Call a Specialist Today! 888-785-4405

The Latest Cyberoam News
Product and Solution Information, Press Releases, Announcements

Cyberoam’s thorough investigation of hotel reservation scam emails from senegal
Posted: Thu Aug 27, 2009 02:07:00 PM
 
Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, has reported a variation of the 419 scam email, with potentially unsafe consequences for recipients. Disguised under hotel bookings and ostensible conferences in Dakar, Senegal, these emails easily passed through anti-spam filters which prompted Cyberoam to conduct a thorough investigation. Probing into their source and authenticity has led to the confirmation of a major fraud.

Cyberoam had initially responded to an email by “Global Aid Organization (G.A.O.)”, a purportedly Washington DC, USA-based charity that was to schedule a worldwide conference on human trafficking in Dakar, Senegal between 24th-27th August, 2009. No such organization could be traced by search engines even though the email contained what appeared to be a legitimate website. The email IP address was subsequently traced to Dakar, Senegal instead of Washington DC.

In order to lure recipients, the senders scheduled a free initial conference in USA between 17th-20th August, 2009 supposedly with round trip air tickets, meals and accommodation. Recipients were also told they wouldn’t get a US visa without first making a down-payment for the hotel reservation in Africa. The follow-up emails by “hotels based in Senegal” carried tariff cards and registration forms. Phone numbers and website details were also included, all of which later turned out to be fraudulent.

Says Abhilash Sonwane, Vice President – Product Management, Cyberoam, “The most worrying aspect of this entire scam is that they want you to furnish your precise passport information in their registration forms –passport number, name as in passport, photo, date of birth, address; all useful details for organized crime syndicates that are behind fake passports and identity theft.”

Cyberoam has found the following additional evidence to confirm the fraudulent intention of G.A.O. and participating hotels.

1. The websites used for G.A.O, www.globalaidorganization.4-all.org and the hotel www.faidherbedakarhotel.xu.am are hosted on free subdomains 4-all.org and xu.am, both extremely popular with spammers. Hotel Faidherbe happens to be a real hotel in Dakar, Senegal impersonated by the scammers This is the reason these websites never show up on search engines. What’s more, these scammers have the nerve to display seemingly genuine websites to pull their deception. Genuine websites always use a paid domain.
2. After calling G.A.O. on its Washington D.C. phone number, someone from their office confirmed they were located in Washington D.C. However, there was a clear mismatch in the given area code, 516, as it was based in Long Island, Nassau County, New York. Both hotel phone numbers for Senegal turned out to be invalid.
3. There was huge mismatch in currency rates used for Hotel tariff card shown in both Euros as well as Senegal’s currency, CFA. Whereas 1 Euro is pegged at 655.97 CFA, the tariff card described 65.000 Euros as equivalent to 43.000 CFA.
4. All emails used free webmail providers that are generally popular with spammers, ikiz.net, post.com and mail.com. Also, one of the email sender name fields – “Faid herbeeda" faidherbedakarhotel@ikiz.net contained a spelling typo.
5. The organizers sought to bring delegates to the US by petitioning the embassy in their host country for an H2B visa which happens to be an “employment” visa, not one used for attending conferences in that country.

Adds Mr. Sonwane, “After Cyberoam thoroughly completed the scam investigation, we were not surprised to find out that the only thing genuine about the scammers was the wire transfer details for sending hotel reservation money. The Swift code used belonged to the actual CBAO bank, based in Senegal. However, as expected, an individual was the beneficiary for the funds to be received, not any real organization called G.A.O.”

As in all other scam emails, a little bit of caution pays for one to avoid playing into the hands of the scammers. What is troubling is the fact that these scammers are now using perceived credentials of international humanitarian organizations and look-alikes of actual hotels to appeal to recipients emotions, and trick anti-spam filters.
 
« Return to News List