• Dan Weis

New Phishing email - RTF Scam

On Friday I received the following email. As you have learnt from the Identifying Phishing section of the book, we can see a few classic indicators here. Firstly what arose my suspicion was the sender address. I've been involved in a number of IR engagements (Incident response) where organisations have been breached from .edu domains. I've traced these phishing emails back in the past, to hacked mailboxes at a number of UK-based girl's schools.

This one is very similar.

It's actually sending to an address called and has bcc'd a number of targets on the email. How it managed to bypass the email filtering i'm not sure.

I detonated the Word Document via and found that it was not loading anything malicious. No http requests, network connections or DNS requests, just a text based document which is why it bypassed the email filters.

Reviewing the content, this is known as a Shared-Winnings scam. They work similar to Inheritance, Nigerian and other scams, whereby they try to entice the victim to hand over personal information that they can use for other attacks, such as Phishing, Vishing (Like romance and support scams) and identity theft.

Here's what they were asking for:

And here is the full text from the document. Notice they try to convince the target that it is real by pointing them to real lottery winner notification and are masquerading as that person or someone associated. The goal is to start the initial conversation so that they can convince the person to hand over bank details so that they can send the payment to them, but in reality they will either be taking money from the account and/or utilise the target to engage in money laundering activities.


Hello Beneficiary,

My entire family is pleased to read your reply to us. We the family of Frances and Patrick Connolly from County Down won jackpot in New Year’s Day draw the current winner of £115 million. My name is MR. Patrick Connolly a business man and I am 54 years old and my wife Mrs. Frances Connolly, she is 52 years old a teacher and she is a great blessing to me, We are from Northern Ireland U.K. My EuroMillions jackpot was a gift from God to me on January 1st 2019. I have agreed to do the will of God. I may not know you, but I believe you were chosen by God to receive my donation of $550,000 USD. You must be a God fearing individual, I am a Christian and I believe that Good things happens to those people who wait and also believe.

I am very grateful to you for the interest shown in my plight and I want to assure you that you will be greatly rewarded for what you have chosen to do. Although we know each other for the first time but I believe our father has directed me to you as I prayed and searched over the internet for assistance because I saw your profile on a list of registered Emails provided to me by Microsoft and Google email Provider around the globe from which I picked you.

Read More:

Read More:

I decided to donate Individuals and i told some Ministers about this which they said was a welcome idea and promised they will get me a list of some people who can help others with my donation and put smile in the face of the needy, I decided to select my self by going to Microsoft and Google to make a research. My donation OF $550,000 USD may not be much to you but i believe it will go a long way to improving your standard of living like my EuroMillions jackpot did to me, I would like you to fill the below and return back to me and my entire household will be glad for you to visit us after my donation gets to you. Do this on time so you can contact the payout bank for further directives to receive donation.

Send the below details to


Address And Country:




Phone No:

I do hope that you will be able to use the money wisely and judiciously over there in your country.

we will employ you to do what you can to alleviate the level of poverty in your region and also try to enhance the standard of living of as many people as you can because that is the only objective of donating this money to you in the first place. May the Good lord bless your heart to be a blessing to your family and your society as soon as my donation gets to you.

Yours Faithful,

MR. Patrick Connolly

If you receive an email with this format, make sure you trash it. For more information on these types of scams Refer to Step 3: Think before you click chapter and refer to the section 'Unexpected Winnings Scams' in the Hack Proof Yourself! book.

696 views0 comments

Recent Posts

See All