Thursday, January 21, 2010

A spin on the old email phishing/scam?

Earlier this week, I received a SMS on my mobile phone telling me:

Thank your star! Your mobile number have won 1Million USD in FIFA 2010 GAME OF LIFE PROMO; for claims e-mail fifaclaims@w.cn or call +447-024-036-835


The originating number showed up as: +2347056318188

This had me intrigued. I have been lucky enough to win many many wonderful prizes over the years where the very considerate organisers/promoters have been kind enough to contact me (in some cases persistently hound me) and advise me of my win. I have won trips to Florida, several million dollars (and counting) from various things, mobile phones, a villa by the sea, a Mercedes-Benz, and the list goes on and on.

I also had a rather rich Uncle (who I never knew about but he has the same surname as me) who passed away in the UK not too long ago, and he left me a small fortune as well. His very able lawyers engaged a very efficient agent to hunt me down so that I could claim my inheritance. How wonderful of them. I also had a colleague from my former regiment who died in an unfortunate accident who also left me a large part of his final will and testament. I cannot quite recall this colleague in question, and the unit he belonged to does not exist, but never mind all that. Then I have all those nice Bankers/Oil Company employees and Widows/Children of famous leaders from Africa paying me a handsome percentage to transfer funds for them. My Bank could not be any happier, what with all the money they are making from comissions and fees on the foreign exchange. Ah...life is good when you are in such demand, but I digress.....I wonder if I sound a tad sarcastic in this paragraph? :)

Anyway, so I thought I would investigate the SMS a bit more. First I called +447-024-036-835. The number would not connect - +447 is not a valid country code. But if I re-arrange the numbers as +44-702-403-6835 then this is in the UK. I looked up the number on UK Phone Information and that indicates this is a "personal number" that is likely to be in service. This general range of UK numbers 702-xxx-xxxx are often set up as a UK number that forwards to just about anywhere in the world.

Then I called +2347056318188 and that connected. +234 is Nigeria but what I found interesting is that the call was answered by someone with an obvious East Asian accent. I am not entirely convinced the call was actually answered in Nigeria, but rather perhaps via VoIP it terminated elsewhere, after landing in Nigeria. Need to investigate more perhaps.

Then I had a look at the email address. Our friends at Robtex gave me the following information about "w.cn":

Summary

w.cn is delegated to six nameservers, however all six delegated nameservers are missing in the zone and six other nameservers are listed instead. There are six duplicated IP numbers. Some of them are on the same IP network. Incoming mail for w.cn is handled by one mailserver having a total of two IP numbers. They are on the same IP network. w.cn has one IP number. 9.cn, a.w.cn, b.9.cn, dk.w.cn, com.w.cn and at least 16 other hosts point to the same IP. n.cn, cna.cc, wetc.cn, bmw8.cn, qdnm.com and at least 14 other hosts share nameservers with this domain. a.w.cn, cb.w.cn, dk.w.cn, com.w.cn, 4as.w.cn and at least 32 other hosts are subdomains to this hostname. w.cn is ranked #367332 world wide and is hosted on a server in China.

You can view the above summary and more at this link on Robtex

So, are we seeing a more organised and sophisticated level of phishing and scamming now?

From what I received and the little research I did, there appears to be a Nigerian link and a Chinese link. Add to this that I did not receive an email, but rather a SMS to my mobile phone - which is more "personal" and perhaps could be more "trusted" by a lot of people. People do expect email scams these days, but I am not sure SMS scams of this nature are that well-known (at the moment).

Educating people about such risks is very necessary, but there will still be people who will get duped. An acquaintance of mine from the Australian Federal Police told me not long ago that there are still people in Australia who are falling for the old Nigerian email scam, even though that scam has been highlighted often in various forums and media. He also indicated Australian citizens were not alone in this and other countries also had the same. I suppose greed often comes in the way of rationale thinking...

2 comments:

Wilson said...

The old adage holds true whenever deciding about such offers: If it's too good to be true, it usually is ;)

Lalit said...

It is amusing that these mails DO look like scams and we still are tempted to explore them!! you have done service to the society by scratching (a little more really)and getting it onto your blog. Good job! - Lalit Mathur