/ Money, Technology

Could you spot a scam email?

scam email

The Office of National Statistics reports nearly six million fraud and cyber crimes are committed every year, with one in ten falling victim. So are you savvy at spotting scams or could a fraudster fool you?

If I believed everything I read in my junk folder I would be the lucky winner of countless competitions I didn’t enter, apparently several banks need me to urgently confirm login details and PayPal is threatening to close my non-existent account.

Many scam emails are easy to spot – any message addressing me as a ‘valued customer’ is immediately expelled to the virtual bin. But, so-called ‘phishing’ attacks (messages that attempt to trick you into revealing personal or financial information) have become increasingly convincing.

Spotting a scam

For the first time, the Office of National Statistics has revealed the true scale of people hit by cybercrime and fraud showing that people are 20 times more likely to become a victim of fraud than they are of theft.

When we asked over 1,000 members of the public if they could spot the difference between real and spoof emails, we found that many people were fooled by more sophisticated scams.

A quarter of them fell for a fake BT email asking customers to update their email addresses – the links embedded appeared as ‘bt.com/ linkemail’, but in reality these led to a bogus web page where scammers could potentially steal their details.

An Apple iTunes message asking recipients to confirm a specific purchase split the public right down the middle: 50% correctly identified it as a phishing attempt, but the rest were either unsure (27%) or convinced that it was a real message from the company (23%).

The public were on the ball when it came to a ‘NatWest’ email though, which 79% correctly identified as a fake. And a ‘PayPal’ email which 74% recognised as a scam.

However, in both cases a handful of people were duped by the forged sender addresses which appeared to come from the real companies. If they’d fallen for these messages in real life, they might have handed scammers everything they needed to commit ID fraud – or even raid their bank account.

Test your scam spotting skills

So how do you think you’d fare at spotting a scam email, why not put you scam spotting skills to the test in our quiz.

How did you do? The truth is it can be tricky to spot some scams as some can be very sophisticated and convincing. Fraud has reached record levels costing us £9bn every year. That’s why we’re calling on the government to take action and ensure businesses are doing enough to help safeguard us from scams.

So have you come across any dodgy looking emails recently? What did you do with them?

Comments
Profile photo of duncan lucas
Member

Is that quiz in the above Convo for real ? .I labeled them all fake , it said 3 out of 7 but some got passed you ?? Really ?? NONE got passed me , I pass myself 100 % safe . Because some were real you judged them as allowing fake ones to pass through -wrong ! . Thats twisted logic . For the record —its been many years since I let an bad email through–scammers/ rip-off emails / phishing emails etc . In the early days of Internet use –yes but now I can not only see them as fake , I can smell them as fake, Look at the URL for a start and there are other ways to see if it is genuine or not.

Member
tim says:
24 July 2016

Fully agree, Duncan. I’ve just failed the first example(by marking it as fake). But the loss for marking a real email fake is minimal compared with the other way round. And the test emails did not allow you to test where they’d come from or where the reply would go. OK as consciousness-raising exercise, but must be marked down heavily for not taking into account relative risks!

Member
Marilyn Smith says:
28 September 2016

Lucky you – after the first one all I got was black, blank pages!

Profile photo of duncan lucas
Member

Marilyn – do you have any security plug-ins relating to java script or other types ? I have disabled two of mine on Which otherwise I would have big problems .

Profile photo of wavechange
Member

I agree with Duncan. No responsible company should be expecting us to click on links in emails. The only safe advice is to ask us to look up the contact details of a company (or other organisation) and contact them. I have not been scammed and don’t expect to be.

Profile photo of malcolm r
Member

I managed 6/7, but a couple I put as real i was nervous about because they contained links. I ignore any links in an email and go direct to the site, either through a web search or, it is my bank etc, through the link I have stored. You never know whether a link purporting to be an email response, or an opt out, is what it says. (Well, experts no doubt know looking at the URL, but most won’t I suspect). We should encourage institutions that may make us vulnerable not to use links.

