Blog article
See all stories ยป

Phishing for Ego, Mr Van Robben you're giving me 1.5m?

Recieved this fun phishing attempt recently:
Dear Sir/Madam, 

The Fondazione Di Vittorio, would like to notify you that you have been chosen
by the board of trustees as one of the final recipients of a Grant/Donation
cash aid of USD$1,500,000.00 (One Million Five Hundred Thousand United  States
Dollars) for your own personal education, and business  development.The
Fondazione Di Vittorio, established 1977 by the Multi-Million groups and now
supported by United Nations Organization (UNO) and the European Union (EU), is
conceived with the objective of human growth, educational, and community
development thereby uplifting the standard of living of people.

Based on the random selection exercise of internet websites and millions of
individuals and companies worldwide, you were selected among the lucky
recipients to receive the award sum of US$1,500,000.00 as grant/donations cash
aid from the Fondazione Di vittorio in accordance with the enabling act of
Parliament.You are required to contact the paying bank in DEN HAAG NETHERLANDS
for the processing of your grant/donation cash. Please endeavor to quote your
Qualification Numbers (*A-222-6747,N-900-56*) in all discussions.
Your fund is now deposited with the paying Bank.
To begin your claims, kindly contact the paying bank with the below information:

1. Name - Don't you know it already?
2. Age -  Ditto
3. Telephone - Why not call me and tell me the good news (maybe its coming)
4. Qualification Number

Contact Person: Mr. Van Robben  DON"T EMAIL HIM (LOVE THE NAME)
Tel:   +31 641 648 111
Fax:   +31 847 119 436

Mrs.Georgette Maessen
(Foundation officer)


Gotta love em, and they can even spell.

I almost felt 'all special' until I saw that I was just a 'random'. This just isn't right. It's probably interfering with all those genuine millionaire philanthropists trying to give real money away to randoms.


Comments: (6)

Sriram Natarajan
Sriram Natarajan - Credit Risk Fraud Cards Professional - Gurgaon 11 May, 2008, 07:14Be the first to give this comment the thumbs up 0 likes

Dean. What you received is nothing but one of the many variants of the famous Nigerian '419' scam. With so much publicity to the '419' letters and emails, the fraudsters have decided to be more creative. I keep receiving emails from a London address that I have won a British Government lottery! Fraudsters are getting creative by the day.

A Finextra member
A Finextra member 11 May, 2008, 12:01Be the first to give this comment the thumbs up 0 likes

Yes, I had another one advising me about the 'new' Merrill Lynch business site where ML has deployed new internet security features. I'll bet!

Logic suggests that they'll just get better. Eventually no-one will pay attention to any emails.

A Finextra member
A Finextra member 12 May, 2008, 09:25Be the first to give this comment the thumbs up 0 likes

Hi Dean,


"Your" email and all junk emails are only viable when it costs virtually nothing to send out millions of emails. I have read there are over 100 billion spam emails sent every day and clearly this has absolutely no benefit to anyone other than senders of spam.

IMHO it would be easy to stop this torrent by having a minimal charge per email sent of say 1 penny/cent/yen. I realise that some non-profit organisations would not like this but surely it would be worthwhile to reduce the amount of spam.



A Finextra member
A Finextra member 12 May, 2008, 11:05Be the first to give this comment the thumbs up 0 likes

Hi Tony,

I agree, I can't see any reason why people wouldn't pay say 1 cent, but I think it would only solve some of the spam emails and I suspect none of the phishing, and often they are 'sent' by unknowing third parties anyway. Phishing is profitable and is becoming increasingly targeted and spam must make money otherwise spammers would find something else to do.

A solution which I think would work might be by verifying the sender to the recipient before they open the email. People could choose not to open spam, or they could open it and would not really need to worry about danger, except malicious code, but certainly not  experience fraud as a result. Ideally it shouldn't matter if your machine got a virus or a trojan, your transactions should still be safe, after all it's not like it'd be a surprise, and hoping for the best is certainly no defense, look where that's got us.

I have designed a low cost solution which verifies the sender and the fee could perhaps be less than a penny if enough custom was forthcoming. We haven't actively marketed it although we've had some interest from brands keen on getting their requested advertising actually read, but that will a be part of our next phase offering which is more aimed at them. I figure we'll just give it to our customers as a bonus, at least they'll read our and our clients email. 

I don't think it can go on much longer, too many legitimate businesses are missing out on the benefits of a trusted email channel. Wouldn't you get warm and fuzzy feelings about your bank if they verified their email to you?

The solutions we propose are integrated so that in the first instance you probably wouldn't open the fake bank email. Secondly, if you did accidentally end up at a fake bank site, the fake site would be unlikely to succeed in actually tricking you into performing a transaction and it would undoubtably fail when put to the test by our transaction verification system.

There are some pretty smart evildoers out there and even I can imagine an exploit which uses the real customer's computer in a loop through a fake bank site and back to the customer and then to the real bank's site. This type of attack would probably defeat most web based defenses because the attacker is using a known device from an accepted location.

For instance, sophisticated 'decision making' risk software like Cyota software detects various details of the transaction which may alert the transaction system to things such as the customer and the fraudster being in either in different places or out of character places. Our security does too, and it is also capable of escalating the defenses to defeat even the abovementioned type of attack. So even if someone tricks you, and it could happen to any of us, the transaction would raise an alarm and fail to complete.

The most common (at the moment) and easiest attack is to steal your details and use them later. Bank software is getting better at recognising these attacks and they have handed out a bunch of gadgets to make it a little safer, but the gadgets are unfortunately limited to what they are, sealed units, so they can't really adapt to defeat new threats, and they would fail in the above example for instance, even if you had a token gadget.

The mobile phone solution can adapt to new threats as they arise, and while I can't actually imagine any attacks succeeding with what we have now, let alone in the future, we are still trying to find a flaw, but if we do - we'll just adapt.


A Finextra member
A Finextra member 12 May, 2008, 15:10Be the first to give this comment the thumbs up 0 likes

Now i'm not an expert in this field, but to me the idea of charging for each of the Gazillions (if this isn't a number it should be) of emails sent around the globe every day seems crazy.

Quite apart from the expense involved in setting up the payment systems needed to handle all the transactions in various different currencies. Who would the money go to?  How would it be collected?  And surely this would be far too expensive for people in developing nations, who now use email as a vital communication tool.

Personally I think the money would be more wisely spent on developing better software to detect unwanted emails before they ever get to you inbox and educating those people not so computer literate to spot one when they see it!..  

A Finextra member
A Finextra member 14 May, 2008, 03:19Be the first to give this comment the thumbs up 0 likes

Very good point about charging for it, although I would predict that in 5 years such payment mechanisms might be in place, however making people pay is probably not the ideal solution.

Having some multi-brained multi-lingual computer system decide what I do and don't read isn't my ideal either, even though I grant we'll be stuck with some variation due to surveillance anyway. 

Making the senders authenticate at the point of sending would go a good way towards at least identifying the sending computers/user, unknowing or otherwise, and then we could do something about it. Participants in any system would first, prohibit any mass messaging unless from authenticated parties. An adjustment at the mail server.

That way third world residents without the infrastructure to authenticate would at least be able to send email to people they knew for free.

More people already have the means to authenticate in their hands, than the total number with even access to the internet, so I think the answer is obvious. 

Authenticate senders and while you're at it you could authenticate recipients.

Member since




More from member

This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all

Now hiring