Scam of the day – September 27, 2016 – Business email scammer sentenced

Whaling may be a term, when referring to cybercrime, with which you may not be familiar.  By now, everyone is aware of the term “phishing” which refers to the social engineering crime by which scammers send emails purporting to be from a legitimate source in which they lure you into either clicking on malware infected links or directly sending them money.   Often phishing emails are easy to spot because they may not be directed to you by name, but rather by a salutation, such as “Dear Customer” and not contain the type of information that would make you tend to believe that the email is legitimate. “Spear Phishing” is more refined phishing where the scammer has gathered, often through hacking of various websites and companies, personal information about you such that when you receive the phony email from the scammer it appears more legitimate.  The latest criminal version of this tactic is called “whaling” and it is a type of spear phishing aimed at the big fish.

In January of 2016 I told you about Amechi Colvis Amuegbunam, a Nigerian in the United States on a student visa being arrested and charged with wire fraud based on scamming 17 Texas companies out of more than $600,000 through whaling.  Amuegbunam is sent emails that appeared to be from high level company executives to lower level company employees who had the authority to wire funds on behalf of the company requesting that funds be wired to bank accounts he controlled.  The FBI has said that in the last two years 7,000 American companies have been swindled out of approximately 740 million dollars using this technique.

The scammers who use whaling are sophisticated criminals who gather much personal information about the companies and individuals targeted before sending their whaling emails.  They use this information to tailor their emails to make them appear legitimate.  Often they are able to gather much of this information through social media such as Facebook where people sometimes have a tendency to share too much personal information.


In the case of Amuegbunam, one of the emails he is alleged to have sent was to a company executive for Luminant Corp which is a Texas electric utility company.  However, if the company executive had looked closely at the email address of the sender, he would have noticed that the name Luminant was misspelled in the email address so that it actually read “lumniant.”  This is an easy misspelling to miss, which is why scammers are able to get email addresses that when looked at quickly may appear to come from someone at the legitimate company, rather than a scammer.  In this particular case, had the employee noticed that the email address of the sender was not legitimate, it would have saved the company $98,550.

The lesson for companies is to both educate employees as to the telltale signs of spear phishing and whaling as well as also have a confirmation protocol in place to be followed when authorizing the wiring of funds, particularly when they are being sent to companies or individuals that their company had not done business with in the past.

As for the rest of us, we should be careful to avoid spear phishing too. Consider how information that you post on social media could be used to defraud you before you post anything and remember that personal information about you and your business accounts can also be gathered through data breaches at companies with which you do business.  Therefore, as I always advise you, never click on links in emails, send money or provide personal information in response to emails that you receive regardless of how legitimate they may appear until you have confirmed that they are indeed not scams.

As for Amuegbunam, he has been sentenced to 46 months in prison and ordered to make restitution to his victims.

Scam of the day – June 20, 2013 – Nigerian email scam is still with us

Like an old friend or perhaps a bad penny, the Nigerian email scam by which you receive an email promising riches under various pretexts such as an inheritance or in return for simple assistance in moving money out of Nigeria keeps on coming back.  A copy of one of these emails which I recently received is copied below.  Someone must be still falling for this scam because they still are being sent out, but I hope you are not one of the people who falls prey to this totally bogus scam.  What happens if you respond to the email is you get strung along, constantly being required to pay money for various things such as taxes, bribes, administrative fees or other costs.  All the while, you receive nothing.

Here is a copy of the email I received:


Central Bank of Nigeria
Head Office Complex,
Central Business District
Abuja FCT. – Nigeria.

From The Desk Of:

Dr. Mrs. Juliet A. Madubueze

phone Number:+234-8030-940-186

(Board Member).

Attention: Beneficiary ,

I am Chief Dr Joshua Omoye , Board Member of Central Bank Of Nigeria (C.B.N) I am Instructed to officially inform you that we have verified your contract/ inheritance file and found out that why you have notreceived your payment is because you have not fulfilled the obligations given to you in respect of your contract/ inheritance payment.  We wish to advise you to stop any communication with any body if youwish to receive your payment,, since we have decided to bring a solution to give you your cash Right now we have arranged your payment through our SWIFT CARD PAYMENT CENTRE from European Union, which isthe latest instruction from the new elected president Mr. Goodluck Jonathan (GCFR) Federal Republic of Nigeria.  This card center will send you an ATM card, which you will use to withdraw your money in any ATM machine in any part of the world, but the maximum is Ten Thousand United States Dollars ($10,000.00) per day. So if you like to receive your fund in this way, please let usknow and send the following information as listed below :

1. Full Name: ===

2. Phone and fax Number: ===

3. Address were you want them to send the ATM card to: =====

4. Your age and current occupation: ==========

We will forward your information to the Director of ATM CARD payment officers   Me Chief Dr. Joshua Omuya and the Executive GOVERNOR Dr. Lamido Sanusi   (Board Member) upon our receipt of the above information. Or you can call him. This is his direct phone Number:+234-8030-940-186  Note that the ATM card payment center was mandated to issue out $8000.000,00 Eight Million US Dollars as your payment for this fiscalyear 2013 to you so bear with us.  We anticipate your total compliance to this message immediately.

