Cyberoam Uncovers Hotel Reservation Scam Emails Based in Senegal

Do you think you’re informed and smart enough not to fall prey to one of those scam emails that promise you millions in a will left by some distant relative who died in Africa? Or, some US soldier in Iraq’s call for distress?

Well, an overwhelming majority of us would indeed ignore and delete such emails. But, for the occasional scam victim, they actually lead to huge monetary losses, emotional and physical harm and a real chance of identity theft.

Cyberoam recently reported an extremely well-organized hotel reservation email scam based in Senegal with operatives afield as far as the United States. These scammers contacted recipients by cleverly disguising themselves under the credentials of a make-believe international humanitarian organization called “Global Aid Organization” (G.A.O) and used actual hotels based in Dakar, Senegal to extract money from unsuspecting victims.

According to Cyberoam investigation, the modus operandi of the scammers was to invite potential delegates to an international conference on human trafficking in Dakar, Senegal between 24th-27th August, 2009. In order to lure victims, they used the ruse of a previous all-expenses paid vacation in Washington DC, United States between 17th-20th August, 2009. Recipients were also told they wouldn’t get a US visa without first making a down-payment for the hotel reservation in Senegal

For this purpose, they asked victims to furnish various passport details for Visa applications such as passport ID, name as in passport, photo etc. – such private info is extremely useful for organized crime syndicates that are behind fake passports. The scammers used additional information such as hotel tariff cards, registration forms, phone numbers and websites to convey their genuineness. Little did they realize, Cyberoam was able to compile enough evidence to call the fraud and expose them using following evidence:

1. Their websites which seemed genuine, were actually hosted on free sub-domains such as xu.am and 4-all.org, both regularly used by spammers. In addition, they used free webmail services such as mail.com and ikiz.net, that are too extremely popular with scammers.


2. When called to verify their “Washington DC” phone number in the US, it was clear they were lying as the area code used, 516, belonged to Nassau County, Long Island, New York.


3. The email IP addresses of the Washington, DC-based charity G.A.O. were traced down to Dakar, Senegal. Besides, one of the email sender name fields – “Faid herbeeda" faidherbedakarhotel@ikiz.net contained a spelling typo.


4. There was huge mismatch in currency rates used for Hotel tariff card shown in both Euros as well as Senegal’s currency, CFA. Whereas 1 Euro is pegged at 655.97 CFA, the tariff card described 65.000 Euros as equivalent to 43.000 CFA.


5. They sought to bring delegates to the US by petitioning the embassy in their host country for an H2B visa which happens to be an “employment” visa, not one used for attending conferences.

The most important observation for Cyberoam in the whole scam was the accuracy of Wire transfer details for receiving money. But, as expected, the beneficiary turned out to be an individual and not any real organization called G.A.O. Also, no such organization could be traced on search engines since their website itself was fake.

Email recipients will do good by always staying away from any such email that involves funds transfer or request for information on passport or other identity documents. It’s very difficult for anti-spam engines to block emails that use subject headers such as international humanitarian causes and hotel reservation bookings, both of which are commonly used by legitimate organizations as well.