Email scam claiming to be a Garda investigation targets potential Irish victims

A new variation of an old scam is doing the rounds in Ireland, pretending to be from An Garda Síochána and asking the potential victim to explain their involvement in alleged child pornography offences.

An email with a pdf attachment is hitting Irish mailboxes.

The email states:

“Dear,

attached is a notification about you.

Your explanations are expected in response to this email within 72 hours.

Good for you,

Head of Service”

The attached pdf holds a more official looking letter that states the receiver is under “investigation for child pornography, cyberpornography, exhibitionism, sex trafficking and viewing photos and videos of a sexual nature featuring minors”, equipped with an Irish flag, the logo of the Department of Defence, Europol and the European Union flag for good measure.

The letter continues to state the receiver is being officially prosecuted for these offences and is required to respond in 72 hours, to explain their involvement, or they may face arrest and end up a registered sex offender.

A bizarre email address is offered at the end (which mixes the An Garda Síochána into the Ministry of Justice of UK, and UK into the EU) to which the victim is supposed to respond and in the signature it abuses the name of Catherine Pierse, Director of Public Prosecutions of Ireland, but labelling her “Judicial Police Officer”.

How do these scams work?

First they tend to frighten the victims with the seriousness of the accusations against them, in this case by invoking sex offences against minors.

Then they threaten them some more, by listing various articles of legislation stacked against the victim and repercussions if they fail to comply, followed by a call to action by giving them a certain short time period in which they must respond to the scammers.

If they do respond to the provided email address or phone number, the cybercriminals behind the scam have found a customer.

Most likely a paying customer, as the victim will usually be asked to “pay a fine” via some untracable overseas transfer method or cryptocurrency, or tricked in some other way to part with their money, such as being offered to bribe an official to have the charges dropped, etc.

Sometimes in such cases even the attachment to the email comes infected with some sort of malware or ransomware.

What should you do if you encounter such an email?

Do not click on the attachment.

Since it may be infected with malware or ransomware it is best left unclicked.

Look for odd language addressing you, such as the misplaced “Good for you” in this email, which suggests it has come from a non-native English speaker or the foreign email address, which indicate this cannot come from any official source.

Official communication from law enforcement does not come in the form of a random email with an attachment anyway.

Flag the message as spam, delete it, do not respond to it (even to just hurl insults at scammers, as this reveals your email address as a legitimate one) and warn your family, friends and coworkers about it, so they don’t click on it either.

While this type of scam isn’t new, the mere fact it is still being used by scammers in mass mailings suggests it must achieve a certain percentage of successful completions, or they would have dropped it and moved on to a different one.

Having awareness about this one and similar scams, increases Irish users ability to detect and avoid them, enabling them to stay safe online.

Screenshots of the scam are available at ESET Ireland’s official blog