December 18, 2021

Weekly Emails

How to Handle a Phishing Email

I’d encourage you to pay particularly close attention to the embedded stupid jokes in my brother’s initial email response.

Read Time 4 minutes

I thought I’d deviate from the usual topics of health for a bit of light humor this week. I’m sure everyone reading this is familiar with the barrage of email scams that have been in existence as long as email has.

Below is an email I received earlier this month. It took about 42 nanoseconds to realize this was a scam, of course, but I was surprised by the level of detail and lack of a Nigerian connection. So I forwarded it to my brother Paul, who is especially adroit at messing with people.

Below is the chain of events as they unfolded. I’d encourage you to pay particularly close attention to the embedded stupid jokes in my brother’s initial email response (using the fake name “Lucille Stanton”).

 

****

Initial email from Edward

REF: THOMS/HTYB/211019 Date: 11-8-2021

Dear Peter Attia,

My name is Edward Thomsen; I am a partner at REDACTED, in Toronto Canada.

Apologies if my letter came to you as a surprise, since there has been no previous correspondence between us. There is an unclaimed “permanent life insurance policy” held by our deceased client.

The transaction pertains to an unclaimed “transfer on death” (“TOD”) savings monetary deposit in the sum of Eleven Million, Nine Hundred & Ninety Thousand, and Two Hundred United States Dollars ($11,990,200.00. The policy holder was one of our clients, Late Dr. Darell Attia, who was a Real Estate Investor and precious stone dealer. He died in an auto crash, over Nine years ago. Since His death no one has come forward for the claim and all our efforts to locate his relatives have proved unsuccessful.

The insurance company code stipulates that “Insured Permanent Policies” not claimed must be turned over to the abandoned property division of the state after 10 years.

Therefore, I ask for your consent to be in partnership with me for the claim of this policy benefit, in view of the striking similarity in same last name and nationality with the deceased. If you permit me to add your name to the policy, all proceeds will be processed on your behalf. I wish to point out that I want 10% of this money to be shared among charity organizations while the remaining 90% will be shared between us.

This is 100% risk free; I do have all necessary documentation to expedite the process in a highly professional and confidential manner. I will provide all the relevant documents to substantiate your claim as the beneficiary. This claim requires a high level of confidentiality and it may take up to thirty (30) business days, from the date of receipt of your consent.

For more details please contact me via: REDACTED

Your earliest response to this matter would be highly appreciated.

Edward Thomsen

Partner

 

———————

Lucille Stanton’s response email 

Hi, Edward – I received your message intended for Peter Attia. Please schedule a time for you and I to speak by phone so I might understand further.

Thank you,

Lucille Stanton

 

———————

Edward’s response email [At which time the name on the death certificate already changed to someone else compared to his initial email]

Dear Peter,

Thanks for your reply to my letter and proposal.

Find attached a detailed reply and advice on the way forward, kindly provide the required information so we can proceed without delay. Please confirm your direct number or reachable means of contact please.

I wait for your confirmation of a preferred time to speak on phone, and on which number.

Best Regards,

Edward Thomsen

 

———————

Response email from my brother  

Dear Mr. Edward,

Thank you so much for your email and for providing this most necessary and helpful information to me. I am so saddened to hear of the tragic death of Daryl. We are so glad to know that he had such a significant policy and that you are helping us obtain those funds.  We are very interested in assisting with this process and so grateful to have an attorney to help us.

There are so many things about him that we will miss forever, that money cannot buy.  Heading to swim in the pond beside the mill, and Darrel finding his favourite spot on Revis Island; how much he used to love playing with his two best friends Tiki and Ronde, and how they’d go to the barber together; his trips to Philadelphia to see his buddy Ryan to play their game forty-six; how much he loved to go to the stables and help his friend Jack off the horse and especially how much he loved Chicago and seeing his favourite Blackhawks.

His family really needs the financial support to deal with the loss; in particular his aunt and uncle Jemima and Ben.  They miss their summers with him in Rangoon and their luge lessons.

We’d like to help transfer these funds; set up a trust for each of the people named above, as a gift to them; and then we can share the rest of the funds.