Profile photo of wavechange
Member

URLs can be spoofed, just like email addresses. Many of the links don’t even show the URL, just a button or highlighted text. This has been known for years and it needs more than encouragement to address the problem.

Which? should not recommend any company that fails to take security seriously.

Profile photo of duncan lucas
Member

wavechange – email URL,s can still be spotted even if they block you by “boxing” part of it and adding > which stops you getting the full URL . As a matter of fact (BT are you listening ) a persistent guy is still trying this out thinking i am stupid enough to to click on porn etc . Never going to happen ! but it shows up Critical Path very badly.

Profile photo of duncan lucas
Member

For a deeper analysis , for those unsure of whether to click on a website go to -scamadvisor.com and urlvoid.com , input the website and they will let you know if it is legit or not . Both of those organisations are of long standing and good reputation on the web.

Profile photo of Patrick Taylor
Member

Rather an idiots quiz. I spotted all the possibly true and all of the fakes. However as I have no relationship with the banks and organisations mentioned that were true the correct response is do not click on them at all as for me they are fakes.

Given I always have the email send address and everything else open in my browser I always check this info.

If one does not have this info open, or if it does not appear on smartphone screens I can understand more why people might be conned.

Incidentally because I also have a No-script script blocker open by default I could not see the quiz at all. Perhaps Which? ought to mention that you need to reduce protection to see the quiz.

In case you wondered there seems to be 16 active companies on this page other than Which?. Google featuring prominently.

Profile photo of duncan lucas
Member

Diesel I didnt want to be impolite with Which so I mentioned the number of trackers here I didnt make a big issue of it as I have made “concessions to Which and WordPress in that they allow me to post as I am a bit radical and WordPress is actually used in some US radical sites I post on , so I think it has a Liberal attitude when compared to fox news CNN and a whole host of US websites where I was banned right away . I have 429 trackers blocked on Privacy badger , except wordpress but I have blocked all the Google trackers you talk of . There are 45 Google trackers blocked but only a much smaller number apply to here . Like you I have NO Script but in another obligement to Which I labeled it safe (white listed ) which allows me to use the quiz . Diesel I wouldnt be too harsh with Which there are much ,much worse websites on the Internet. I also have two other comprehensive blockers that are even better than some anti-virus companies when blocking bad URL,s and virus websites as well as HTTPS everywhere + clean links . Yes it slows Firefox down and some sites look text only but I can live with it for safety.

Profile photo of Patrick Steen
Member

The quiz software is developed by a company called Riddle. On the other cookies – all the Amazon URLs relate to our server as we use Amazon Web Servers, based in the EU, to keep the website up for you to access. Google Analytics is how we track the traffic to the website, which pages are visited and where the traffic has come from. DoubleClick relates to the panels you sometimes see on the right-hand side, showing our nuisance call reporting tool for example. I hope that explains what those are.

If you’re interested to read about our cookie policy, you can here: http://www.which.co.uk/privacy-policy/cookie-policy

And I hope you found the quiz fun nonetheless – we’ll post the statistics on how everyone is doing at a later date 🙂

Profile photo of william
Member

Too easy 7/7.

So to getting scam emails, I guess my provider does a good job of blocking 99.999% of them, although they do tend to block a fair number of legit emails too.

I do hate it when companies embed links in emails but use different words to hide the actual URL. Hello, that’s exactly what scammers do. Banks etc should be banned from doing it, so at least, the scam emails will be more obvious to spot. They should also be banned from routing through ad mailers website too for the same reason.

Profile photo of John Ward
Member

I erred on the side of caution and put the E-Bay one down as a fake. I am not familiar with how E-Bay writes to people so it was a right-side failure. I got all the others right after due consideration but was not happy with some of the genuine ones. I have written before about the sloppy use of language and casualisation of serious messages from commercial organisations and I have taken it up with companies to no avail. The E-Bay one was a good example of a bad communication and I was very disappointed by the NatWest one with clumsy language, an “&” in a sentence, and the command “logon” shown as all one word. Companies must write correctly and carefully if they want to distinguish their communications from the increasingly clever scam messages. Trying to be friendly in official communications plays right into the scammers’ hands with their love of contractions [“you’re”], exclamation marks, and false courtesies [“sincerely”] as it makes their text more plausible.

