! info@free2XXX.co.il

יכול לחסוך לעצמו עשרות או מאות אלפי שקלים – ובקלות! גם אם לקחתם משכנתה והשגתם את התנאים הטובים ביותר,”

6. Oh, wow, the United Nations is contacting me directly. How exciting!

“From: UNITED NATIONS bankimoonXXX@yahoo.com

Attn: Beneficiary, This is to inform you that the International Community has received series Complaints from Beneficiaries who are yet to receive their outstanding Contract/Inheritance Funds.”

7. Download this report, and you’re as doomed as a boiled lobster.

“From: Jerry Bush benoit.metzger@XXXueamachine.com

This report applies to the ACH transfer (ID: 963623905410) that was recently sent from your banking account. The current status of the referred transfer is: failed due to the technical error. Please find the detailed information in the report below.”

Hey, that reminds me, I have fish to fry!

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses phishing on Fox Business

Processing your request, Please wait....