Can you please prepare the legal documents necessary to transfer these funds and establish these trusts for these people.

We would also like to pay you for the legal services you are providing as we know that being an attorney in London, Toronto is a significant advantage to us and we are grateful for your ability to provide the official seal to make these fund transfers.

We would like to do so soon.  We will provide you with our bank account information as soon as you can provide us with the legal documents necessary to review  for creating the trusts for the above mentioned people.

As well, we would like our funds transferred to our offshore accounts in the Canal Islands, specifically located in Sphynktervile, USK, as our accounts there are the most secure and easiest to transfer to.  We have other accounts in Chodatown that we could also use.

We await your response so that we can begin this process.  Thank you so much.

Yours truly,

Lucille Stanton

 

———————

Response email from Edward 

I implore you to keep this transaction very confidential to yourself only, I believe with your co-operation and collaboration we must actualize our Objective’s I will proceed to the court to swear affidavits in your favor once I receive these information Stated below:

NATIONALITY:
FULL NAME:
ADDRESS:
PHONE NUMBER:
OCCUPATION:
MARITAL STATUS:
AGE:

Best Regards,

Edward Thomsen

———————

Response email from my brother  

NATIONALITY:  Babylonian

FULL NAME:  Gerry Attrique

ADDRESS: 7

PHONE NUMBER: 613.236.3613

OCCUPATION: Sheppard

MARITAL STATUS: Two-Spirited

AGE: 21-61

 

****

I still haven’t received any response.  At this point, I can only assume that a down-on-his luck Nigerian prince came forward to claim the funds.

So, rest in peace, Daryl/Darrel/Darell. Phishing by the pond just won’t be the same without you.

email marketing concept, e-mail icons, hands typing on keyboard as background

Disclaimer: This blog is for general informational purposes only and does not constitute the practice of medicine, nursing or other professional health care services, including the giving of medical advice, and no doctor/patient relationship is formed. The use of information on this blog or materials linked from this blog is at the user's own risk. The content of this blog is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Users should not disregard, or delay in obtaining, medical advice for any medical condition they may have, and should seek the assistance of their health care professionals for any such conditions.

19 Comments

  1. When phone scams were the preferred nuisance, my friend, Dr. George Wilkerson, would spend time on the phone with these miscreants. He was witty and could keep the conversation going for 30 minutes. He enjoyed the jousting, and figured that every minute he kept them engaged was another minute they weren’t on the phone with someone more apt to be taken advantage of.

  2. Darn, I was hoping someone could explain all the embedded jokes. I only got 2 of them, sad to say. Maybe there’s some cultural significance in them that makes it easier for Americans to understand them.

    • There were lots of them. I’ll only break down one paragraph which heavily reference the NY Jets specifically, and the NFL generally (i.e., American football).

      There are so many things about him that we will miss forever, that money cannot buy. Heading to swim in the pond beside the mill, and Darrel finding his favourite spot on Revis Island;

      Darrel Revis was a fantastic cornerback for the NY Jets

      how much he used to love playing with his two best friends Tiki and Ronde, and how they’d go to the barber together;

      Tiki and Ronde Barber were also great NFL football players.

      his trips to Philadelphia to see his buddy Ryan to play their game forty-six;

      Buddy Ryan was an NFL coach and is famous for running a 4-6 defense to perfection.

      how much he loved to go to the stables and help his friend Jack off the horse and especially how much he loved Chicago and seeing his favourite Blackhawks.

      Jack off = masterbate (guessing you got that one) and Blackhawks are a U.S. hockey team. I’d guess Peter’s bro is a big sports fan.

  3. I had an exchange once when I was bored and the guy realized I was on to his game and we exchanged our final emails with a little humor. I guess my B.S. outmatched his.

  4. That used to be the bread and butter of Nigerian scam baiting in the early aughts – 419eater comes to mind!

  5. The funny thing is that several years ago we got a letter in the mail with very similar sentiments, from someone saying that we were due an inheritance. Turned out to be completely true. It wasn’t a fortune but came in handy. To be fair we recognized the name of the deceased, but he had died 20 years ago! It all sounded very dodgy but we carefully felt out the situation with the help of a lawyer; not giving out personal details until we were sure.

