Bogus Diana Memorial Foundation Email Attempts To Steal Money From The Unwary, Sophos Reports

Experts at SophosLabs, Sophos’s global network of virus, spyware and spam analysis centres, have warned internet users of a spam campaign which pretends that the recipient has won a charitable grant from a global humanitarian organisation set up to create a living memorial to the late Diana, Princess of Wales.

The messages claim that recipients have been randomly selected to receive ?2,598,000.00. The emails say that to receive the grant they must make contact with the organisation, who will reply with further instructions. However, the emails, which claim to be sent from the “Diana Memorial Foundation”, are not connected with the genuine Diana Memorial Fund.

Sophos researchers believe that the emails are a variant of the commonly-encountered “Letter from Nigeria” scams, also known as 419 Advanced Fee Fraud. These emails fool innocent users into believing that a large amount of money will be transferred into their bank account, but are really designed to steal information about the user’s bank account or demand a “handling fee” for the money transfer.

“This email scam campaign is abusing the memory of one of the world’s most famous women in its attempt to steal money from the unwary. Everyone should be suspicious if they are unexpectedly told they are about to receive a fortune,” said Graham Cluley, senior technology consultant for Sophos. “Alarm bells should instantly ring when recipients see that they have to contact the supposedly legitimate organisation via a Yahoo email address, but some may find the promise of riches makes them blind to the danger.”

Interestingly, Sophos experts note that the email refers to the name of a genuine employee of the real Diana Memorial Fund inside the message.

“Using the name of a genuine employee of the Diana Memorial Fund in the email may be an attempt to give the message greater credibility for anyone who searches for more information on the web,” continued Cluley. “However, the postal address given in the email is not that of the real charity whose website can be found at www.theworkcontinues.org.”

More information and a graphic of the email message can be found at:

http://www.sophos.com/pressoffice/news/articles/2005/12/diana419.html

Sophos cautions users to be wary of unsolicited emails, and has published information about how individuals can learn how to protect themselves against this and other online scams at

http://www.sophos.com/spaminfo/bestpractice/phishing.html.