Caution! Malware via e-mail

Many malicious software programs are both a foot in the door for trojans and can read and actively reuse contact and e-mail data from inboxes. Criminals use this information as the basis for future spam. The dangerous thing about this is that you receive realistic e-mails that appear to have been sent from someone with whom you've recently been in contact. For example, this might be a fake order confirmation from an online retailer for a product you might actually have ordered. Not many users are thinking about spam in these cases, so they often click an attachment or an apparent tracking link without considering the very idea it could be fake.

Emotet, another door-opener, loads other malware like banking trojan Trickbot onto the infected systems. Cyber criminals use this to spy on confidential information such as bank details and account credentials. They might even take control of the infected system unnoticed. Once they are able to do this they can access other systems like a worm. The BSI is familiar with a number of cases in which this kind of attack, using Emotet for example, shut down production as entire company networks had to be rebuilt from the ground up.

Advance-fee fraud: inherit in the millions, get your dream job, find the love of your life

Con artists have been sending letters promising great sums of money around the world since at least 1988: back then they used fax machines and later e-mail. However, before cashing in, recipients must first help a foreign businessman or prince to transfer large amounts of money out of the country. In payment, a high commission will allegedly be paid. This scam is often referred to as a "Nigerian prince scam" as many of these made-up stories originally took place in Nigeria and involved a prince.

This sort of offence is no longer limited to supposedly Nigerian senders. Rather, today's adventure stories often take place in other countries on the African continent, in Canada, Singapore, Thailand, South Korea or in the Philippines. Unlike previous versions, victims are no longer anonymously but personally addressed by their full names.

The classic story of the Nigerian prince is based on the following plot: money supposedly from the royal coffers must be transferred via a foreign bank account to help the prince keep his money while under threat from war or political intrigues. This account is what the victim is asked to provide. When the victim is first contacted, advance payments are not mentioned, only from an easy action like offering their own bank account for the purpose of transferring the money. Those who respond to the mail are confronted with replies in which the monetary amount of the advance payment is quite low in comparison, just enough to cover some apparent legal fees, bribes or other made-up costs. After victims pay out the money, the con artist of course never responds again.

This advance-fee fraud comes up again and again, each time presenting an entirely new story. Here are just a few examples:

Dream job

The head of HR at a foreign company is sending e-mails seeking employees from the country where the victim lives. The job pays extremely well and involves something like tourism or the oil industry. However, before the victim can get stuck in, some made-up administrative costs must first be paid. These might be for getting a visa, fees for entry into the country or similar. Once a victims pays, contact with the HR head again is terminated. To find likely e-mail addresses for this sort of spam scheme, con artists often tap into employment websites.

Heirs at large

Spam supposedly sent by lawyers representing the estate of a distant relative are sent in waves every few years. A relative who lives abroad made millions over their lifetime. Now that they've died, however, no testament has been found. Of course, the victim is the only living relative the lawyer could find. However, before the victim can receive a pretty penny, just one small thing must be done: the lawyer's fees must be paid. This story ends just like all the others of this kind of advance-fee fraud.

False charges

Con artists of advance-fee fraud often misuse public authorities when creating their fake sender addresses. The text of the spam mail might claim that regional or national police have found evidence of illegal pornography or computer sabotage on the victim's computer. Furthermore, the charges have already been filed and can be viewed in the attached PDF file. The only chance the victim has of avoiding a court case is to pay a security bond. However, the fake PDF of the charges typically also infects the victim's system with malware when the file is opened. No real law enforcement agency does this. We strongly recommend that you never respond to such spam and never click any attached files.

Bid for sympathy

"Help children in need! Your donation will secure their future." This or similar wording is used in this type of spam mail, an attempt to appeal to your sympathies and willingness to help. Remember that real aid organisations never send mass e-mails and never provide a bank account number for donations. Never respond to mails like this! If you want to donate to a real organisation, inform yourself on the Internet and make contact with an organisation you trust.

Love spam

Data leaked from data platforms is a gold mine for love or romance con artists. For example, a mail might introduce a young, lonely woman from Thailand or the Americas. Victims who believe the mail receive replies that only serve to continue raising their hopes. However, expensive flights stand in the way of meeting in person. As soon as the ticket has been paid, the 'young woman's' parents may fall ill and their hospital bill must be paid. After that, still more reasons arise that prevent her from coming to you. Naturally, other variants of love spam use young men as the lure. Love spammers don't limit themselves to sending e-mails: they also create fake accounts on dating sites.