CYBEROAM’S THOROUGH INVESTIGATION OF HOTEL RESERVATION SCAM EMAILS FROM SENEGAL
Bogus hotels and conferences, suspicious contact info, made-up websites and a probable fake passport racket
Woburn, MA, USA – 12 August, 2009
Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, has reported a variation of the 419 scam email, with potentially unsafe consequences for recipients. Disguised under hotel bookings and ostensible conferences in Dakar, Senegal, these emails easily passed through anti-spam filters which prompted Cyberoam to conduct a thorough investigation. Probing into their source and authenticity has led to the confirmation of a major fraud.
Cyberoam had initially responded to an email by “Global Aid Organization (G.A.O.)”, a purportedly Washington DC, USA-based charity that was to schedule a worldwide conference on human trafficking in Dakar, Senegal between 24th-27th August, 2009. No such organization could be traced by search engines even though the email contained what appeared to be a legitimate website. The email IP address was subsequently traced to Dakar, Senegal instead of Washington DC.
In order to lure recipients, the senders scheduled a free initial conference in USA between 17th-20th August, 2009 supposedly with round trip air tickets, meals and accommodation. Recipients were also told they wouldn’t get a US visa without first making a down-payment for the hotel reservation in Africa. The follow-up emails by “hotels based in Senegal” carried tariff cards and registration forms. Phone numbers and website details were also included, all of which later turned out to be fraudulent.
Says Abhilash Sonwane, Vice President – Product Management, Cyberoam, “The most worrying aspect of this entire scam is that they want you to furnish your precise passport information in their registration forms –passport number, name as in passport, photo, date of birth, address; all useful details for organized crime syndicates that are behind fake passports and identity theft.”
Cyberoam has found the following additional evidence to confirm the fraudulent intention of G.A.O. and participating hotels.
- The websites used for G.A.O, www.globalaidorganization.4-all.org and the hotel www.faidherbedakarhotel.xu.am are hosted on free subdomains 4-all.org and xu.am, both extremely popular with spammers. Hotel Faidherbe happens to be a real hotel in Dakar, Senegal impersonated by the scammers This is the reason these websites never show up on search engines. What’s more, these scammers have the nerve to display seemingly genuine websites to pull their deception. Genuine websites always use a paid domain.
- After calling G.A.O. on its Washington D.C. phone number, someone from their office confirmed they were located in Washington D.C. However, there was a clear mismatch in the given area code, 516, as it was based in Long Island, Nassau County, New York. Both hotel phone numbers for Senegal turned out to be invalid.
- There was huge mismatch in currency rates used for Hotel tariff card shown in both Euros as well as Senegal’s currency, CFA. Whereas 1 Euro is pegged at 655.97 CFA, the tariff card described 65.000 Euros as equivalent to 43.000 CFA.
- All emails used free webmail providers that are generally popular with spammers, ikiz.net, post.com and mail.com. Also, one of the email sender name fields – “Faid herbeeda” firstname.lastname@example.org contained a spelling typo.
- The organizers sought to bring delegates to the US by petitioning the embassy in their host country for an H2B visa which happens to be an “employment” visa, not one used for attending conferences in that country.
Adds Mr. Sonwane, “After Cyberoam thoroughly completed the scam investigation, we were not surprised to find out that the only thing genuine about the scammers was the wire transfer details for sending hotel reservation money. The Swift code used belonged to the actual CBAO bank, based in Senegal. However, as expected, an individual was the beneficiary for the funds to be received, not any real organization called G.A.O.”
As in all other scam emails, a little bit of caution pays for one to avoid playing into the hands of the scammers. What is troubling is the fact that these scammers are now using perceived credentials of international humanitarian organizations and look-alikes of actual hotels to appeal to recipients emotions, and trick anti-spam filters.
Cyberoam Identity-based UTM appliances offer comprehensive protection against existing and emerging Internet threats, including viruses, worms, Trojans, spyware, phishing, pharming and more. Cyberoam delivers the complete range of security features such as stateful inspection firewall, VPN, gateway anti-virus, gateway anti-malware, gateway anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link management over a single platform. Cyberoam is certified by the West Coast Labs with CheckMark UTM Level 5 Certification, ICSA Labs, an independent division of Verizon Business, and is a member of the Virtual Private Network Consortium. Cyberoam has also received SC Magazine’s 5 Star Rating twice in a row, the 2007 Global Excellence Awards for Integrated Security Appliance, Security Solution for Education and Unified Security, and the 2007 Tomorrow’s Technology Today Award for Unified Security. Cyberoam has offices in the Newburyport, MA and India. For more information, please visit www.cyberoam.com
About Elitecore Technologies
Elitecore Technologies is the global provider of Cyberoam UTM appliances. Elitecore’s other divisions include CRESTEL Convergent Billing Solution that meets the voice, data, video billing and customer care requirements of Tier-1 service providers and 24online Billing and Bandwidth Management Solution for hotels, hotspots and Internet service providers. Elitecore has a strong R&D base and support center in India; it has sustained a healthy growth rate of over 75 % since inception. For more information, please visit www.elitecore.com
L. K. Pathak