• Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
  • Solutions
    Introducing Weekly Demos! Join us for a live walkthrough of our platform and see the difference firsthand. Register Now
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
  • Partner
  • Pricing

Attack Summary Details

  • Impacted IRONSCALES customer mailboxes: 290
  • Impacted IRONSCALES customers: 110
  • Security Bypass: DKIM
  • Technique: Social Engineering



Advanced-Fee Scam attacks are a genre of phishing that was famously made popular by the Nigerian Prince Scam years ago. The schema of the attack is as follows: A recipient receives an email claiming that they have an opportunity to receive funds as a result of some circumstance, usually “inheritances”, “foreign investment” or “lost treasure”. After engaging with a reply email, they are asked to make some up-front payment (frequently in gift cards) in order to receive the promised funds. Once the payment is made the attackers take the money and are never to be heard of again.


The Attack: Method & Payload

In this attack an email is sent around the dates of the holiday season under the guise of coming from Santa Claus. The recipient is informed that they are to be given gifts as part of the holiday season.

Christmas scam blog image 1


What to Look For

While it may seem that this email is obviously a scam, it is estimated that innocent victims fall to this trap annually, resulting in the theft of hundreds of millions of dollars. Some steps that can be taken to combat such attacks from the user’s perspective are:

  • Awareness: becoming familiar with such attack templates and schemas
  • Anomaly Recognition: The sender name and sender address in the email do not match, a classic tell of phishing.


How We Spotted The Attack

We were able to spot this attack based on our textual anomaly detection capabilities. Once our platform identified this as a phishing attack, we immediately pulled the emails out of the inboxes of all of our impacted customers.


To learn more about IRONSCALES’ fully integrated anti-phishing and security and awareness training solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.

Or Malzman
Post by Or Malzman
December 22, 2021
Learn more about Or Malzman.