jueves, 27 de noviembre de 2014

Sistemas Industriales: ¿Parchear o no parchear?


Muchas son las peculiaridades que deben tenerse en cuenta al considerar la seguridad de los sistemas industriales y los sistemas SCADA. Una especialmente relevante  es el parcheo o actualización de los sistemas o del software que éstos soportan. Cuando en una evaluación de la seguridad de este tipo de sistemas se llega a la pregunta: “¿Y cómo realizáis el mantenimiento de los sistemas para solventar las vulnerabilidades conocidas que hayan sido resueltas por el fabricante?” nos podemos encontrar con respuestas de lo más variado. Algunas posibilidades son:
Opción 1: Cara de póker
“- Nosotros no aplicamos parches de seguridad. No es necesario puesto que nuestra red industrial está totalmente aislada y de todas formas, la mayoría de los fabricantes que utilizamos no publican actualizaciones de seguridad. Por otro lado, en ocasiones la actualización del software implica también cambio de hardware, por lo que las restricciones presupuestarias no permiten aplicar dichas actualizaciones.”
Esta respuesta o respuesta similares es bastante común. Y no me parece una estrategia descabellada a seguir la de no aplicar parches de seguridad siempre y cuando se cumplan los siguientes condicionantes:
1.       Se realice un análisis de riesgos para comprender claramente cuáles son las amenazas que nos pueden afectar por el hecho de no parchear nuestros sistemas y qué impacto podrían suponer dichas amenazas en caso de materializarse. Téngase en cuenta que no me refiero a realizar un ejercicio superficial de análisis de riesgos, si no que me refiero a analizar los riesgos en profundidad. Es decir, conocer exactamente qué vulnerabilidades son las que no estoy parcheando, como podrían ser explotadas por un atacante y qué medidas compensatorias al parcheo estoy implementando en mi infraestructura para paliar estos riesgos. A la hora de considerar las amenazas se debe prestar especial atención al perímetro de los sistemas industriales, los puntos de interactuación con las redes tradicionales y los puntos de acceso que son fácilmente accesibles por visitantes o por el público en general.

2.       Una vez realizado dicho análisis de riesgos, se vea que los problemas, costes o dificultades derivados de aplicar los parches sean superiores al riesgo que se mitigaría en caso de parchear.

3.       Que esta decisión sea llevada a cabo de forma informada y consciente por el propietario del riesgo,  es decir, por el responsable del proceso de negocio que sufriría las consecuencias en caso de que estos riesgos se materializaran.
Por otro lado, está claro que hay que presionar a los fabricantes para que implementen procesos de gestión de las vulnerabilidades de sus productos y la calidad de los mismos debería ser un criterio clave en la selección de este tipo de tecnologías para que este problema no se perpetúe en el tiempo.

Opción 2: El hombre tranquilo
“- Pues depende del fabricante, del dispositivo, y del técnico que se encargue de la actualización. No lo tenemos realmente documentado, pero usamos métodos diversos como la descarga directa desde la página web del fabricante de los ficheros de actualización (quien por cierto no publica un hash del fichero para verificarlo tras su descarga, y si lo publica no lo verificamos). A veces, para ganar tiempo incluso lo descargamos desde nuestra propia casa dónde el ancho de banda es mayor que en la oficina. Lo grabamos en nuestro USB y lo conectamos a la red de sistemas industriales que está totalmente aislada de la red de IT. Otras veces, es un partner o el propio fabricante quien viene con su USB o con sus portátiles y se conectan directamente a nuestra red industrial para aplicar las actualizaciones o realizar cualquier otro tipo de intervención.”

En estos casos, como podéis imaginar, el problema radica en que el ‘aislamiento’ deja de ser tal cuando el USB, el portátil o el CD de turno se conecta a nuestra red aislada. Algunas amenazas a las que se exponemos nuestros sistemas con éstas prácticas son:
·         Malware que pueda causar problemas de rendimiento o incluso una denegación de servicio en estos equipos.
·         Malware avanzado capaz incluso de permitir el control remoto o el robo de datos. Aunque a priori esto parece imposible en una red aislada, en la actualidad podemos encontrar numerosas pruebas de concepto sobre cómo se podrían realizar estos ataques sorteando el ‘Air GAP’.
·         Actualizaciones fraudulentas descargadas de internet cuyo funcionamiento será diferente al esperado.
·         Terceros que se conectan a nuestra red utilizando sus propios sistemas que pueden tener un nivel de seguridad inferior al nuestro. Además, si no controlamos qué actividades realizan en nuestros sistemas pueden ser una fuente de amenaza a tener en cuenta. No olvidemos que es muy probable que nuestros partners trabajen también para nuestra competencia directa, por lo que es una fuente de riesgo a tener en cuenta.

