How Bogus Lottery Scams Work

The FBI recently reported on arrests of a number of lottery scammers in what they call “Operation Hard Copy.”  We do like to report when cyber-criminals are arrested, prosecuted, and jailed, because it shows that stopping cyber-crime is not impossible.  But it is almost always a multi-national, multi-jurisdictional undertaking that requires the cooperative efforts of law enforcement from several countries.

What I found most interesting was the way that this scam operated.  The FBI reported that most of the victims were seniors, and that the “victims of the scam were targeted by the use of lead lists, which are the names, telephone numbers, and personal information of potential victims. The lists are often assembled in the United States and are sold to lottery scammers. Some lead lists are created by list wholesalers who send out bogus mass mailings purporting to be sweepstakes entries. Consumers, thinking the mailings are legitimate, pay to enter the non-existent sweepstakes. The wholesalers in turn pocket the entry fee then sell the consumer contact information to scammers for as much as $5.50 per potential victim.”

So this scam is coordinated between several groups of criminals.  The first group buys a mailing list of potential victims, based on demographics such as age and income or wealth.  They send out mailings inviting people to to register for the lottery, and the registration includes an “entry fee” which this first group keeps.  They also have created a list of targets, which they sell to another cyber-crime group at $5.00 per lead.

This second group then contacts the targets, informing them that they have “won” the lottery.  In order to collect the prize money, the “winner” is required to pay taxes in advance, or to send another fee of some sort.  So this second part is just another version of the advance fee fraud that is typically part of things such as the Nigerian prince letter.  The “winner” loses the second fee, and often their bank accounting routing number and account number .  With this information, the cyber-criminals can make unauthorized withdrawals and transfers out of the target victim’s bank account.

There are no real winners in these lotteries, except the perpetrators.  As with so many of these online scams, the only true defense is vigilance and skepticism.  If you are in the mood to gamble, nearly every state in the US has one or more lottery games, and Native American casinos are everywhere.  And remember the definition of a lottery is “a tax for people who do not understand math.”  Odds always favor the house.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment