IMF and World Bank Phishing Email Example

The above email appears to be sent a Robert Curran, an alleged Coordinator, International Settlements Unit of a joint International Monetary Fund (IMF) and World Bank department. We look into the email to determine if it's a phishing email. Of course, the answer is YES! But how did we arrive at that conclusion? The email has lots of red flags that are easy to spot, without even digging deep into the email. If you haven't read our article on how to spot a fake email (phishing, scam, con, and such) read the article below as we will use it to analyze the "IMF AND WORLD BANK" email above.

ARTICLE ON EMAIL PHISHING

Email Phishing

What is Email Phishing? Phishing Email Examples

Read on email phishing definition and phishing email examples. How is phishing email attack done? Learn how to spot a phishing email and how to protect yourself from email phishing.

INDICATOR 1 - I DID NOT APPLY FOR A BENEFICIRY FUND

The email suggests that pending beneficiary funds have been approved, meaning that I had applied for it at some time. The email is written as an approval of request, therefore, I must have made an application to the IMF / World Bank requesting a beneficiary fund. The email goes further and states what is required for me to make my 'claim'.

There is only one problem; I did not make an application to the IMF / World Bank requesting any kind of beneficiary fund. How could I if I didn’t, and still don't, know that the IMF or World Bank offer beneficiary funds to individuals. Most (if not all) phishing emails are made to look like you made a request or you took a certain action and the email is just a response or an acknowledgement. This email is no different!

In our article on phishing emails, receiving an email about a claim, particularly a financial claim, from an organization you did not apply to is a huge red flag. You should approach such emails with caution and it is imperative that you do not submit any details as a reply. Our recommendation is to avoid replying to such emails.

INDICATOR 2 - GENERALIZED GREETINGS AND LACK OF PERSONALIZATION

Reading through the email, one thing is for sure - The sender does not have any other information about me other than the email address - not even my name. The sender generalizes greetings using the Attention keyword as bait for the reader to overlook the obvious red flags.

Any organization with your name all include your name in the subject line and the greetings. Companies and organizations like to personalize emails using the recipients' name. For instance, my organization will address me as Hello Kelvin and not Hello Sir/Madam. Further, your local HOA, Pet Clinic, Coffee shop, and delivery service will include your name in an email to ensure that you identify with the message contained in the email. Organizations emails that are addressed to you will rarely use Dear Sir, Dear Madam, Dear Sir/Madam, or just start the email with Hi, Hello, or Hi there.

That should be a big red flag!

In our case, the sender, Robert Curran, does not include the name in the subject line. According to Indeed, the keyword Attention (or ATT or ATTN) is usually followed by the recipient's name such as Attention: Kelvin. It is also considered better to use ATTN other than Attention - ATTN: Kelvin is better than Attention: Kelvin.

INDICATOR 3 - MISSING DETAILS FROM MESSAGE BODY

Assume I somehow made an application to the IMF / World Bank requesting a beneficiary fund. I would have to fill in an application electronically or physically, and send it to them for review. The application has to have a reference number and my contacts. This information would be included in any further correspondence with the organizations.

Now, let's look at our already-very-suspicious email.

The email contains no information about me - other than the email address of course - and lacks key pieces of an application such as the application number or reference number. And the most interesting thing is that the sender is requesting me (the receiver) to "confirm my full name and contact telephone number so that they can normalize documents on my behalf and advise me on how to make a claim". That means they not only have my information, they want me to supply them with it to make a 'claim'.

Of all red flags, this is the biggest. The sender does not strive to disguise the email as a phishing email and is outright requesting information classified as Personally Identifiable Information (PII).

Another piece of information missing is about the sender. Organizations include information about the business such as customer care number, location, purpose of the email, and privacy clauses at the bottom of the email body. When an individual signs an email, he or she should include his or her contact number in case the recipient of the email wishes to make contact.

INDICATOR 4 - SENDER INFORMATION

If the red flags above have not convinced you yet, let us analyze the email some more by focusing on the sender information. The sender information is pieces of data sent alongside an email to help identify the email’s sender such as the name, email address, and the IP Address. This information is contained in the email / message header.

The email address used by the sender is w.remmittancedepartmentt01@gmail.com. That email address is a screaming red flag.

First, the IMF and World Bank are international organizations and CANNOT use Gmail for official communication due to integrity, privacy and security concerns. Did you notice that the word department in the email address has been misspelled?

Let's take a technical deep dive into the message headers. Looking at the Received from we see the link mail-wm1-f43.google.com with the IP Address 209.85.128.43. By searching on Whois, we see the IP address is assigned to Google LLC (GOGL). We can be sure that the email was not spoofed to appear as Gmail, but actually was sent through Gmail.

There is a second IP in the headers which indicates the IP of the device that sent the email.

The sender used a computer (From the Desktop keyword) assigned the name DESKTOP-8IAUS20, so it is likely to be a Windows PC. Looking at the Whois Data on the IP 105.112.209.72, we see that it is assigned to African Network Information Center (AFRINIC) which is the regional Internet registry for Africa, whose headquarters are in Mauritius, Africa. Therefore, we can be sure that the email originated somewhere in Africa.

The Verdict

All indicators show that this email is a definite 100% phishing email and a scam, whose origin is somewhere in Africa. The email is poorly imitating international organizations - IMF and World Bank with the intention of collecting names and phone numbers from users. The International Monetary Fund (IMF) and the World Bank are legitimate international organizations with offices across the world; however its official communication emails would not originate from Africa, and certainly not through Gmail. The email is generalized and lacks the sophistication of a modern phishing scam. It is sprinkled with obvious breadcrumbs that are easy to spot. With the numerous red flags, the email is not only to be ignored but also deleted.

Always remember not to reply, click any links, or download attachments contained in emails that you cannot ascertain the sender.