Opción 3: El precavido
“En nuestra organización disponemos de procesos documentados y seguros para llevar a cabo la actualización de todos nuestros sistemas industriales. Tenemos diversos sistemas para estar informados de cualquier nueva vulnerabilidad que se descubra que puede afectar a nuestros sistemas. Realizamos un análisis comparativo de los riesgos que supone llevar a cabo la actualización comparándolos con los que supone dejar los sistemas sin parchear, de manera que el propietario del proceso puede establecer el criterio a seguir para tomar la decisión de si se debe parchear y en qué plazo debe hacerse. Una vez decidimos que un parche debe aplicarse, lo obtenemos de una fuente segura verificando su integridad y autenticidad, lo desplegamos en nuestros entornos de prueba para verificar que la actualización no comprometerá la funcionalidad ni la seguridad de los sistemas y, sólo después de esto, y bajo nuestro estricto control y supervisión, la actualización se despliega en producción dentro del plazo establecido por el propietario del proceso.”

Pues si te vienen con estas, poco vas a tener que decir salvo asentir y felicitar al cliente. Sin embargo, hasta el momento no me he encontrado con el caso, aunque no pierdo la esperanza…
En conclusión, los procesos de gestión de vulnerabilidades son un aspecto crítico a considerar en cualquier evaluación de seguridad que se realice, pero especialmente si lo que estamos evaluando son sistemas industriales y/o sistemas SCADA. No actualizar significa acumular vulnerabilidades, mientras que el proceso de actualizar puede ser en sí mismo una amenaza si no se realiza de manera adecuada. Por lo tanto, planificar, documentar y establecer un ciclo de mejora continua sobre los procesos de gestión de vulnerabilidades debería estar en la agenda de cualquier responsable de seguridad que pretenda mejorar la protección de su organización.

49M of GBP or how to be scammed

A few weeks ago I received a linkedin message asking me if I would mind receive and manage 49 millions of GBP. Usually I ignore these emails, or just do a quick look to see what kind of new baits are being used to deceive those who are overconfident or too ambitious. In this case, however, I decided to see how the game evolved since the scammer had taken the effort to create a LinkedIn profile, make connections, wait some time and finally start the campaign to send mail. The initial mail was not particularly elaborate, since only asked if I was interested in working managing and investing the 49 billion pounds, and so, I should send an email to chang09e@gmail.com. Thus, the scammer could continue trading from Gmail once will disable his account of linkedin. As I said, I decided to answer and express my interest in the offer with the intention of seeing what technique was using the cheat. After a few hours I received the following response:

Thanks for your email. I'm Elizabeth Chang. You were contacted on behalf of Terry Wong former personal assistant to the former President of Taiwan Mr. Chen Shui-Bian on private matters. An investment was placed under his care 5 Years ago, He need assistance in investing this funds into good use. So I would want to know if you're willing to assist him if so I would provide you with more details on the matter.
Best regards