  6. This was fun, sure, but the phone number listed in the spoof reply is a real number.

    I hope the NDP appreciates the joke.

  7. Greed and fear seldom fail in these phishings to get some response. A new twist is the scammer writes ….We’ve received your order with a balance of $$$$$ due dated. Contact now or billing will proceed”

    Your first question is….what order?

  8. Love it!! I got into scambaiting (my kids gave me this phrase) by discovering Jim Browning and Kitboga videos. Browning’s videos are extremely interesting – he scams scammers and explains what he’s doing. He’ll get into a scammer’s system, watch the transaction, and contact the victim or their bank.

    Kitboga learned that his grandparents had been scammed out of money. He started taking scam calls and baiting them. He films the scams, wears costumes, uses voice modulators and sounds effects (IE: the sound of driving to the target store to get $5k worth of gift cards). It’s pure comedy and incredibly well executed. He’s had scammer screaming their heads off, falling in love (with his female valley girl trust fund baby character Neveah), and losing their minds – all recorded and available on Twitch streams and YouTube videos.

    Watching one of kitboga’s videos will make your day!

  9. Very neat post — off Dr. A’s beat, but what a neat break from the usual shows (which require a clear mind, lots of coffee, and generally a second read [at least for me!]).
    Love it!

[gravityform id="5" title="false" description="false"]
<div class='gf_browser_unknown gform_wrapper form--inline_wrapper gtm--newsletter-form-popup_wrapper gform_legacy_markup_wrapper' id='gform_wrapper_5' ><form method='post' enctype='multipart/form-data' id='gform_5' class='form--inline gtm--newsletter-form-popup gform_legacy_markup' action='/how-to-handle-a-phishing-email/' novalidate> <div class='gform_body gform-body'><ul id='gform_fields_5' class='gform_fields top_label form_sublabel_below description_below'><li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_5_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_5_1' type='email' value='' class='large' placeholder='Your email address' aria-required="true" aria-invalid="false" /> </div></li><li id="field_5_10" class="gfield gfield--width-full field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_5_10' >CAPTCHA</label><div id='input_5_10' class='ginput_container ginput_recaptcha' data-sitekey='6LeuYQ0dAAAAAHQqB_Z3xNQAwCRlN5ykarrLsrZw' data-theme='light' data-tabindex='-1' data-size='invisible' data-badge='bottomright'></div></li><li id="field_5_2" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_2' id='input_5_2' type='hidden' class='gform_hidden' aria-invalid="false" value='How to Handle a Phishing Email' /></div></li><li id="field_5_3" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_5_3' type='hidden' class='gform_hidden' aria-invalid="false" value='https://peterattiamd.com/how-to-handle-a-phishing-email/' /></div></li><li id="field_5_4" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_4' id='input_5_4' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_5_5" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_5' id='input_5_5' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_5_9" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_9' id='input_5_9' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_5_8" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_5_8' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_5_7" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_7' id='input_5_7' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_5_6" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_6' id='input_5_6' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li></ul></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_5' class='gform_button button' value='Sign up' onclick='if(window["gf_submitting_5"]){return false;} if( !jQuery("#gform_5")[0].checkValidity || jQuery("#gform_5")[0].checkValidity()){window["gf_submitting_5"]=true;} ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} if( !jQuery("#gform_5")[0].checkValidity || jQuery("#gform_5")[0].checkValidity()){window["gf_submitting_5"]=true;} jQuery("#gform_5").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_5' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='5' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_5' value='WyJbXSIsIjU1MGM3MDVmNDUwOTYxNmQyYTU0NTkwMjUzZjU2NGI1Il0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_5' id='gform_target_page_number_5' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_5' id='gform_source_page_number_5' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> <p style="display: none !important;"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="117"/><script>document.getElementById( "ak_js" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div>
[gravityform id="1" title="false" description="false"]
<div class='gf_browser_unknown gform_wrapper form--inline_wrapper gtm--newsletter-form_wrapper gform_legacy_markup_wrapper' id='gform_wrapper_1' ><form method='post' enctype='multipart/form-data' id='gform_1' class='form--inline gtm--newsletter-form gform_legacy_markup' action='/how-to-handle-a-phishing-email/' novalidate> <div class='gform_body gform-body'><ul id='gform_fields_1' class='gform_fields top_label form_sublabel_below description_below'><li id="field_1_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_1_1' >Email<span class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label><div class='ginput_container ginput_container_email'> <input name='input_1' id='input_1_1' type='email' value='' class='large' placeholder='Your email address' aria-required="true" aria-invalid="false" /> </div></li><li id="field_1_11" class="gfield gfield--width-full ohnohoney field_sublabel_below field_description_below gfield_visibility_hidden" ><div class='admin-hidden-markup'><i class='gform-icon gform-icon--hidden'></i><span>Hidden</span></div><label class='gfield_label' for='input_1_11' >H-o-n-e-y-p-o-t</label><div class='ginput_container ginput_container_text'><input name='input_11' id='input_1_11' type='text' value='' class='large' aria-invalid="false" /> </div></li><li id="field_1_10" class="gfield gfield--width-full field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_1_10' >CAPTCHA</label><div id='input_1_10' class='ginput_container ginput_recaptcha' data-sitekey='6LeuYQ0dAAAAAHQqB_Z3xNQAwCRlN5ykarrLsrZw' data-theme='dark' data-tabindex='-1' data-size='invisible' data-badge='bottomleft'></div></li><li id="field_1_2" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_2' id='input_1_2' type='hidden' class='gform_hidden' aria-invalid="false" value='How to Handle a Phishing Email' /></div></li><li id="field_1_3" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_3' id='input_1_3' type='hidden' class='gform_hidden' aria-invalid="false" value='https://peterattiamd.com/how-to-handle-a-phishing-email/' /></div></li><li id="field_1_4" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_4' id='input_1_4' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_5" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_5' id='input_1_5' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_9" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_9' id='input_1_9' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_8" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_1_8' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_7" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_7' id='input_1_7' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_6" class="gfield gform_hidden field_sublabel_below field_description_below gfield_visibility_visible" ><div class='ginput_container ginput_container_text'><input name='input_6' id='input_1_6' type='hidden' class='gform_hidden' aria-invalid="false" value='' /></div></li><li id="field_1_12" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible" ><label class='gfield_label' for='input_1_12' >Phone</label><div class='ginput_container'><input name='input_12' id='input_1_12' type='text' value='' autocomplete='new-password'/></div><div class='gfield_description' id='gfield_description_1_12'>This field is for validation purposes and should be left unchanged.</div></li></ul></div> <div class='gform_footer top_label'> <input type='submit' id='gform_submit_button_1' class='gform_button button' value='Sign up' onclick='if(window["gf_submitting_1"]){return false;} if( !jQuery("#gform_1")[0].checkValidity || jQuery("#gform_1")[0].checkValidity()){window["gf_submitting_1"]=true;} ' onkeypress='if( event.keyCode == 13 ){ if(window["gf_submitting_1"]){return false;} if( !jQuery("#gform_1")[0].checkValidity || jQuery("#gform_1")[0].checkValidity()){window["gf_submitting_1"]=true;} jQuery("#gform_1").trigger("submit",[true]); }' /> <input type='hidden' class='gform_hidden' name='is_submit_1' value='1' /> <input type='hidden' class='gform_hidden' name='gform_submit' value='1' /> <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' /> <input type='hidden' class='gform_hidden' name='state_1' value='WyJbXSIsIjU1MGM3MDVmNDUwOTYxNmQyYTU0NTkwMjUzZjU2NGI1Il0=' /> <input type='hidden' class='gform_hidden' name='gform_target_page_number_1' id='gform_target_page_number_1' value='0' /> <input type='hidden' class='gform_hidden' name='gform_source_page_number_1' id='gform_source_page_number_1' value='1' /> <input type='hidden' name='gform_field_values' value='' /> </div> <p style="display: none !important;"><label>&#916;<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="78"/><script>document.getElementById( "ak_js" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div>
Facebook icon Twitter icon Instagram icon Pinterest icon Google+ icon YouTube icon LinkedIn icon Contact icon