Let’s start with the not-so-new, but with a slightly different twist. The Nigerian widow is now a pair of orphans in Ghana. Oddly enough, the 21-year-old needs a guardian to access his late father’s financial accounts at some non-specific “finance company.” Apparently, 18 year olds are “small” and 21 year olds, while old enough to vote, are not old enough to inherit? Let’s note, also, that Ghana is sufficiently linked to the Nigerian scams to have an entry on the subject on its national stats page on Wikipedia. (Interestingly enough, the header info referenced a Hong Kong email address.)

From: Antonio Seabre
Date: 02/12/08 22:40:14
Subject: From Antonio Seabre.Greetings From Antonio Seabre.

My name is Antonio Seabre, I am 21 years old and I have my small sister
with me Lora Seabre, who is 18 years. We are the Orphans of late Gen.
Verissimo Correia Seabre who was killed in accusation for leading a
military coup in my country (Guinea-Bissau) please read this news to
understand what I am telling you about our late father:

Web Site: http://news.bbc.co.uk/2/hi/africa/3720218.stm

My father had informed me in few months to his death that he made a
deposit of $19 Million Dollars with a Finance company in Ghana for onward
transfer purposes for foreign investment outside Africa. When we had about
the tragedy from school, I flew with my sister to Ghana for our safety.

Presently we are stranded here, we don’t know anybody around here and we
can not go back to our country to stay though, we have located the Finance
Company where our father made the deposit but we can not lay hands on the
money due to the deposit policy, but the Finance company has advised us to
present our guardian to the Finance company who will stand for us as next
of kin so that they can make further transfer to the persons account, and
this is the only option we could get the money for now.

Please we need your help to serve as our guardian, so that the Finance
company can release the money to you, and you will save our lives by
bringing us to your country
after the transferring of the money to your bank account. Please help us
as we are always leaving everyday in risk here. I have decided with my
sister to give you the chance to map out the modalities hence we can trust
you. We are looking forward to hear from you as soon as possible.

You can reach me on my telephone number: +233 249619117

Please Forward the following as you reply this mail:

1. Your Full Name

2. Contact address

3. Telephone Number

Yours faithfully,

Antonio Seabre.

And now, the NEW. This is a twist I hadn’t seen before, but I was very suspicious for a number of reasons. First, most of the banks I have used do not send notices via email. They notify me when I sign in at the website that something has changed with the login procedure. Second, I’m no longer a BOA customer, and I really think they would know that. Also, I am pretty sure that when I was a BOA customer, I used a different email address for them. I don’t really use my AOL address for anything but AIM anymore, and that not very often. In fact, that address automatically forwards to my spam folder instead of my inbox;)

From: Bank of America U.S. Direct Service’2008
Date: 2/12/2008 1:57:30 PM
To: cdlauryl@aol.com
Subject: BOA U.S. Online Treasury: Secure Confirmation Process — Id: 9313

Dear Bank of America Direct User:

Our records indicate that a new digital certificate has been issued to your Bank of America Direct user ID.
The new certificate will be available for an installation period of 90 days, or until May 01, 2008 before expiration. If you choose not install your digital certificate prior to the expiration date, then your access to Bank of America Direct will remain interrupted.

Digital certificates are computer-based records issued to individual user IDs that allow Bank of America Direct to validate your identity and protect your information from unauthorized access. In order to access Bank of America Direct, you must use a valid digital certificate.

Installation Instructions

To install your newly-granted digital certificate, please access the Digital Certificate Pick-Up site at:

http://direct-certs7.bankofamerica.com/direct/certpickup.htm?agentid=16klycvstyDchyOkhb

Sincerely,

Bank of America Direct Technical Care Center

NOTE: This is an automatically generated communication.
Please do not reply to this message. Thank you.

Now, this is a very tricksy one, because it looks very, very legit (and if I’m wrong, I’ll apologize to BOA, but I have a number of reasons for believing this is a scam). Right logos, right tone. Little odd in the wording here and there (”remain interrupted” and “online treasury” being the most obvious), but I’ve seen much worse even in professional communications. The return address uses the right domain name. I had to get into the headers to find anything:

Return-Path: <reference-ref-973nne@bankofamerica.com>
Received: from rly-ma02.mx.aol.com (rly-ma02.mail.aol.com [172.20.116.46]) by air-ma10.mail.aol.com (v121.4) with ESMTP id MAILINMA102-89047b1fa0b1c4; Tue, 12 Feb 2008 14:57:30 -0500
Received: from ip-213-17-223-230.netia.com.pl (ip-213-17-223-230.netia.com.pl [213.17.223.230]) by rly-ma02.mx.aol.com (v121.4) with ESMTP id MAILRELAYINMA022-89047b1fa0b1c4; Tue, 12 Feb 2008 14:57:00 -0500
Message-ID: <001301c86db1$689b4efa$fbf311ac@BartekMirows-PC>
From: “Bank of America U.S. Direct Service’2008″ <reference-ref-973nne@bankofamerica.com>
To: <cdlauryl@aol.com>
Subject: BOA U.S. Online Treasury: Secure Confirmation Process — Id: 9313
Date: Tue, 12 Feb 2008 20:56:51 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type=”multipart/alternative”;
boundary=”—-=_NextPart_000_000F_01C86DB9.CA5E8AB0″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-AOL-IP: 213.17.223.230
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo : n
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from : +

Most of that looks like gobbledygook, but look for the word “from” -

Received: from rly-ma02.mx.aol.com (rly-ma02.mail.aol.com [172.20.116.46]) by air-ma10.mail.aol.com (v121.4) with ESMTP id MAILINMA102-89047b1fa0b1c4; Tue, 12 Feb 2008 14:57:30 -0500

That’s me getting it from AOL’s server.

Received: from ip-213-17-223-230.netia.com.pl (ip-213-17-223-230.netia.com.pl [213.17.223.230]) by rly-ma02.mx.aol.com (v121.4) with ESMTP id MAILRELAYINMA022-89047b1fa0b1c4; Tue, 12 Feb 2008 14:57:00 -0500

That’s the sender. Note the top level domain. I really don’t think BOA is going to be sending security notices from Poland.

It’s a pretty clever scheme, actually; security certificates really are used for the type of thing this email claims to be trying to achieve, but you have to get it from a clean source. Watch out for this one, because it looks really good on the surface.