Spam and phishing mail

Continuing the Nigerian theme

For the second day in a row the topic of Nigerian spammers has cropped up. And once again they have been sending their heart-rending messages to none other than KL employees.

This time one of my colleagues received a message on the Russian-language social network Vkontakte which was a perfect example of the usual Nigerian scam letter:

It claims to be a message from the representative of a millionaire who died in an air crash with his family two years ago. Sounds familiar, right? 50 per cent of Nigerian letters start like this or in a similar vein. The “representative” goes on to talk about $13.5 million and how he has searched unsuccessfully for two years for any surviving relatives of the deceased. The letter claims that the lucky recipient has the same surname as the victim and therefore should inherit the $13.5 million, after the transaction costs have been covered. The “personal postal address” of the representative is attached of course.

So far, this is all pretty familiar. But apart from the fact it was sent to a KL employee there is another interesting aspect: it wasn’t received via e-mail as is usually the case for Nigerian letters, but on a Russian social networking site!

Virtually no information can be gleaned from the sender’s profile, except a name, city, school number and the year of graduation – amazingly, the “legal representative of the dead millionaire” only finished school this year.

That fact that this type of international spam found its way onto Vkontakte is, among other things, a sign of the gradual globalization of the resource. But the main conclusion to be drawn here is that Nigerian spammers have started to explore the vast world of Web 2.0.

Continuing the Nigerian theme

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox