A Death Phish?

No, I'm not talking about the film based on the book by 'Brian Garfield' which depicts the conversion of 'Paul Kersey' from an average, caring, family man and general nice-guy to a death dealing vigilante.

In the film 'Death Wish' released in 1974 [and the many sequels that followed] the lead character 'Paul Kersey' was played by 'Charles Bronson'.

What I'm talking about is almost the opposite, a hired assassin deciding not to just take the money, but to warn the intended victim that they have been 'hired' to 'rub-them-out' and offering them a chance to 'buy-back' their life, and find out who 'hired' the assassin. This would make a wonderful movie plot!

why am I mentioning a 'Film' on a blog about malware and related security threats/risks? Well, it is because of a couple of very disturbing e-mails that are currently circulating on the internet and turning up in numerous inboxes. Here are a couple of screenshots of the actual e-mails that claim that someone has paid an assassin to kill you!

Here's the original version that was seen back in January of this year:



Sophos put out a press release about this, and here is some comment from them about this particular variant:

"This is surely one of the sickest phishes yet seen - the intention of this email is quite clearly to frighten the recipient into coughing up a substantial amount of money or, at the very least, their bank account details," said Graham Cluley, senior technology consultant for Sophos. "Innocent, vulnerable people could be scared into believing that the contents of the email are truthful, while the not-so-innocent are arguably even more likely to be hoodwinked. It may be hugely unnerving to receive such threats, but the only way to stop the distribution of these messages is for users to stop responding."

This particular variant became such a problem in the US that the F.B.I posted a warning about it on their website.

In the last few days, a new variant has appeared which is being sent to people in Europe, this is what the new variant looks like:



As you can see the similarities between them are striking.

So, what should you do if you receive one of these e-mails? Simply this, delete it, it is just a scam.

I suspect that this is the latest output from the twisted minds of the 'Boys and Girls from Lagos', also known as the 419, Advance-Fee-Fraud, or Nigerian scammers. So, although I agree with most of the quote from Sophos, I don't agree with 'Graham Cluley' that this is a phishing scam at all, it is really a 'Cyber-Ransom E-mail' or an 'Extortion 419'. Do you have another suggestion for a more suitable name for these? If so, then leave me a comment or drop me an e-mail.

For those of you that are interested in more details on 419 and related scams; I've just had another article on 419s published by Virus Bulletin, you can find a copy of the article here. Older articles on this subject, along with many others, and all my published papers, can be found here.