This phishing attack targeted individuals who were likely to be interested in a US immigrant visa. The actual phishing e-mail contained the individual’s full name, nationality and telephone number. It instructed the recipient to send the visa processing fees to the “US embassy agent” in the UK using Western Union. A portion of one of these e-mails is displayed here so all our readers can see how convincingly this fraud was put together.
People should expect to see more of these targeted phishing attacks thanks to the proliferation of personal information on the Internet. Criminals either join social networking sites to harvest personal details themselves or they buy databases that contain personal records. A database of names and matching e-mail addresses is sold for a certain amount. Each additional piece of personal information added to the database raises its value. Some databases now offer matched information such as name, e-mail address, telephone number, employer, physical address, gender, date of birth, nationality — the possibilities are constantly expanding. Such databases are available because hundreds of millions of people are willing to make personal information public and too many organizations lack adequate protection for personal information entered into digital records under their management.
The US Visa scam was convincing due to the amount of personal information it contained as well as the official looking images and authoritative tone found throughout the message. However, the fact that the email requested that the visa fees be sent via Western Union was an indication that the message was a fraud. The Public Affairs Section of the Embassy of the United States in Riyadh commented on the scam in a statement released to Arab News.
“One widespread Diversity Visa (DV) scam e-mail instructs recipients to send money via Western Union to a fictitious person at the US Embassy in London. If you have received this e-mail, you have been targeted by con artists. UNDER NO CIRCUMSTANCES should money be sent to any address for participation in the DV Lottery. The Department of State’s Kentucky Consular Center (KCC) does not send e-mail notification to DV entrants informing them of their winning entries. Successful DV-2011 applicants already have been notified by KCC by letter, not by e-mail. DV-2011 entrants also can check the status of their entries at www.dvlottery.state.gov until June 30, 2011.”
You can fight back against these criminals. To report incidents of US visa fraud, please contact the US Embassy in Riyadh via e-mail at [email protected]. The US Embassy in Riyadh also advises that entrants who completed the online DV-2012 applications will not receive notification letters from KCC. Rather, they must check the status of their entries themselves through the Entrant Status Check available at www.dvlottery.state.gov between May 1, 2011, and June 30, 2012.
