Advance-Fee Scammers Impersonate Exiled Afghan President to Defraud Unsuspecting Recipients

Amid the chaos surrounding efforts to evacuate thousands of people from the Kabul airport in Afghanistan, cybercriminals have come up with yet another contemptible way to defraud internet users.

In the latest advance-fee scam picked up by Bitdefender Antispam Lab researchers, fraudsters impersonate exiled President Ashraf Ghani to trick unsuspecting victims.

Telemetry shows an outreach of a couple of thousands of emails sent from IP addresses in the US and India. The subject line conveniently reads “Message from President of Afghanistan!” to ensure that any recipients who receive the email will feel at least a little tempted to click and read the message.

Unfortunately, this attempt to exploit the unsettling events in the war-torn nation comes as no surprise, as scammers often piggyback on major world events, capitalizing on fear and misinformation with devastating financial impacts for victims.

“My Name is Mohammad Ashraf Ghani Ahmadzai an Afghan politician, academic, and seasoned economist who was the 14th president of Afghanistan from September 2014 to August 2021 till I was overthrown by the world-known Taliban, in a coup that not only saw me in exile but also led to the chaos in my country,” the email reads.

The letter continues as a typical advance fee scam, with the fraudster asking the targets to help secure a large sum of money.

The scammers’ story is somehow consistent with the most recent news headlines, including the alleged accusations that the former Afghan president fled the country with $169 million in state funds.

While Mr. Ghani has denied these allegations in a public statement streamed live from the UAE, the email states otherwise.

“I am currently in a secured country writing you this message after I fled my country due to the rebels and terrorists overpowering my Government, and I am aware you can also see and watch it on the news, such as CNN Aljazeera And Russia today, I write this secured letter with many pains as lots of foreign and regional powers have deserted me during this great tribulation, but Alhamdulillah, I left my country with lots of physical cash totaling about 800 million USD,” the scammer ads.

Victims are promised a significant share of the money for their support. The email provides no further details. Typically, recipients who respond to such emails are asked for up-front payments for bribes, transfer fees, and legal documents – payments usually made via wire transfers to a scammers’ account.

“I am hoping that you will get back to me with your details to be able to facilitate these funds to your choice of destination to help secure it for my future and return,” he says. “I will be glad to offer you a certain percentage when we get to a good understanding of each other, and how you can be of help in receiving this total funds, I will be happy to hear back from you, as this is a very urgent issue that needs urgent attention.”

Spotting red flags and protecting against advance-fee scams

Any unfamiliar email that pops up in your inbox and asks you to help move a large sum of money from one country to another in return for percentage or cash should be deleted immediately.

It only takes common sense to protect your money and personal information from scammers who promise you an easy way to get rich. Just ask yourself, why me? You don’t know the person, and there is no reason they would trust you with millions or hundreds of millions of dollars.

Always keep a wary eye out for poorly written emails that urge you to act immediately. In some cases, the fraudsters even send official-looking documents to gain your trust. No matter how many documents or pictures they send you, never provide account numbers, personal information, transfer money or open up new bank accounts for these individuals.