Ever received a “londoning” scam?

The concept of the “londoning” scam, which is one of the varieties of the infamous 419’s or “advance fee frauds” (called 419’s because of the article in the Nigerian criminal code which deals with such scams, as many of these we receive actually originate from Nigeria…) is not a new one, but as it is still making effective rounds, you should be familiar with it.

The scam can arrive as an email, as a Facebook message, sometimes even as a mobile text message:

A recent example of the scam…

People generally like to help out a friend in need and cybercriminals were quick to start abusing that. The term “londoning” originated from the first such scams, which quoted London as the place where your “friend” was mugged, but since then they have expanded to any random destination. What they all have in common though, is that they ask the receiver to contact them and send them money. Straight forward and in many cases quite effective too. Particularly if the scammers have gotten hold of some actual friend’s of yours Facebook login and send you a message pretending to be them.

So, how to spot such a scam?

  • Well, you can be very suspicious of messages like this, however they arrive and wherever or whoever they come from. What constitutes “suspicious” in the email context? It’s clear from the headers that it was sent to more than one person, doesn’t indicate that the sender actually knows anything about the recipient other than their address (no personal touches) and so on.
  • Don’t even think of responding to the request until you’ve verified the source with extreme prejudice.
  • Absence of personalization (personal touches in the message that actually indicates the sender knows you well) is a pretty good indicator of untrustworthiness (and characteristic of all generalized phish and 419 messages). If I was going to tap you for a few thousand quid, I think I’d probably ask after your spouse and children, for instance, however upset I was. However, bear in mind also that not all social engineering attacks are untargeted. Remember that someone who compromises your Facebook account, for instance, has access to your profile and those of your friends, not just your account details and contact lists.
  • If the way the message is expressed is uncharacteristic (especially if it sounds more “foreign” than you’d expect), that’s a pretty good indication that you’re not talking to the person you think you’re hearing from.
  • Be particularly sceptical when a “friend” (or, even more suspiciously, an acquaintance) wants you to send them cash by a scam-friendly channel such as Western Union.
  • 419 scams are sometimes inventive in social engineering terms, but not necessarily hi-tech, so make sure you take reasonable precautions to avoid having your accounts (email, Facebook, other social networking sites) compromised. Use hard to break passwords, don’t use the same password for multiple accounts, and be on the lookout for any attempt to trick you into giving your password away, and that will reduce your attack surface (no guarantees of invulnerability though!)

Urban Schrott
IT Security & Cybercrime Analyst
ESET Ireland


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s