Once I responded to this mail requesting additional details about this great opportunity, this is the answer that I received:
Thanks for your response and request for more details. The information contained therein is not to be disclosed due to the sensitive nature. It is for your knowledge only. Mr. Chen Shui-bian is in a difficult predicament with the Taiwan Government because of his role in politics and the ruling government has sworn to ruin him because he sponsored a major party against the ruling government with his Influence.
However, let me give you some basic details.
Firstly, you must know that this transaction consist of changing the rights of the funds in question to your ownership and afterwards transferring same to you for immediate management/investment in long term profit investment.
Secondly, it is imperative that the most valuable criteria to qualify you for this transaction is on the basis that you are practically, financially and technically qualified to handle and manage such an amount of money. That is not negotiable. This is because of the basic requirements and confidentiality agreement I signed with Mr Chen Shui-bian.
This is a brief on the Placement:
Value of funds: £49 MILLION GBP.
Placement open to: INDIVIDUALS/COMPANIES.
Areas of Investment Interest: HEALTH, REAL ESTATE, COAL MINING AND CONSTRUCTION.
Purpose of Funds: LONG TERM INVESTMENT (AT LEAST) 10-15 YEARS
Client's Full Name: MR. CHEN SHUI-BIAN.
I have been directly contacted as a confidential secretary by Mr Chen Shui-bian to recruit a foreign partner under whose identity the funds will be transferred. For your benefit of doubt, the objectives are to change the entire identity of the funds to your ownership as the beneficiary. The funds will be transferred to you ASAP. My duty is to ensure that the beneficiary documents for this transaction is by all means satisfied and within the ambit of local/international laws. I am entirely responsible for the facilitating of the beneficiary documents that will put you in place as the beneficiary of the funds. Thereafter, you will therefore be legally qualified to receive the funds into your business/personal bank account for investment and management purposes only.
Consequently, we may commence without delay once we have been able to secure your trust and partnership. The funds will be ready for transfer to you as soon as we have established a reasonable degree of trust with each other once you have satisfied the basic qualification requirements. Mr Chen Shui-bian demand utmost confidentiality as regards his involvement with the funds in question. If you agree to partner with Mr Chen Shui-Bian, he will compensate you with 20% of the total sum for your role as the beneficiary partner to the funds and the balance 80% will be invested on behalf of my client by you.
Nonetheless, in order to commence the re-direction of the funds to you, we will require that you submit the following information listed below:
Have You In Your Entire Life Handle Funds Worth One Million GBP Before?
What Is Your Annual Turnover?
Will You Be Able To Travel Outside Your Country If Need Be?
Full Names:
Address:
Occupation:
Office Phone No:
Mobile Phone No:
Country:
Scanned copy of your ID either international passport or drivers license.
The above information will enable us to determine your qualification for receivership and subsequent placement of the funds to you. The data will also be used in the drafting and preparation of all the vital paper documentations in your particulars before the funds can be transferred you in liquid cash.
As it stands out, these are the briefs of this proposal. I will be sending you a "Consultant Non-Disclosure Agreement" for you to read carefully and sign as soon as I receive the above information's.
You can ring me on my private telephone number indicated below for comprehensive verbal communication and explanations.
I await your email and response.
After receiving this response I couldn’t avoid thinking, there are people who really can believe all this and take the bait? But of course the answer is yes if you send it to enough people.
The mail uses some very basic tricks like indicate that you can contact by phone at the number listed to give an impression of confidence. But of course, there aren’t any phone number indicated in the mail.
After answering sending dummy data I received the following email in response:
Thanks so much for your email. I would need you to forward this informations to Mr. Terry ( terrysaitakw@gmail.com ) he would provide you with every other information you require to get the funds. Thanks once again.
This was new to me and made no sense. Why should I send the data to a new gmail account? I can think of the following reasons:
  1. There really is more than one person behind the hoax and have divided the task, dealing with the first initial contact and then moving the contact to the ‘second level support to fraud’. It seems unlikely.
  2. Another trick to build confidence in the victim who is perceived to be dealing with an organization. This hypothesis seems the most likely for me.
Anyway, I did the forward to this Mr. Terry and this was his answer:
Now I am certain that you are willing to give the required assistance. Let me reiterate here that I seek an assistance from you that will benefit us immensely that is why I am sending you more information to enable you have an in-depth and total understanding of this transaction before we commence.
I want you to understand that we are only going to deal with each other in this transaction as you already know Mr. Chen Shui-Bian is jail. By this I mean, this transaction is confidential between me and you. This is so because of the present circumstances surrounding the owner of the funds Mr. Chen Shui-Bian. And as such, I expect that we keep every dealing entirely confidential between us.
Find enclosed with this message, a Non-Disclosure Agreement between my humble self and you. You are advice to download, print out read and sign the agreement.
As soon as you send back the signed agreement, I will begin the process of securing the beneficiary documents in your names.
I will be expecting the signed agreement, please send back signed page via email attachment.
Sincerely
After receiving this email I thought I had the chain here. I thought the PDF included a malware and this was the method by which the scammer monetized the campaign. But no, the PDF was clean and simply simulating a real NDA. A new trick to seems a reliable opportunity. So I returned it ' signed ' and this was the next mail I received:
Thanks for the signed agreement, I am glad that we have reached an agreement and this gives me a big sign of confidence in you, I am obliged to give you some useful information's that you alone would be privy to and you alone I insist. I had to reach out to Mr. Chen Shui-bian personally over some issues and get certain facts straight. As you know Mr. Chen Shui-bian and his family are in difficult predicament with the Taiwanese Government. Firstly, you must acknowledge that this transaction is a deal and it has to be treated as such and every information's from you and I must be kept confidential, you must not communicate the origin of this transaction to any third party, I am only trying to assist a friend to relocate his funds valued £49 MILLION from the present location without Taiwanese Government awareness because of his political problem. Secondly, you must understand that the £49 MILLION is NOT directly in my possession; it is currently deposited in the name of an existing legal entity and Mr. Chen Shui-bian cannot directly access the funds because of his present political predicament otherwise the Taiwanese Government will also confiscate the funds and that is why he privately seek your assistance to help him move the funds from the present location for investment in your country. I am assisting him in my own private capacity to help him move the funds from the present location and the Government is not aware of my assistance to him. The £49M in question is presently deposited as a secured vault deposit with a Private security Bank in London, United Kingdom where some top government officials and politicians keep their money while they are in public office for security and confidential reasons. A vault deposit is not like a regular bank account because a regular bank account can be traced and investigated easily and could put my client into serious trouble or even death penalty in Taiwan because it is forbidden for top government officials to hold such bank account. I do not need to emphasize this point. As soon as I secured the beneficiary documents that will empower you to the deposit, I have forward your information to Mr. Chen attorney to draft the necessary beneficiary documents in your favor; I will be sending you copies when they are ready on after i obtain it for your safe keeping. Kindly acknowledge the receipt of this email.
I love the part of “this gives me a big sign of confidence in you”. J
And at least, after answering the mail I received a mail asking me to send money so I could access to the 49 GBP of Mr. Chen.
Thank you for your email, I called the mobile number you provided but I can seem to be able to reach you. I am still battling to get the change of beneficiary from Mr. Chen's lawyer because he is requesting for 5,640 pounds to get the documents and I told you prior to this that you will be responsible for all administrative and lawyer's charges which includes Mr. Chen's lawyer because all eyes and the Government are still monitoring our moves in that regime so please try and understand the situation i am in now and to let you know that Mr. Chen's family are in serious financial predicament so that is why we want to repatriate the fund and use it for a good purpose to generate fund for their well being so let me hear from you regarding the payment for the lawyer so that i can furnish you with the account details. CHINA MERCHANTS BANK (SHENZHEN SUNGANG SUB -BRANCH)SWIFT: CMBCCNBSXXXADD: No 828 international trade bldg , baoanbei road louohu shenzhen china.ACCOUNT NO: 6225 8878 3037 9612NAME: LIANG MING DEBest regards
In conclusion, social engineering methods used in these scams don’t evolve , are still using the Nigerian scam without taken care of the appearance of the emails and based on SPAM (in this case via linkedin) to attract potential victims. But they do not need to invest more efforts in this type of campaign since it still works and with a minimum investment they can win a lot of money from their victims.

