Lottery Scammers Phishing with More Sophisticated Hooks
A lottery phishing scam is flooding inboxes these days. Allegedly from The National Lottery Commission, the bait lures users not only with a link to the official lottery page, but also with what seems to be a legit e-mail address of the chief executive.
UK lottery scammers seemed to have professionalized their social engineering techniques. Users now receive business proposals on behalf of Mark Harris, the National Lottery Commission’s Chief Executive, from a website registered on .org with the director’s name.
This enhances the scam’s credibility and makes the sender look more legit. Because both the e-mail address and the link included in the message aren’t fake or dangerous by themselves, phishing crooks can catch more innocent users. The phishing attempt may also bypass some anti-spam filters.
According to Bitdefender specialists, the .org website seems to have been registered in 1995 on behalf of a company named “The Harris Family”, and was last updated two years ago. Though the Lottery is in the UK, the registrant country is the US, and if a user tries to reply to the message, it redirects to a Yahoo address.
“Mark Harris” phishing attempts have made rounds for a couple of years. In 2009, scammers didn’t use a “legit” sender address, and the e-mails were much longer and bombastic. At the time, lottery cyber crooks brazenly crafted a few lines about internet scams too.
“Before I will seek your cooperation, I like to let you know that this proposal is genuine and 100% authentic as it is not an attempt to scam you but to better our lives,” older “Mark Harris” spam messages read. “Though there are alot of scam over the internet but there are still geniune deals. I will proove my authenticity to you as we progress.”
Past business proposals made reference to an unclaimed prize that the lottery’s executive would like to share with the user, before the mass of cash falls into the wrong hands and is remitted to the UK Government. To avoid detection and raise users’ curiosity, the present spinoff doesn’t give many details about the business proposal.
Another difference from the older similar scams is that spelling has been brushed up. The bogus business proposal still lets the cat out of the bag with clumsy expressions that a native English speaker wouldn’t use: “good day to you”, “please you can read” or “my company’s work profile”. Also, scammers continue to use odd expressions such us “I wish to share” or “Please get back to me for details.”
The only thing older lottery scams still have in common with current ones is the link to the “company’s work profile”, which remained the same.
They also give some handy tips for identifying lottery scams, starting with the simplest, for the most gullible.
“In order to win the UK National Lottery, you have to buy a ticket, either Interactively, via the National Lottery website, mobile phone or interactive television, for which you need a UK address, or at a National Lottery retailer,” the message reads. “If you have not bought a ticket then you have not won.”
Here are a few other hints that should make you think twice before replying or clicking on any links:
- The “Mark Harris” e-mail isn’t addressed directly to you (as in “Dear X Y,”);
- Any business proposal should be available on the company’s official website. It only takes a minute to check it;
- Treat with suspicion any link embedded in an e-mail coming from someone you don’t know;
- Professional e-mails come with the standard signature at the end, including e-mail and postal address, logo, phone number.
Update: “The National Lottery Commission receives a number of complaints and queries about scams via its Consumer Protection inbox, and advises anyone who is concerned about a lottery scam to go to the information for players page on its website,” Mark Lepkowski, Corporate Affairs Manager at the National Lottery Commission, told HotForSecurity.
“The .org website is in no way related to the National Lottery Commission or Mark Harris and is another example of a scam. The Commission points out that it never sends anyone any letter or other communication about lottery wins.”
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Alin Damian, Online Threats Analyst.