Millionaires Want to Share Their Money

Letters about lottery wins are a standard trick used by “Nigerian” scammers. Very often, the author of such letters will explain that he is the happy winner of a multi-million lottery win, and he doesn’t know how to spend the unexpected windfall, and has decided to turn to philanthropy.


Over the last few months, we have detected several spam messages sent in the name of various people who had supposedly won a lottery within the last few years. For example, in December 2013 we received several messages sent in different spam mailings and sent in the name of the same couple who received their lottery win back in 2012. These letters had different designs and told various stories; however, all of them offered the identical sum of £800,000 to the potential victim, and gave the same link to a lottery winner interview video as a way of convincing the reader that the story was true. The scammers tried to be very brief and did not give any detailed information in the message body. However, messages in one of the mailings contained a text saying that the recipient’s email address was selected as a winner in a charity project along with two others.


The scammers also used the names of a different couple who apparently won a lottery in November 2013, again to make their scam messages look authentic. This time, the scammers said the couple were making a donation of £1,000,000. There were no details in the letter as to how the reader could receive the money, or why the lottery winners decided to share the money with that particular recipient. To find out that information, the would-be victim had to reply to the scam message.


The scammers also used more recent cases. In mid-December 2013, an ordinary Canadian won $40,000,000 in a lottery; early January 2014, we detected a scam mailing in the name of the newly-minted millionaire. Unsurprisingly, the scammers attempted to entice the recipient by promising to give $1,200,000 and telling a story that the millionaire is now giving away his entire fortune in memory of his wife who died of cancer two years earlier.


To create new plots for their letters, the scammers use various real events, including both tragedies (celebrity deathsterrorist attacksnatural disasters) and positive events like lottery wins. But no matter what the subject is of the scam messages, don’t ever believe that the senders will in fact share their money with you. Remember that references to real names and links to real publications in reputable media are no guarantee that you are being told the truth.

Millionaires Want to Share Their Money

Your email address will not be published. Required fields are marked *


  1. kevin flow

    how do I find a Millionaires Want to Share Their with me?


Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox