IT Security Blog

Thanks to James in our Threat Operations Center for forwarding me a sample of one of the funnier phishing tactics that I have come across.  I thought an appropriate name for this type of scam would be "Dead Phish."

Here is a copy of the email (in all it unedited glory filled with spelling and grammatical errors):

Dear Sir,

We are in receipt of a Death Certificate certifying you dead and seeking the transfer of your over due contract funds to an Account in London.
 
All the local financial contractural obligations have been met and the funds is ready for transfer to the London account.
 
Please understand that if we do not hear from you in the next 7 days we shall treat you as dead and the funds shall be duly transferred.
 
You have been notified.

If this is false please write and let us have an affidevid to counter
this claims.

Yours faithfullly,
 
Mrs.callister Ibe
 
Chairman of Contract Review Panel

Phone:234-805-6135520.

This is another phish by phone tactic similar to what I have blogged about previously where the scammers are avoiding using web site links within their messages in an attempt to get by URL filters and built-in browser phishing detection. 

My favorite part is where it says "You have been notified."  What if I were actually dead?  It's true that you can get your email just about anywhere nowadays, but I never knew that also extended to beyond the grave!  This was a good way to start the post-holiday work week.