Blog

I did not win the Coca-Cola Lottery. Tell all your friends...

by Guy J Kewney | posted on 19 June 2006


You did not win a Coca-Cola lottery, trust me. The thing is, will you believe me? Probably, not; you'll think this is just one more terrifying false alarm.

Sophos is, of course, a genuine virus and malware company with genuine expertise. When it says: MEDIA ALERT: COCA-COLA LOTTERY NOTIFICATION EMAIL IS NOT THE REAL THING," you've no need to nip off to Snopes to check it out. The trouble is, my family and friends are suckers for hoax emails. I get two or three every week, warning that if someone calls me on my mobile, I must not answer because it's going to create a false billing item costing me twenty pounds a minute; or that if I read an email from some devious SMERSH operative it will over-write my disk with stuff that CANNOT BE ERASED, EVER!!!! or put me on a paedophile list with the CIA.

Every week, I write to my family and friends and say: "Do you really think that a chain letter email is going to discover a threat of this nature, before the 40-50 specialist anti-virus firms out there notice?" and unabashed, they send me the next.

Here's the real thing: a scam which pretends to be a notification of a lottery win, and is actually a threat. Full text:

Experts at SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, have warned of an email scam that pretends to be notification of a lottery win from Coca-Cola.

The emails, which have the subject line 'COCA COLA PROMOTION', have been spammed out to internet users claiming that the recipient has won 2.5 million US dollars in a lottery held by Coca-Cola earlier this month. The email recipient is told they are one of only 50 lucky winners around the world who were selected randomly after computers found their email address on
internet websites.

To collect their winnings, people are told to call, phone or fax an agent who claims to be working on behalf of the soft drinks giant. However, Sophos warns computer users that this is a ruse to steal personal details, and that the fraudsters behind the scam campaign can use such information to steal money from bank accounts and commit identity fraud.

Part of the email reads as follows:

---------------------------

'We happily announce to you the draw of the coca cola International promootion programs held on the 9th of June 2006 in The United Kingdom. Your e-mail address attached to ticket number: 564 75600545-188 with serial number 5388/02 drew the lucky numbers: 31-6-26-13-35-7, which subsequently won you the Promotion in the 2nd category.

'You have therefore been approved to claim a total sum of US$2,500,000.00 (Two million, five hundred thousand, United States Dollars) in cash credited to file RPC/9080118308/04 made available from a total cash prize of US $125 Million dollars, shared amongst the first Fifty (50) lucky winners in this category.'
----------------------------

"These emails are not coming from Coca-Cola, and there is no lottery waiting to give you millions of dollars for nothing. Scammers who send emails like this are only interested in stealing your identity, and using that information to empty your bank account and using other tricks to fatten their wallets," said Graham Cluley, senior technology consultant for Sophos. "Email users should always be suspicious of communications like this, as it's a common trick used by organised criminals."

This email con-trick is the latest of many 419 scams. These scams are named after the relevant section of the Nigerian penal code where many of the scams originated and are unsolicited emails whereby the author offers a large amount of money. Once a victim has been drawn in, requests are made from the fraudster for private information which may lead to requests for money, stolen identities, and financial theft.

Other examples of 419 email scams include a message claiming to come from a Scottish MP, an associate of the massacred Nepalese royal family, and even an African astronaut stranded on the Mir space station.

Sophos recommends companies automatically update their corporate email protection to protect their users against the threats posed by spam, phishing, and malicious content.

Further information and a picture of the scam email can be found at the Sophos Web site.

Tag:


Will EXPLODE your HARD DISK!!!!! - You can discuss this article on our discussion board.