A nice example of what you might call a hybrid scam was recently flagged by my friend Randy Abrams of ESET.
It’s actually a classic mule recruitment mail, masquerading as an invitation to apply for a job receiving cheques, wire transfers etc. on behalf of an organization and forwarding the funds to the US or Canada. Or, as it’s known in the law enforcement business, moneylaundering. The aim is not to get over a mythical difficulty in receiving funds in North America, but to make it more difficult for law enforcement to “follow the money”…
I used to track stuff like this all the time, but have less occasion to these days: not that I’m not interested, but there’s just too much other bad stuff forcing itself on my attention. It’s mildly interesting that the scammer claims to be representing a UK charity, though (Action!Aid UK to be precise). While we’ve seen lots of donation scams following the disaster(s) in Japan, this is a salutary reminder that there are scams going on all the time, and criminals are happy to abuse your charitable impulses for many purposes.
On this occasion there are a couple of red flags. One is the “I need you to forward money to me legitimately” ploy, of course: it’s well known that money talks, but it’s also happy to travel to pretty much any legitimate destination. The other is that while the message appears to come from a legitimate domain, the “sender” (who rejoices in the righteous forename “Christian”) wants you to contact him via an AOL address.
Verifying the organization also alerted me to how difficult it can be to be sure that a charity – or one of those sites that forwards donations to your chosen charity – is, in fact legitimate. Sources like Charity Navigator do a good job with US organizations, but verifying branches in other countries is not always easy.
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow