We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT BUSINESS PROPOSAL!!!”, the mail reads as follows:
Greetings,I am Mukhtar M. Hussain. I got your contact information from a reputable business/professional directory. I'm working with HSBC Berhad Malaysia as one of the Senior Vice Presidents. I am writing you this memo, because I have an urgent BUSINESS PROPOSAL for you that will benefit both of us and it’s urgent.For more details, write me on my personal contact e-mail on:{redacted}Yours Sincerely,Mukhtar Malik Hussain.
The mail the scammers want you to reply to is different to the mail it came from. They’re also trying to make the mail look more respectable by using the name of an actual person.
People naturally suspicious of the mail will go looking in search engines, and seeing this is a real person may be enough to convince them to reply. It’s worth noting that this is also a short mail by typical scam standards, but will become incredibly involved should you continue with it.
We were curious to see what the next stage of the scam was, so we replied and then waited to see what would come back. What we received was an even shorter email and a PDF attachment.
Attention,Find attached the urgent BUSINESS PROPOSAL. I await your correspondence.Best regard,Mukhtar Malik Hussain
The PDF we received does not appear to be infected. The scammer is probably just trying their best to keep the meat of the attack away from non-curious individuals.
The document says that a bank customer died, and the bank appointed our contact to hand out the inheritance. If it’s not done in time, it goes to the Malaysian government despite them having moved the money to a “secret” account similar to Swiss banking.
Recipients have 21 days to complete the fund transfer. Despite the document hitting about 1,800 words in length, all it asks for is name in full, current address, and telephone number in order to “harmonise my records”. It’s very likely that the scammers will continue to ask for more information, including bank account number, should contact continue.
They close with the usual warning of not telling anyone:
Please observe this instruction religiously, again note I am a family man; I have a wife and children’s I send you this mail not without a measure of fear as to what the consequences, but I know within me that nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. This is the one truth I have learnt from my private banking clients. Do not betray my confidence. If we can be of one accord, we should plan a meeting soon.So all I require from you is your consent and solemn confidentiality on this from you as it shall remain our secret forever. Deals like this take place every day in the banking world and the reason you never hear about them is because they never fail.
As good as it sounds, nothing in the mail scheme is true. You run the risk of losing all your money, or becoming a money mule, or both should you proceed.
As you’re reading this on a security site, it’s likely you’ve seen lots of these before and you’re well aware of the scam. But it doesn’t take a minute to talk to the less security-aware people in your life about this and other scams. Warn them, and help keep them safe online.
The only thing to do in this situation is report the message for spam, block the sender, and go about your day.
Stay safe!