I love scams, and sometimes, when I get a really good one, something with a little originality to it, something that shows a little effort, I want to share it. Here is an email message that America’s Best magazine editor Lynn Celmer forwarded to me that supposedly comes from FedEx (emphasis mine):
Dear Customer !!!
We have been waiting for you to contact us for your Confirmed Package that is registered with us for shipping to your residential location. We thought that the sender gave you our contact details and that you would have contacted us by now. we would also let you know that a letter is also attached to your package. However, we cannot quote its content to you via E-mail for privacy reasons. We understand that the content of your package itself is a Bank Draft worth $800,000.00 USD, in FedEx we do not ship money in CASH or in CHEQUES but in Bank Drafts only. The package is registered with us for mailing by your colleague, and your colleague explained that he is from the United States but he is in Nigeria for a three (3) month Surveying Project. for he is working with a consulting firm in NigeriaWest Africa.
We are sending you this E-mail because your package is been registered on a Special Order. What you have to do now, is to contact our Delivery Note that the payment that is made on the Insurance, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism in your country. This will help you avoid any form of query from the Monetary Authority of your country. However, you will have to pay a sum of $125 US Dollars to the FedEx Delivery Department for the Security Keeping Fee of the FedEx company as stated in our privacy terms & condition page. Also be informed that your colleague wished to pay for the Security Keeping charges, but we do not accept such payments considering the facts that all items & packages registered with us has a time limitation and we cannot accept payment not knowing when you will be picking up the package or even respond to us. So we cannot take the risk to have accepted such payment incase of any possible demurrage. Kindly note that your colleague did not leave us with any further information. We hope that you send your response to us as soon as possible because if you fail to respond until the expiry date of the foremost package, we may refer the package to the British Commission for Welfare as the package those not have a return address.
Kindly contact the delivery department (FedEx Delivery Post) with the details given below: FedEx Delivery Post Contact Person: Mr. Smith Isumr.firstname.lastname@example.org Kindly complete the below form and send it to the email address given above. This is mandatory to reconfirm your Postal address and telephone numbers. FULL NAMES: TELEPHONE: POSTAL ADDRESS: CITY: STATE: COUNTRY: Kindly complete the above form and submit it to the delivery manager on: email@example.com
As soon as your details are received, our delivery team will give you the neccessary payment procedure so that you can effect the payment for the Security Keeping Fees. As soon as they confirm your payment receipt of $125 US Dollars. They will not hesitate to dispatch your package as well as the attached letter to your residence. which usually takes 24 hours being an over night delivery service.
Note: that we were not instructed to email you, but due to the high priority of your package we had to inform you as your sender did not leave us with his phone number because he stated that he just arrived Nigeria and he has not gotten a phone yet. We personally sealed your Bank Draft and we found your email contact in the attached letter as the recipient of the foremost package. Ensure to contact the delivery department with the email address given above and ensure to fill the above form as well to enable a successful reconfirmation. Attach to this email is a scan copy of the package to be delivered to your address containing the draft of $800,000.00 USD, immediately you we have confirmed your payment of $125 US Dollars for the Security Keeping of your package. Yours Faithfully, Mr James Wellington. FedEx Online Team Management. All rights reserved. © 1995-2009. -------------------------------------------------------------------------------------------------------------------------- This E-mail is only for the above addressees. It may contain confidential or Privileged information. If you are not an addressee you must not copy, distribute, disclose or use any of the information in it or any attachments. -------------------------------------------------------------------------------------------------------------------------- FEDEX INTL>>>LICENCE OF FEDERAL EXPRESS CO-OPERATION. Wow! It seems that I am violating the terms of their confidentiality warning by putting a copy of this up on The Bottom Line. It really makes you wonder what these people are thinking when they put this out there, other than that I would get a hold of it and pick it apart.
Now, let us assume that you, indeed, have a colleague on a surveying project in West Africa who just happens to have nearly a million dollars burning a hole in his pocket (he must be wearing those jungle explorer pants with the really big cargo pockets on the legs). Let us also assume for the moment that for some reason that pesky wire transfer thing is simply so unappealing to this latter-day Captain Spaulding that he searched high and low to find the nearest FedEx office in order to get this small fortune to you, told them all about it, showed them the letter written to you and then sent it to you collect. If that doesn’t sound like a Marx Brothers movie, I don’t know what does!
The Signs of a Scam
Now, the absolute absurdity of the story behind this attempt to lighten your wallet by $125 really does make this scam email suitable for framing. However, even if all of that rubbish was true—including the bit about the cargo pants—there are ample clues within the letter itself to demonstrate that it is nothing more than a phishing lure!
