It’s like a scene from a Hollywood thriller. You receive an email from a hitman who says he’s been paid $50,000 to kill you. It’s your lucky day, however, because after following you for a week the hitman is convinced that you’re actually a nice guy, and so he’s willing to make you this offer: if you pay him $80,000, he won’t kill you.
Would you treat the email seriously?
This has been the question on the minds of computer users who have received phishing emails like this during the past few weeks (see the end of this post for a sample). Of course many computer users will dismiss it for the scam that it is, but there may be those in a vulnerable state-of-mind who might just get taken in by this kind of scam. After all, the whole point of phishing is to send a targeted email to millions of people in the hope of finding a few susceptible victims.
The email goes on to promise that after an initial payment of $20,000 the hitman will supply audio tape evidence of the contract to kill the reader. This is the real point of the scam, as the payment is required before you meet the hitman for the rest of the payment. The point of all good online scams is to extract money without personal contact.
Internet security company SophosLabs has issued a global warning about this latest phishing attack:
“This is surely one of the sickest phishes yet seen – the intention of this email is quite clearly to frighten the recipient into coughing up a substantial amount of money or, at the very least, their bank account details,” said Graham Cluley, senior technology consultant for Sophos.
“Innocent, vulnerable people could be scared into believing that the contents of the email are truthful, while the not-so-innocent are arguably even more likely to be hoodwinked. It may be hugely unnerving to receive such threats, but the only way to stop the distribution of these messages is for users to stop responding.”
What intriques me is that as time goes on phishing scams become more devious, outrageous, and in this case, sick.
Most computer-savvy computer users can usually tell if an email is a phishing attack. The weird, vague language, and dodgy email address, are usually a give away. However, if you receive an email that you feel uncomfortable with, don’t hesitate to contact the authorities. Whatever you do, don’t start handing over money!
Here’s a copy of one of the hitman phishing emails doing the rounds (courtesy of Sophos):
I want you to read this message very carefully, and keep the secret with you till further notice. You have no need of knowing who I am, where am from, until I make out a space for us to see, i have being paid $50,000 in advance to terminate you with some reasons listed to me by my employers, its one i believe you call a friend, I have followed you closely for one week and three days now and have seen that you are innocent of the accusation.
Do not contact the police or FBI or TB or try to send a copy or this to them, because if you do I will know, and might be pushed to do what i have being paid to do, beside, this is the first time I turned out to be a betrayer in my job.
Now, listen, I will arrange for us to see face to face but before that.
I need the amount of $80,000 and you will have nothing to be afraid of. I will be coining to see you in your office or home determine where you wish we meet, do not set any camera to cover us or set up any tape to record our conversation, my employer is in my control now.
You will need to pay $20,000 to the account I will provide for you, before we will set our first meeting, after you have make the first advance payment to the account, I will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court (if you wish to), then the balance will be paid later.
You don’t need my phone contact for now until I am assured you are ready to comply.