I agree with previous comments that there need to be much better safeguards before people are invited to click on links; my building society at least gets my name right and includes my postcode as a reality test. Not perfect, but it’s a start. I would prefer it if they wouldn’t send me marketing messages but if I unsubscribe I am concerned I might miss something rather important one day.

Member

My bank ALWAYS addresses me by name that’s why a I said the Nat West one was fake. I studied them all for just a short time to make my decision about them. Take your time with all Emails and if in any doubt as someone else’s opinion or just delete. You must play safe with unexpected Emails

Profile photo of Patrick Taylor
Member

Can anyone tell me if smartphones only show limited source information ? I get them exceedingly rarely and never from unknowns.

It seems very important that if more people are using their phones for banking [or is it using the smartphone more often?] then there must be high security levels and seeing the source is important.

Profile photo of duncan lucas
Member

Diesel- all cell-net phones have different methods of finding URL,s on them. But as usual, in the US you can get all your calls monitored and be able to download all the info of who called you —at a price . Again as I have said before not available from our “great ” UK exchange service.

Member
jacqueline Dickinson says:
22 July 2016

If I don’t know the sender personally, I just delete every thing. If I miss something genuine, tough.

Profile photo of duncan lucas
Member

Now thats the right attitude Jacqueline !

Profile photo of duncan lucas
Member

Diesel you were talking about trackers and I said there were worse than Which. I get emails from a government dept dealing with public info on Brexit etc and decided to click on one item dealing with Brexit –it was blocked by another specialised blocker which announced I would be tracked by their servers –fair enough but I was aghast when not only did it mention that server ,it mentioned I would be tracked by an AD server – thats right making money out of giving me info by using third parties to try and find my choices and hit me with them . Best of luck as three of my blockers block ads so it wouldn’t have worked anyway , but sly ! and the government too . So ,as I said dont bother about Which it could be worse —much worse !

Member
Bernard Hunter says:
23 July 2016

Is Which really telling us it is ok to click on a link in an email when we cannot be sure who sent it (first example re eBAY)? Surely that has to be incorrect advice.

Profile photo of duncan lucas
Member

That got me worried too Bernard , thats why I put them all down as scamming in the quiz . While I can spot any dicey email the scammers are getting very good at reproducing the real thing .

Profile photo of Patrick Steen
Member

Hello Bernard, thanks for your comment. The quiz is simply spotting the real emails from the fake ones. It shows how sophisticated some of these emails are getting.

Some of the real ones aren’t great. For example, the email from Natwest, although real, does not address the sender by their name. This is something all banks should do – we contacted Natwest who said they are going to update their systems to ensure this is done in the future.

This is why our scams campaign calls on companies to do better to protect their customers from scams.

Profile photo of wavechange
Member

If the NatWest email had been sent to ‘John’, some people could be taken in. Including the full name would be better, but some people have common names, for example John Smith. In any case, it is easy to find people’s names, judging from the amount of junk email and nuisance calls many of us receive.

I don’t mean to be rude, but please can you tell those who advise us about security that the only safe approach is not to click links, and if the email is from a company or organisation that you have dealings with, to look up their contact details and make contact with them. I wonder how many people could be scammed by following the well meant advice here.

Sorry Patrick – I realise you are only the messenger.

Profile photo of duncan lucas
Member

I must back up wavechange here , again it is not meant as a criticism against you Patrick. If you accept that the US is mostly ahead of us in many public departments relating to safety of the nation and its citizens and that I have a lot of inner knowledge of how they work, like the NSA/FBI CIA etc , one thing they do that I actually like is comprehensively protect Joe Public US . The FBI and other government departments advise NOT to click on links in emails , they are quite explicit in this and the seriousness and care they take with their own citizens in reporting /investigation on public behalf ( just visit their websites for info ) makes me wonder whats going on in this Convo.

