If you’ve been born and raised somewhere else than the United States, you probably thought about moving out and living the American dream to the max. One of the easiest methods of immigration is through the Diversity Visa (DV) Lottery, a US government program that offers 50,000 United States Permanent Resident Cards per year.
Fig.1 Green Card Lottery “acceptance form”. Message sent from an anonymous e-mail service
The heavy demand of visas has tipped crooks all over the world to set up bogus U.S. government sites running this kind of “lotteries”. The idea behind this kind of scam is simple: set up a fake website, heavily optimize it for keywords such as “lottery”, “visa”, “green card”, give it an official look (graphic details, choice of words, headings and fonts all hint to a legit site…but it’s all fake!), then wait for unwary users to take the bait and fill in the form.
A couple of weeks later, the scammers send a batch of messages that the applicant has been awarded a visa and they have to pay a specific sum of money as visa processing fees. Since the message contains the applicant’s personal information and IP address, chances are they will fall for the trick and pay the fee or the fees.
Fig.2 The circuit of money: wire transfers cannot be traced or canceled
If you’re one of the “lucky winners” to receive this letter, then you should probably wait before popping the champagne and rushing to the nearest payment processor to shed the money. The message contains multiple hints about its illegitimacy that hide in plain sight, as shown below:
- First and foremost there is no fee to enter the lottery; afterwards, transferring money via Western Union® in this context should give a warning as this kind of send & receive money service cannot be further traced unlike in the case of a bank transfer.
- The e-mail address and the site domain are bogus and by no means belonging to the trustworthy government online location which is www.dvlottery.state.gov. There is an application period (announced on their site) and all entries are accepted with a limited time frame also indicated on the official site.
- The graphic elements, fonts and the complete name of the heading seem real but not entirely, so pay extra attention where you log in or what address you receive e-mails from. So always be alert!
- Now, perhaps you are wondering why the anti-spam module didn’t block the e-mail…yell, it is not spam. This is a “well-designed” social engineering scheme in which the recipient chooses or not to trust and give away money.
- Imagine that some of these pages may even have a SSL certificate; but, remember… they are still not to be trusted. If the page does not end in .gov, you should not waste time, money and hope on it.
- When it comes to fees, here’s yet another lucrative “strategy” of convincing the poor gullible applicants that more submissions (hence more fees) equals more chances. And the candidates end up willingly paying lots of money for their dream while, in fact, the government tries to discourage these practices disqualifying everyone that submits multiple applications.
- Winners are notified by the US Government by good old surface mail and not via e-mail.
- “USA Immigration Services”, “United States of America Foreign Immigration Services”, “United States Naturalization and Immigration Service” are only a few of the combinations that are used on fake sites in order to trick people into trusting them. All the important words are there, but not in the right order. It’s easy to fall for them… I’ll give you that… but please avoid temptations and look for the official one: www.dvlottery.state.gov.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021