IT Security Blog

27 May 2009

New Western Union Scam Making the Rounds


It looks like Western Union is the target of yet another spoofing campaign by spammers.  We've seen these come and go on a fairly constant basis over the past few months where several different brands have been targeted (we've also blogged about them before), but since this one appears to be coming out in pretty high volumes, I thought it was worth mentioning. 

The message itself appears to come from the Western Union Support Team (see sample below) and follows the same basic tactic that many of its UPS, DHL, FedEx, and previous Western Union scams employed whereby it is trying to trick the recipient into believing that a package or transfer that they had attempted to send was not delivered and to print out and bring the attached invoice (read: malware) to their local branch.  Note the lack of specificity as to where to actually go which has been a common thread in previous scams as well.





Our Threat Operations Center is currently monitoring approximately 100,000 of these new Western Union emails per hour.  Below is a graph showing the timeline and prevalence of the most recent Western Union scams starting from the 11th of May.  The spike on the far right is this most recent variant.





As is usual, if there is a question about a transaction that you had made with a vendor, use the tracking number that they provided you and visit their web site or call them directly to lookup and verify your transaction.  Do not fall victim to these scams. 
Categories: Social Engineering Malware Spam
Posted by smasiello at 1:18 PM | Link | 3 comments
Comments
Re: New Western Union Scam Making the Rounds
The details vary, but the usual story is that a person, often a government or bank employee, knows of a large amount of unclaimed money or gold which he cannot access directly, usually because he has no right to it. Such people, who may be real but impersonated people or fictitious characters played by the scammer, could include the wife or son of a deposed African or Indonesian leader or dictator who has amassed a stolen fortune, or a bank employee who knows of a terminally ill wealthy person with no relatives or a wealthy foreigner who had deposited money in the bank just before dying in a plane crash (leaving no will or known next of kin),[22] a U.S. soldier who has stumbled upon a hidden cache of gold in Iraq, a business being audited by the government, a disgruntled worker or corrupt government official who has embezzled funds, a refugee, and similar characters. Continental Airlines has made the papers, but this time it isn't for cheap flights. Nine pilots have been sued for trying to run a pension scam on Continental Airlines; 8 of the pilots were recently employed by them. (Some resigned, but you can guess why they were fired.) The pilots, in lieu of getting a money loan, tried to exploit a loophole in which employees could get early pension benefits if they were in the middle of a divorce. They filed, allegedly, for divorces from their spouses in order to get the early pension benefits. Needless to say, this didn't fly. They will need low cost loans now, but Continental Airlines can probably afford better lawyers.Read more click http://personalmoneystore.com/moneyblog/2009/05/27/continental-sues-pilots/
Posted by tyf on June 2, 2009 at 2:44 AM

Re: New Western Union Scam Making the Rounds
have recently received an email using your company in the same manor as stated in your alert here need to know if you would like me to forward it to you so that you might try and reverse track it or at least try to stop it let me know either way and were to send it
Posted by dan murphy on August 8, 2009 at 5:08 PM

Re: New Western Union Scam Making the Rounds
I just received this email today. Beware:

Date: Sunday, November 8, 2009 3:08 AM
From: Western Union Money Transfer Add to Addresses Block Sender
To:
Subject: Payment Details.
Size: 3 KB

ATTENTION, BENEFICIARY

THE MANAGEMENT OF CENTRAL BARCLEYS BANK AND WESTERN UNIONS, WISHES TO INFORM YOU
THAT WE ARE IN RECEIPT OF YOUR CONFIRMED BANK DRAFT CHEQUE ISSUED IN YOUR FAVOUR
WITH CASH AMOUNT OF ONE MILLION FIVE HUNDRED US DOLLARS, FROM YOUR AGENT AND HE
TOLD US TO ARRANGE YOUR PAYMENT TO BE AVAILABLE BY WESTERN UNION DUE TO THE FACT
THAT YOU CAN NOT BE ABLE TO CASH THE TOTAL $1.5MILLION CHEQUE.

YOU ARE NOW ADVISED TO CONTACT WESTERN UNION OFFICE IMMEDIATELY AND SEND THEM
YOUR DETAILS WHERE THEY CAN START SENDING YOUR PAYMENT TO YOU AS WE BOOKED WITH
WESTERN UNION OFFICE TO START REMITTING YOUR PAYMENT RIGHT FROM TOMORROW IF
POSSIBLE YOU CONTACT THEM AS TODAY: THE AMOUNT THEY WILL SEND YOU EVERY DAY IS
$5000.00 US Dollars .TILL YOU RECEIVE THE TOTAL AMOUNT OF YOUR $1.500.000.00
CHEQUE.

HOWEVER YOU ARE ADVISED TO CONTACT THE DIRECTOR OF WESTERN UNION OFFICE.

CONTACT PERSON: GERG HILLS
EMAIL: greg.hills@secretarias.com
Phone+ +447024015972


SO BEFORE THEY CAN PROCEED ON YOUR PAYMENT BY TOMORROW YOU ARE ADVISED TO EFFECT
THE SUM OF 210GBP POUNDS TO THEM TO ENABLE THEM REVENUE THE CHEQUE AND START
SENDING IT TO YOU IMMEDIATELY TOMORROW. BELOW IS THE INFORMATION REQUESTED?

RECEIVER NAME..........
CITY..............................
COUNTRY......................
GENDER........................
TELEPHONE..................
QUESTION TEST............
ANSWER.......................

THE DIRECTOR OF WESTERN UNION MR GREG HILLS WILL EMAIL YOU WITH THE TRACKING
DETAILS YOU NEED TO PICKUP YOUR PAYMENT OVER THERE. THE WESTERN UNION OFFICE IS
NOW WAITING FOR YOUR DETAILS WHERE THEY CAN START SENDING YOUR A DAY PAYMENT
FROM TOMORROW.

THANKS FOR YOUR COOPERATION.
YOURS FAITHFULLY,
MR GREGORY ROBERT.
Posted by Carol on November 10, 2009 at 12:51 PM

Post a Comment
Commenting has been disabled for this entry.