The "Jeffrey Epstein's Financial Assistant Scheme" is a 2020 twist on the classic Nigerian Prince Scam

The Nigerian Prince Scam — also known as a "419 Fraud" — has a long, weird, and fascinating history. But the basics of it are pretty easy to understand: a random phishing message riddled with grammatical errors, from a stranger claiming to be Nigerian Prince (or representative of one), who needs help shifting some money around through US bank accounts. If you would be so kind as to help this Prince launder his inheritance or whatever it is, he will bequeath you with a substantial portion of his wealth as a token of his gratitude. All you need to do is provide him with all the information he would need to access your bank account, and in six months, you'll be tens of millions of dollars richer!

It feels like an old joke at this point, but weirdly, it still works: in 2018, scammers managed to make nearly a million dollars off the ol' classic. There are other variations, of course, with wealthy orphans, lottery winners, et cetera. The trademark poor grammar is actually a deliberate mechanism used to help the victims self-select by weeding out false positives; basically, if you're smart enough to realize how poorly written it is, the scammers are better off not wasting their time with you. If you're gullible enough to fall for the fake bad grammar, then they know they have a sucker.

I share all of this, because of an email I received today:

Read the rest

Anatomy of a rental phishing scam

Jeffrey Ladish, an independent researcher and security consultant, wrote about a sophisticated credit card phishing scam he encountered while looking for a place to rent in Berkeley, California.

I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I didn’t realize this was a scam until about the third email! Below I will account the story in excessive detail including screenshots.

I’m writing this to illustrate that the best phishing attacks will look very convincing. Often people are told to watch out for poor grammar and formatting to protect against phishing. This will work in some cases, but not in cases like the one I’m about to show. Sophisticated scammers use good English and pattern-match with legitimacy.

[via Evil Mad Scientist] Read the rest