viernes, 14 de noviembre de 2014

49 millones de libras o como ser engañado por un chino


Hace algunas semanas recibí un mensaje de Linkedin preguntándome si me importaría recibir y gestionar 49 millones de libras. Generalmente ignoro este tipo de mails, o simplemente les echo una rápida ojeada para ver qué tipo de nuevos cebos están utilizando para engañar a aquellos que son demasiado confiados o demasiado ambiciosos. En este caso, sin embargo, decidí seguir el juego a ver cómo evolucionaba dado que el estafador se había tomado la molestia de crear un perfil de linkedin, establecer conexiones, dejar pasar un tiempo y finalmente iniciar la campaña de envío de mail. El mail inicial no era especialmente elaborado, puesto que únicamente solicitaba que si se estaba interesado en trabajar gestionando e invirtiendo esos 49 millones de libras ajenas, se enviara un mail a chang09e@gmail.com. De esta manera, el estafador podía continuar su actividad desde Gmail una vez linkedin deshabilitara su cuenta ante los previsibles avisos de los usuarios. Como digo, decidí contestar y manifestar mi interés por la oferta con la intención de ver qué técnica estaba usando el estafador. Al cabo de unas horas recibí la siguiente respuesta:

Thanks for your email. I'm Elizabeth Chang. You were contacted on behalf of Terry Wong former personal assistant to the former President of Taiwan Mr. Chen Shui-Bian on private matters. An investment was placed under his care 5 Years ago, He need assistance in investing this funds into good use. So I would want to know if you're willing to assist him if so I would provide you with more details on the matter.

Best regards

Después de que respondiera a este mail solicitando más detalles sobre esta gran oportunidad, la respuesta que recibí fue la siguiente:

Thanks for your response and request for more details.

