A variation of a major 419 fraud scam has been slipping under companies' firewalls, with the result that users have been fleeced of their money.
Cyberoam repors that the scam e-mails, disguised under hotel bookings and ostensible conferences in Dakar, Senegal, easily passed through anti-spam filters – prompting the security company to conduct a thorough investigation.
Probing into their source and authenticity has led to the confirmation of a major fraud.
Cyberoam initially responded to an e-mail by "Global Aid Organization (GAO)", a purportedly Washington DC, US-based charity that was to schedule a worldwide conference on human trafficking in Dakar, Senegal between 24 and 27 August, 2009.
No such organisation could be traced by search engines even though the e-mail contained what appeared to be a legitimate website. The e-mail IP address was subsequently traced to Dakar, Senegal instead of Washington DC.
In order to lure recipients, the senders scheduled a free initial conference in the US between 17 and 20 August, supposedly with round-trip air tickets, meals and accommodation. Recipients were also told they wouldn’t get a US visa without first making a down-payment for the hotel reservation in Africa.
The follow-up e-mails from "hotels based in Senegal" carried tariff cards and registration forms. Phone numbers and website details were also included, all of which later turned out to be fraudulent.
Abhilash Sonwane, vice-president: product management at Cyberoam, comments: "The most worrying aspect of this entire scam is that they want you to furnish your precise passport information in their registration forms – passport number, name as in passport, photo, date of birth, address – all useful details for organised crime syndicates that are behind fake passports and identity theft."
Cyberoam has found the following additional evidence to confirm the fraudulent intention of GAO and participating hotels:
* The websites used for GAO, www.globalaidorganization.4-all.org and the hotel www.faidherbedakarhotel.xu.am, are hosted on free subdomains 4-all.org and xu.am, both popular with spammers. Hotel Faidherbe happens to be a real hotel in Dakar, impersonated by the scammers This is the reason these websites never show up on search engines. What’s more, these scammers have the nerve to display seemingly genuine websites to pull their deception. Genuine websites always use a paid domain.
* After calling GAO on its Washington D.C. phone number, someone from their office confirmed they were located in Washington DC. However, there was a clear mismatch in the given area code, 516, as it was based in Long Island, New York. Both hotel phone numbers for Senegal turned out to be invalid.
* There was huge mismatch in currency rates used for hotel tariff cards shown in both Euros and Senegal’s currency, CFA. Whereas 1 Euro is pegged at 655,97 CFA, the tariff card described 65 000 Euros as equivalent to 43 000 CFA.
* All e-mails used free webmail providers that are generally popular with spammers, such as ikiz.net, post.com and mail.com. Also, one of the e-mail sender name fields, "Faid herbeeda" email@example.com, contained a spelling error.
* The organisers sought to bring delegates to the US by petitioning the embassy in their host country for an H2B visa which happens to be an "employment" visa, not one used for attending conferences in that country.
Sonwane adds: "After Cyberoam thoroughly completed the scam investigation, we were not surprised to find out that the only thing genuine about the scammers was the wire transfer details for sending hotel reservation money. The Swift code used belonged to the actual CBAO bank, based in Senegal. However, as expected, an individual was the beneficiary for the funds to be received, not a real organisation called GAO."