By C J Oakes
Various organized crime groups around the world are getting rather crafty in their attempts to get information such as bank accounts, social security numbers, and the like. One such fraudulent scheme currently circulating is supposedly sent from an attorney and uses the last name of the intended victim (you) along with a generic name of a presumed relative. I recently received such an email and naturally, flags went up. I decided to see how far I could take the scammer without giving information. Following is Part 1 in this attempt.
How Can You Spot an Email Scam involving Fraud or Phishing?
The following email was received on January 11, 2017. There are numerous red flags throughout, which will be shared here in the hope that our readers will be better armed against such schemes.
First Red Flag: The Return Email Line
The return address can be most telling when wondering if an email is legitimate or not. Scammers have become more sophisticated yet still must rely on generic emails to conduct their scams. This is because when a person launches a website, their personal information must be on record. Criminals hide in the shadows and will avoid launching a legitimate website to avoid the verification process required.
For this reason, the criminally-minded will generally use a generic email such as gmail, Hotmail, yahoo, and others—most have given up on using foreign email services, knowing that the public is on to that. In the case of the email sent to myself, a Hotmail account was used.
But note too that in the name chosen, an attempt at legitimacy was added with “esq” which is an abbreviation for esquire, one title properly applied to an attorney-at-law. Yet, generic email services will permit a person to call themselves anything they want. I could call myself the President of France in such an email if I chose; doesn’t make it true. Big red flag seeking to make the email sound legit while using a generic email.
“Mr. John Mave <email@example.com>”
Second Red Flag: Salutation/Addressee Name
The next red flag was more personal. In only one place on the Internet am I known by my middle name, “Jeff:” Twitter. So, this tells me that the writer of the email got my information there. Not a viable format an attorney would use to locate me.
In fact, any real law office would simply access DMV records via an official request, which they could legally do—scammers do not have such access, so they rely on social media outlets to Phish for information.
“Dear Jeff Oakes,”
Third Red Flag: Body of the Letter
The body of the letter is so full of red flags that it is almost silly to identify them all. But here are a few:
Run-on sentence from the start. Lawyers spend about half of their time in school in Liberal Arts (English and the like) classes. They know how to write properly. Most have it drilled into them to avoid run-on sentences.
“I sent this letter to you a month ago, but I’m not sure if you got it, I did not hear from you, and this is the reason I repeat it.”
“Lawyer of the law,” really? The expression is “attorney-at-law” or simply, Lawyer. This clearly identifies the writer of this fraudulent email as someone who has a poor grasp on both the English language and American expressions.
Then, there is the next run-on sentence—enough said.
But also note the expression “leaving some huge amount of money.” To an attorney handling an estate, there would be no reason to state the issue in that way. This is a con tactic, seeking to get the recipient excited over the potential of a large inheritance.
“I am a lawyer John Mave, the lawyer of the law I make this offer to you in connection with the death of Mr. Charles Oakes, who was my client before his death, leaving some huge amount of money, U.S. $ 11.5 million in the bank.”
Again with the attempt at legitimacy, “I am a lawyer” as if saying it again and again will make it so. Well, for some, it will. A Lawyer will not be so insecure. And what is meant by “unsuccessful attempt to find a link there?” Where? A link? Huh? This just sounds like someone translating a script from another language into English—poorly so.
“After an unsuccessful attempt to find a link there, I decided to contact you.Please give me your prompt response from the contacts in order to improve communication and information on the subject.”
Fourth Red Flag: Additional Email
In another attempt to conceal their phishing attempt, the scammers provide an additional email amid really odd-sounding words. A legit Law Firm would also include a phone number and link to their website—not a second email from the same or another generic service.
“For more information, please contact us through our camera / Postal Service: [ firstname.lastname@example.org ]
“Thank you for your quick response.”
Fifth Red Flag: The Closing
Finally, the closing is doubled. An attorney would not commit such a redundancy. They also would not identify themselves in parentheses as “(Attorney).” If anything, it would be Attorney-at-Law or they would include their Law Firm name.
“Waiting to hear from you.
“Mr. John Mave, (Attorney).”
Of course, the question on the minds of many is: Why don’t authorities do something about these criminals?
The short answer is, they do, when they can. Most criminal groups engaging in fraud schemes such as the Letter from the Lawyer are located in other countries either without extradition treaties or they move so often they are difficult to track. Too, many originate from organized crime groups which go to extensive lengths to avoid detection. In addition, most who receive such emails never report them. Still, the FBI and similar international agencies are aware and fighting these to the best of their ability.
My Reply to Mr. John Mave, the Name Used for the Phishing Scam
To draw out the scam and gather as much information as possible for a future article, I created the following email in response. Part Two will focus on the reply. If you would like to receive notification when that response is published, be sure to sign up for our newsletter, Balancing the Scales using the form on the upper right of this column.
“Gosh, I don’t know what to say. I had an uncle Charles, Charles Bartholomew Oakes, though he spelled his last name different in his final years. He shortened his name to Oaks. He was nuts and a recluse, but we all knew he had money. Strange he never married or had kids, though there was talk of a bastard son named Jeremy Jones. Have you tried to find him? I just don’t want to get my hopes up. That is a lot of money. So what do you need from me? Are you trying to find Jeremy? I can get you his information if you like. Let me know. I’ll help in any way I can.
All this information is bogus and we’ll see where it goes. The point is, I am not going to give the phishers anything. Instead, I hope to at best get information on them and at least, waste their time and maybe have some fun out of it.
I’ll keep you informed.