Yours sincerely,

Dr Mrs. Juliet A. Madubueze

(CBN Board  Member)

phone Number:+234-8030-940-186”


There are many telltale signs that this is a scam.  Nowhere in the email does my name every appear.  The email is purportedly written by Joshua Omoye, but signed by Juliet A. Madubueze.  It is clear that this is a spam email sent to a vast number of people.  In fact, the email address to which it is addressed is not even my email address, but it ended up in my email box.  Like many of you, I do not have relatives in Nigeria from whom I could inherit.  Don’t be blinded by greed.  Scam artists count on people to allow the promise of riches dim their skepticism.  When you get such an email, merely delete it.  Do not attempt to contact the sender in any fashion.  That will only alert the scammer that they have a real person to deal with.  Another telltale sign is merely the reference to Nigeria.  Nigeria is a hotbed for these types of scams.  I feel badly for legitimate companies from Nigeria who will find people in other countries skeptical whenever they are contacted by a Nigerian company, however, in order to avoid losing your money to a scam artist, you should never respond to emails from Nigeria.


Scam of the day – December 18, 2012 – Newtown charity scams and similar charity scams

As I warned you, the very day after the horrible shootings at the Sandy Hook Elementary School in Newtown, Connecticut, scammers and identity thieves will be preying upon both our best and worst instincts in response to the tragedy.  People seeking videos and photographs of the event may find themselves clicking on links that purport to provide you with such material, but may only end up downloading keystroke logging malware that will steal all of the information from the computers of the curious people who will find themselves becoming victims of identity theft.  Go back to Saturday, December 15ths “Scam of the Day” for more particulars.  The next step in scams stemming from the murders will be the pleas for charitable contributions for the victims and others similarly situated.  You should always be wary when anyone asks you for a charitable donation, but particularly when a charitable solicitation quickly follows an emotional event such as the killings in Connecticut.  You will want to make sure that you are giving to legitimate charities that will use your contribution wisely rather than giving your money to a scammer or a “legitimate” charity that misuses your donations by paying its administrator inordinately large salaries.  Particularly during this time of the year, you will likely find yourself being solicited by various police and firefighter charities.  Many of these are scams and it is important to know the difference between a legitimate charity and a phony one.


Whenever you are contacted by a charity whether by text, phone, email or otherwise, you can never be sure that the person contacting you legitimately represents the charity or that the charity itself is legitimate.  If you are charitably inclined, you should not respond directly to the person or entity soliciting you, but rather first, confirm that the charity itself is legitimate.  At this time of year there are many charities that contact you, particularly those purporting to represent firefighters and local police that are scams.  Many phony charities have similar names to legitimate charities, particularly those purporting to collect for local fire and police departments. You should always check out the legitimacy of the charity first before considering making a contribution.  A good place to find out if a charity is legitimate or merely has a name that sounds legitimate is  This website also will provide you with information as to how much of the charity’s collected donations actually are applied to its charitable works and how much goes to administrative fees and salaries.  As a general rule of thumb if a charity spends more than 25% of its donations on salaries and administrative costs, you may wish to contribute to another charity.

Scam of the day – October 30, 2012 – Michelle Obama email scam

With so many people being scammed, it is no surprise that scammers are going back to the well and trying to scam people who have already shown a vulnerability to being scammed through a new email that is presently being circulated that purports to be from First Lady Michelle Obama and reads,”I am Mrs. Michelle Obama and I am here to inform you that your SCAM VICTIMS COMPENSATION FUNDS from white house here in Washington DC is the sum of $20,000,000 twenty million us dollars.”  The email goes on to say, “Bear in mind that i am the only one that has your funds in regard to my husband Mr. Barack Obama and you will have to pay the sum of $260.00 before your funds will be deliver to you today so get back to me with your home address.”  The email is obviously (or should be obviously) a scam, yet people are falling for it.  Whenever you get an email or any other communication asking for money or information, you can never be sure from where it is coming so you should neither send money or information until and unless you have confirmed that whatever is communicated to you is legitimate.


In this particular scam, the signs that it is a scam are many.  First, as with many email scams is the poor grammar.  One reason for this is that this scam, as with many email scams, is originating from outside the country.  Another indication that it is a scam is the sender’s email address does not even try to match that of the White House or the federal government.  This particular scam should not even provoke you to attempt to investigate its legitimacy, but with other type of emails that you might consider legitimate, always investigate the email before sending information or money.