The information contained therein is not to be disclosed due to the sensitive nature. It is for your knowledge only. Mr. Chen Shui-bian is in a difficult predicament with the Taiwan Government because of his role in politics and the ruling government has sworn to ruin him because he sponsored a major party against the ruling government with his Influence.
However, let me give you some basic details.
Firstly, you must know that this transaction consist of changing the rights of the funds in question to your ownership and afterwards transferring same to you for immediate management/investment in long term profit investment.
Secondly, it is imperative that the most valuable criteria to qualify you for this transaction is on the basis that you are practically, financially and technically qualified to handle and manage such an amount of money. That is not negotiable. This is because of the basic requirements and confidentiality agreement I signed with Mr Chen Shui-bian.

This is a brief on the Placement:

Value of funds: £49 MILLION GBP.

Placement open to: INDIVIDUALS/COMPANIES.

Areas of Investment Interest: HEALTH, REAL ESTATE, COAL MINING AND CONSTRUCTION.

Purpose of Funds: LONG TERM INVESTMENT (AT LEAST) 10-15 YEARS

Client's Full Name: MR. CHEN SHUI-BIAN.

I have been directly contacted as a confidential secretary by Mr Chen Shui-bian to recruit a foreign partner under whose identity the funds will be transferred. For your benefit of doubt, the objectives are to change the entire identity of the funds to your ownership as the beneficiary. The funds will be transferred to you ASAP. My duty is to ensure that the beneficiary documents for this transaction is by all means satisfied and within the ambit of local/international laws. I am entirely responsible for the facilitating of the beneficiary documents that will put you in place as the beneficiary of the funds. Thereafter, you will therefore be legally qualified to receive the funds into your business/personal bank account for investment and management purposes only.
Consequently, we may commence without delay once we have been able to secure your trust and partnership. The funds will be ready for transfer to you as soon as we have established a reasonable degree of trust with each other once you have satisfied the basic qualification requirements. Mr Chen Shui-bian demand utmost confidentiality as regards his involvement with the funds in question. If you agree to partner with Mr Chen Shui-Bian, he will compensate you with 20% of the total sum for your role as the beneficiary partner to the funds and the balance 80% will be invested on behalf of my client by you.
Nonetheless, in order to commence the re-direction of the funds to you, we will require that you submit the following information listed below:

Have You In Your Entire Life Handle Funds Worth One Million GBP Before?

What Is Your Annual Turnover?

Will You Be Able To Travel Outside Your Country If Need Be?

Full Names:

Address:

Occupation:

Office Phone No:

Mobile Phone No:

Country:

Scanned copy of your ID either international passport or drivers license.
The above information will enable us to determine your qualification for receivership and subsequent placement of the funds to you. The data will also be used in the drafting and preparation of all the vital paper documentations in your particulars before the funds can be transferred you in liquid cash.
As it stands out, these are the briefs of this proposal. I will be sending you a "Consultant Non-Disclosure Agreement" for you to read carefully and sign as soon as I receive the above information's.
You can ring me on my private telephone number indicated below for comprehensive verbal communication and explanations.

I await your email and response.

Después de recibir esta respuesta no pude dejar de pensar, ¿pero habrá gente que realmente se pueda creer todo esto y picar el anzuelo? Utiliza algunos trucos muy básicos, como indicar que se puede contactar telefónicamente en el número indicado para dar mayor sensación de confianza, aunque luego no indican ningún número de teléfono.
Después de contestar enviando datos ficticios, recibí como respuesta el siguiente mail:

Thanks so much for your email. I would need you to forward this informations to Mr. Terry ( terrysaitakw@gmail.com ) he would provide you with every other information you require to get the funds. Thanks once again.

Esto sí que era nuevo para mí y no tenía ningún sentido. ¿Por qué hacerme enviar los datos a una nueva cuenta de gmail? Se me ocurren los siguientes motivos:

1.       Realmente hay más de una persona detrás del fraude y tienen divididas las tareas, ocupándose los primeros del contacto inicial y pasando luego el contacto al ‘segundo nivel de soporta al fraude’. Me parece improbable.

2.       Un nuevo truco para generar confianza en la víctima que tiene la percepción de estar tratando con una organización aunque el estafador tras ambas cuentas sea el mismo. Esta hipótesis me parece la más probable.

En cualquier caso, le hice el forward al tal Mr. Terry y esta fue la siguiente respuesta recibida:

Now I am certain that you are willing to give the required assistance. Let me reiterate here that I seek an assistance from you that will benefit us immensely that is why I am sending you more information to enable you have an in-depth and total understanding of this transaction before we commence.