Phishing is a kind of scam that is really designed to collect personal data. Sure, if they can get you to pony-up some money as well, all the better. However, the real pay-off comes with the inevitable identity theft that follows the disclosure of the information they request. It is easy to spot one of these scams. You notice the clues—you may even laugh at them—but you need to connect them with the scam.
Sloppy writing. This is supposedly from a professional, worldwide, multibillion-dollar company and the writer cannot spell. Nor has he any idea how to use capital letters and punctuation, word spacing and so on. Moreover, a quick look at the sentence structure and vocabulary shows unnecessarily complex and flowery language. Sentences like: So we cannot take the risk to have accepted such payment incase of any possible demurrage do tend to stand out, and that salutation, Dear Customer !!! is both vague, as if they don’t know who you are—which they don’t—but the prospect of contacting you is still incredibly exciting. Editorially speaking, this email is a mess!
Misuse of the company name. The actual name is FedEx Corporation. It is not, as this scam letter suggests, “FEDEX INTL,” nor is it “Federal Express Co-operation.” This is more than just the company name; it is the heart of their brand, just as your company name is the heart of your brand. Everything that FedEx puts out is consistent both within the document and with everything else that the company distributes. If that were not the case, then their brand would be diluted, and that is the last thing they want.
Strange email addresses and URLs. Take a look at the FedEx website and you will notice that their email addresses end in @fedex.com. So, if you want to reach, say, investor relations, it would be firstname.lastname@example.org. They also have contact forms. Now, knowing that, what does it tell you about the email address of one Mr. Smith Isu, which is email@example.com? After all, if the man was with FedEx, why does his email direct you to well-known spam email company? If nothing else in this email sets off alarms for you, this discrepancy between this email address and FedEx’s usual email practices really should. The same thing goes with links. Roll over all the links in a message and at the bottom of your browser you will see the URL the link points to. If the links don’t point to where they should, based on who supposedly sent the email, it’s a scam.
Ask yourself, if one of your employees sent out a similar email to a potential customer—impersonal, poorly written, riddled with mistakes—how would you react? Not well, certainly. There is, however, more.
Internal inconsistencies. When they say they cannot tell you what’s in the letter for “privacy” reasons, but go ahead to tell you there is a bank draft for $800,000 riding with the letter, then something is distinctly wrong. The writer of the email states at the top that they have been waiting for you to contact them, yet further down they say that this is a “high priority” package. Which is it, a high priority or something you can just throw on the shelf until you get tired of looking at it?
False sense of urgency. This is the hard sell. They say you have to reply quickly to avoid having the check sent to the British Commission for Welfare in order to get you to act rashly. Since when does a delivery company give unclaimed packages to a government welfare agency? Does that mean they would send that sweater Aunt Kate mistakenly tried to mail to your former address to Goodwill because you didn’t pick it up? No! They would return it to Aunt Kate. If this was real, the worst thing that would happen would be the package being returned to Captain Spaulding.
The terrorism/drug angle. Everyone wants to do their part and we all know that Obama’s Department of Homeland Security and Drug Enforcement Agency have lists of people and transactions they want to keep and eye on, but to imagine that you have to pay $125 to avoid being branded a terrorist or a drug smuggler is patently absurd on the face of it. The implication here is that if you don’t play ball, then you will be suspected of wrongdoing.
Keep it quiet. This goes back to the comment about breaking their confidentiality rules by posting their email and discussing it. Scammers don’t want you talking about their activities. At the same time, they want to look as legitimate as possible. By adding the language: This E-mail is only for the above addressees. It may contain confidential or Privileged information. If you are not an addressee you must not copy, distribute, disclose or use any of the information in it or any attachments, the scammer is trying to accomplish both.
The Bottom Line
I cannot say it any more plainly than this: No one in Nigeria wants to send you money. On the other hand, there are quite a few folks who would like to take some—all—of yours, so you have to be careful and you have to have your eyes open.
In this specimen, the company being used in the scam was FedEx, but it could have just as easily been UPS or some other courier/delivery service and there are examples of this. These scammers are using these companies to give themselves some legitimacy, to cover their real purpose. This is very damaging to the company’s brand, but there is little they can realistically do. It is the latest version of the old Nigerian 419 scam and it is spreading through the Internet thanks to spam merchants like BTI Internet. If FedEx and the other companies went after companies like BTI and tried to either shut them down or bleed them through high legal fees, then there might be a chance to stop these scams, or at least a portion of them.
Until then, however, we have to be careful. Since email like this can be filled with malware, make sure that your spam filters are properly set and that you don’t open any attachments that might come with the email. This one, for example, refers to a scan copy of the package (whatever that means) as being attached. The most important rule, however is this one: If you do not initiate the business, never send any money to anyone you do not know and trust. If you do, odds are you will never see it again.