Security

Dear Sir or Madam: Lottery Scams Proliferate

Tom Ericson, a retired bank employee who lives in Denmark, still can't get over how he lost about €60,000 (US$90,000) in a bogus lottery.

Ericson (not his real name) now knows there's no such thing as a "Microsoft Lottery," and that the e-mail he responded to is just one of millions sent every day by scammers perpetrating advanced fee frauds, where victims are duped into sending money in exchange for a service or prize that never arrives.

Ericson thought he had won £500,000 (US$1 million). "I've been cheated the tough way," he said during an interview for a video distributed internally within Microsoft. "I'm only telling this because I hope nobody goes through the same thing."

Advanced fee fraud, also known as "419" scams after how the crime is classified in Nigeria's criminal code, are nothing new. The scams are still carried out through regular mail, but e-mail is now the powerful distribution method of choice.

Ultrascan Advanced Global Investigations in the Netherlands, which has a special department dedicated to 419 crimes, estimates conservatively that $4.3 billion was lost worldwide to 419 scams in 2007. Countries most victimized are the U.S., U.K. and Japan. Ultrascan's data comes from its own investigations, and it advises that the real figure is likely many times higher.

Ericson's case has probably received more attention from law enforcement than most since he notified Danish police, who have been investigating for more than six months. Most victims never report their losses due to embarrassment.

Microsoft also stepped forward to help since the scammers used the company's brand name -- a common tactic -- in the ruse. Other companies are also irked by the surge in 419 crime. In May, Yahoo filed a federal lawsuit against 50 unnamed individuals and companies for using its trademarks for lottery-related scams.

Microsoft has seen a 300 percent increase year-over-year in complaints, said Jean-Christophe Le Toquin, a Microsoft attorney based in Paris.

The schemes are most successful against trustworthy people who tend to develop complex relationships with the criminals.

"The reality we see is that these victims get themselves in real trouble not only financially but also from a psychological perspective," Le Toquin said. "The more money they give, the more they want to believe in the scammer."

The belief is naïve, but the scams have been successful against even some of the brightest minds. Frank Engelsman, a 419 expert with Ultrascan, said he's dealt with two cases where Nobel Prize recipients were taken in by sophisticated schemes.

One of the Nobel winners became wrapped up in a plot that involved supplying vaccines to a country, Engelsman said. The other lost close to $4 million in a gold-related scheme, he said.

In Ericson's case, it seems the perpetrators were connected with Nigeria, but operating out of London. In order to collect his lotto winnings, Ericson was told to send thousands of British pounds in legal and courier fees over eight months.

One fee was ostensibly a deposit to ensure he wasn't laundering money. That bill was sent on fake United Nations letterhead, from the "Department of the Anti-terrorist Team," supposedly based in Bangkok.

Ericson is not likely to ever see his money, said Henning Nielsen, chief detective inspector for the economic crimes department with the Danish police outside Copenhagen, who investigated the case.

The fraudulent e-mails are usually sent from public cafés or libraries with PCs, which makes it very difficult to find the actual person who sent the e-mail, Nielsen said. Ericson also sent his money using Western Union's money transfer service, which is harder to trace.

"We couldn't follow the money," Nielsen said. "If he had used a bank, we could follow the money through the accounts. We couldn't do that because it was Western Union."

There are indications that fraudsters have started Western Union franchises in order to make it difficult for investigators, Engelsman said. Since a person just needs a reference number and an ID to pick up money, the system is opaque, especially if an accomplice is not doing proper ID checks.

"The majority of money is laundered through cash points and Western Union and MoneyGram agencies," Engelsman said.

Western Union declined to make a security official available for this story. But Anja Reitermann, vice president for corporate affairs for Europe, the Middle East and Africa, said the company doesn't vet people's backgrounds before they send money.

Microsoft and law-enforcement agencies of other countries have reached out to Nigeria's Economic and Financial Crimes Commission (EFCC), the key agency in charge of fraud-related law enforcement. While praised for its early efforts, the agency has gone through a recent reorganization that left observers hoping it stays on track, Engelsman said.

Multiple efforts to reach officials at the EFCC were unsuccessful.

The continued increase in the number of scams will far outstrip law enforcement's capacity to investigate. Fewer than 1 percent ever receive police attention, Engelsman said. In 2007, Ultrascan estimated that 520,000 people among the U.K.'s 60 million population paid some sort of advance fee.

Building a complete case against a network of scammers can take up to a year, Engelsman said. Additionally, many skilled law-enforcement agents have been reassigned in recent years to antiterrorist-related units, and other talented cops end up going to the private sector where they're better paid, Engelsman said.

Le Toquin of Microsoft said the investigations require cross-border help, which can pose legal complications: "It's time-consuming. It's not impossible, but obviously it's hard work."

Subscribe to the Security Watch Newsletter

Comments