IMF 419 Scam

419 and other advance-fee fraud scams are a regular part of life in the email world. I like to dig through my spam boxes to see what nuggets come up. A recent email with the subject "ECONOMIC STORM" indicated the "IMF international monetary fund and the world bank have collaborated to tackle the global economic storm facing the world." I'm glad to see someone is working to fix the economic crisis.



The email is spoofed from Mr.Dominique Strauss-Kahn and originates from the CHINANET-GD registered IP 58.63.81.97. The email request the reply go to imfec@in.com.

Name: 97.81.63.58.broad.gz.gd.dynamic.163data.com.cn
Address: 58.63.81.97

Delivered-To: xxx@gmail.com
Received: by 10.86.95.1 with SMTP id s1cs313745fgb;
Sat, 20 Dec 2008 10:36:07 -0800 (PST)
Received: by 10.114.145.1 with SMTP id s1mr2802117wad.118.1229798166053;
Sat, 20 Dec 2008 10:36:06 -0800 (PST)
Return-Path:
Received: from pfyq6 ([58.63.81.97])
by mx.google.com with SMTP id k21si16564504waf.32.2008.12.20.10.36.04;
Sat, 20 Dec 2008 10:36:06 -0800 (PST)
Received-SPF: neutral (google.com: 58.63.81.97 is neither permitted nor denied by best guess record for domain of imf@imf.org) client-ip=58.63.81.97;
Authentication-Results: mx.google.com; spf=neutral (google.com: 58.63.81.97 is neither permitted nor denied by best guess record for domain of imf@imf.org) smtp.mail=imf@imf.org
Message-Id: <494d3b16.15bb720a.7b0f.009fsmtpin_added@mx.google.com>
From: "Mr.Dominique Strauss-Kahn"
Subject: ECONOMIC STORM
To: xxx@gmail.com
Content-Type: text/plain;
charset="US-ASCII"
Reply-To: imfec@in.com
Date: Sun, 21 Dec 2008 02:36:04 +0800
X-Priority: 3

This is to inform you/your company that IMF international monetary fund and the
world bank have collaborated to tackle the global economic storm facing
the world.
These authority have set aside the sum of USD 10,000,000,000 ( Ten Billion
United State Dollars ) to finance individuals/companies around the globe
who have a reasonable project.
All applicant should send their full data and project details (project name,
project purpose,project cost) to the address given below to apply the
support for your project.

Reply to Mr. John Condo
Project Finance Section
IMF Office Beijing China
( http://www.imf.org/external/np/omd/bios/rrf.htm )
Email imfec@in.com

Yours sincerely,
Mr.Dominique Strauss-Kahn
Managing Director, IMF

The email attempts to validate itself by including a hyperlink to the bio of Mr.Dominique Strauss-Kahn. The only problem is the link points to the bio of Mr. Rodrigo de Rato, from Spain, who was the former Managing Director from June 7, 2004 to October 31, 2007.



Even the scammers can't keep up over time. It's amazing to security practitioners that these scams work, but at the same time we've all been asked by someone about the legitimacy of a virus hoax, 419, lottery, or chain email. you wouldn't think it's that profitable, but every once in a while, the scammers hit a goldmine. For example, Bruce Schneier recently blogged about a woman who lost $400K in a 419 scam. All I can say is i'm looking forward to my slice of the $10 Billion. WoooHooo!!!