Awful Phishing Attempt


(oaktree) #1

Hey guys! Check out this awful phishing attempt I received in my email! For OPSEC reasons, I’ve changed any occurrence of my name to “Doe.” Yes, he addressed me by my last name.

Subject: Dear Doe,


Dear Doe,
I am Barrister Fredrick Adonko, a Legal adviser to my late client
Mr.D.E.Doe,a national of your country who dwelt and worked here for more than twenty years as a businessman and a major contractor to shell petroleum development company. After 

unsuccessful attempts to locate his relatives, I decided to contact you to assist  me and get this huge amount of 
(US$.9.5Million) left over in the Bank here in Lome-Togo, 
for more information reply me.

Barr. Fredrick .Adonko (Esq)

Obviously, as a white-hat community we would never attempt to phish people. However, take a second to enjoy this garbage email.

What are the obvious flaws in this email? Weak grammar and formatting make it obvious that this isn’t a legit email from any respectable law firm. Telling me about a “late” relative I’ve never heard of is also another big no-no.

The “attacker’s” email addresses: [email protected] and fredrick adonko <[email protected]> are similar to blacklisted emails found here.

Neither 0x00sec nor its affiliates are liable for any act, legal or otherwise, that you commit as a result of this post.


What a rubbish attempt…Pains me to think people actually fall for blatant scams like this…


That email is… trousers


No. Just no. Those scammers are losers. Are they kindergarten dropouts by chance?


You should reply, but mess with him instead. Some guys of the Belgian national television once pulled this off, and it was funny as hell.


(Not a N00b, but still learning) #6

I somehow disagree with you. Why wouldn’t we use Phishing while doing a legitimate pentest?


Well yes, but I’m sure @oaktree means maliciously.

(oaktree) #8

All bets are off in a legitimate pentest. As @EnergyWolf retorted, I did, in fact, mean maliciously.

(Not a N00b, but still learning) #9

Well, this wasn’t obvious to me. Thanks for clearing things up! :slight_smile:


Not just trousers- bad trousers :smile:

(Command-Line Ninja) #11

I say we all troll this guy and send him secret files (bind a PDF and an executable with DTMs file binder).



I wouldn’t do that. Not in the name of 0x00sec at least.

He may be a criminal himself, but committing a crime against a criminal also makes you a criminal :wink:



Hahaaa, at least they can learn english first… :stuck_out_tongue:


I say we do too. but thats illegal… buuuuuuuuttt.

(oaktree) #15

Neither 0x00sec nor its affiliates are liable for any act, legal or otherwise, that you commit as a result of this post.

(Command-Line Ninja) #16

Edward Snowden is defined a Criminal, does that make him a bad person?


Edward Snowden is defined as a criminal because he exposed the truth of a corrupt nation.

We would be defined criminals because we got butthurt over a single, non-important and terrible phishing mail.

One is whistleblowing, and the other is just overreacting. There is a clear difference between the two. So aye, Edward Snowden is not a bad person due to the nature of his “crimes”. If we hack and ruin this guy’s life on the other hand…

It would be like beating someone to death with a wrench just because he pushed you on purpose.

EDIT: now just trolling him a bit won’t hurt. In fact, it is a good way to teach them a lesson. But hacking them might be a bit over the top.


(Command-Line Ninja) #18

My point was simply to highlight the fact that Morality and Legality are two very different things.


Hmmm, I guess you’re right then.


(oaktree) #20

This topic was automatically closed after 30 days. New replies are no longer allowed.