I want you to understand that we are only going to deal with each other in this transaction as you already know Mr. Chen Shui-Bian is jail. By this I mean, this transaction is confidential between me and you. This is so because of the present circumstances surrounding the owner of the funds Mr. Chen Shui-Bian. And as such, I expect that we keep every dealing entirely confidential between us.
Find enclosed with this message, a Non-Disclosure Agreement between my humble self and you. You are advice to download, print out read and sign the agreement.
As soon as you send back the signed agreement, I will begin the process of securing the beneficiary documents in your names.
I will be expecting the signed agreement, please send back signed page via email attachment.

Sincerely
Tras recibir este mail pensé que aquí acababa la cadena. El supuesto PDF incluía un regalo no deseado en forma de malware y éste era el método con el que el estafador monetizaba la campaña. Pero no, resultó que el PDF no tenía ningún malware y simplemente simulaba un NDA. Así que lo devolví ‘firmado’ y este fue el siguiente mail que recibí:
Thanks for the signed agreement, I am glad that we have reached an agreement and this gives me a big sign of confidence in you, I am obliged to give you some useful information's that you alone would be privy to and you alone I insist.

I had to reach out to Mr. Chen Shui-bian personally over some issues and get certain facts straight. As you know Mr. Chen Shui-bian and his family are in difficult predicament with the Taiwanese Government.

Firstly, you must acknowledge that this transaction is a deal and it has to be treated as such and every information's from you and I must be kept confidential, you must not communicate the origin of this transaction to any third party, I am only trying to assist a friend to relocate his funds valued £49 MILLION from the present location without Taiwanese Government awareness because of his political problem.

Secondly, you must understand that the £49 MILLION is NOT directly in my possession; it is currently deposited in the name of an existing legal entity and Mr. Chen Shui-bian cannot directly access the funds because of his present political predicament otherwise the Taiwanese Government will also confiscate the funds and that is why he privately seek your assistance to help him move the funds from the present location for investment in your country. I am assisting him in my own private capacity to help him move the funds from the present location and the Government is not aware of my assistance to him.

The £49M in question is presently deposited as a secured vault deposit with a Private security Bank in London, United Kingdom where some top government officials and politicians keep their money while they are in public office for security and confidential reasons. A vault deposit is not like a regular bank account because a regular bank account can be traced and investigated easily and could put my client into serious trouble or even death penalty in Taiwan because it is forbidden for top government officials to hold such bank account. I do not need to emphasize this point.

As soon as I secured the beneficiary documents that will empower you to the deposit, I have forward your information to Mr. Chen attorney to draft the necessary beneficiary documents in your favor; I will be sending you copies when they are ready on after i obtain it for your safe keeping.

Kindly acknowledge the receipt of this email.

Me encanta lo de “this gives me a big sign of confidence in you”. J

Y por fin, tras contestar a este mail recibí el mail pidiéndome que ingresara cierto dinero para que pudieran poner a mi nombre los fondos de Mr. Chen:

Thank you for your email, I called the mobile number you provided but I can seem to be able to reach you. I am still battling to get the change of beneficiary from Mr. Chen's lawyer because he is requesting for 5,640 pounds to get the documents and I told you prior to this that you will be responsible for all administrative and lawyer's charges which includes Mr. Chen's lawyer because all eyes and the Government are still monitoring our moves in that regime so please try and understand the situation i am in now and to let you know that Mr. Chen's family are in serious financial predicament so that is why we want to repatriate the fund and use it for a good purpose to generate fund for their well being so let me hear from you regarding the payment for the lawyer so that i can furnish you with the account details.

CHINA MERCHANTS BANK (SHENZHEN SUNGANG SUB -BRANCH)

SWIFT: CMBCCNBSXXX

ADD: No 828 international trade bldg , baoanbei road louohu shenzhen china.

ACCOUNT NO: 6225 8878 3037 9612

NAME: LIANG MING DE

Best regards

En conclusión, los métodos de ingeniería social utilizados en este tipo de estafas no evolucionan, se sigue utilizando el timo nigeriano sin cuidar en exceso las formas de los mails y basándose en el SPAM (en este caso via linkedin) para captar víctimas potenciales. Pero es que no necesitan invertir más esfuerzos en este tipo de campañas. Para los estafadores, una inversión mínima es suficiente, de manera que con que 1 única víctima pique (y pican...) ya obtienen un excelente retorno de la inversión.