Profile photo of John Ward
Member

To be fair, the UK government consistently warns people not to click on links in e-mails and to check the authenticity of communications. I wish our banks would support the official advice and not include links in any of their customer communications. I feel that the standards in banking should be higher than in commerce generally. There are thousands of e-mails which contain links, for example the Which? Connect surveys that arrive every few days, and for convenience I do indeed click through to the survey . But then, I trust Which? and would be more hesitant with an unknown or irregular e-mail.

Member
Graeme says:
3 October 2016

My bank would never contact me by Email. In the past they have sent a letter to me and asked me to verify the letter in my nearest branch before giving out any information. Now that’s what I call security

Member
sue says:
23 July 2016

Several of the emails were from banks/companies I don’t deal with and would therefore have ignored. At least one was from a bank I do have an account with but they do NOT have an email address for me so I would have instantly have deleted it.

Member
david raymond says:
23 July 2016

If in doubt call the “sender”

Member
Malcolm Parnell says:
23 July 2016

I think that this quiz is simply to highlight the methods used by scammers and raise awareness of them rather than a check on which banks etc you already use and familiarity with how they contact you. I got 6/7 right, the Pru one I got wrong by erring on the side of caution, on a matter of principle I NEVER click on a link in an email about ANY financial matters but go to the website via a stored link. On another matter of principle I NEVER disclose personal details on websites which I’ve visited as a result of speculative, unsolicited emails.
Occasionally I google email or web addresses to check out a company or email for a possible known scam before doing anything (except delete it) then if doubtful alert family and friends. Bottom line is you can’t be too careful but there are a lot of good things out there too and not everything is a scam so judgement, experience, knowledge and care are the order of the day.

Member
Meryl Johnson says:
23 July 2016

I got 5 out of 7 but the last two I wasn’t sure about and said fake instead of real. I’d rather be safe than sure though.

Member
Ron Ravenhill says:
23 July 2016

Failed just one, Q3 Barclays. I totally disagree Which as, it states to login online. If you login online to any financial institution with that financial institutions official link saved, and not that in any e-mail, it’s then you would discover it’s a fake, and not from the example alone. Anybody agree/disagree.

Member
Stuart says:
23 July 2016

I got them all correct except the NatWest one. Apart from “Dear Customer”, I would be suspicious of any communication that uses non-words such as “pre-advice” and “logon” instead of “log on”.

Profile photo of John Ward
Member

The NatWest example was very badly written and presented. I wonder how long that particular template has been in use without any competent person in the bank reviewing it. Rather worrying really. I should have thought it would be an internal protocol for any mail-outs to be submitted in draft to their fraud prevention team for clearance. In a sense it’s been an own-foot shooting exercise for them because many customers would have regarded it as a scam and disposed of it. Ideally, banks would not send out any customer messages by e-mail as it is all too easy for scammers to mimic the template for their own fraudulent purposes.

Profile photo of wavechange
Member

The cost of scams will to some extent be shared by other customers. Efforts to get companies and other organisations to improve the standard of their written communication has generally been effective, so perhaps we need to focus on security issues.

I don’t know how much fraud costs business, but employing someone competent to critically review all forms of communication is likely to be money well spent.

Profile photo of John Ward
Member

It is likely that the perpetrators of scams have accounts with the banks whose customers they attack so they can be up-to-date with the types of communication routinely issued and model their e-mails accordingly. In fact, they are probably ‘valued customers’ if their criminal efforts are successful.

Member
AnnaDan says:
23 July 2016

7/7 right. Not such a stupid 82 year old!

Member
Robert Harding says:
23 July 2016

Sorry Which? but I’m not impressed by your fake email quiz. You gave me 4/7 but didn’t observe that I spotted all the real scams, and classed 3 of the “genuine” ones as unsafe because a) you didn’t give me the chance to check their “from” addresses, and b) they all contained links that I couldn’t examine, and c) no security conscious organisation should EVER present a link in an email. There should just say “log in to you account and check ….”. No-one should EVER click on a link in an unsolicited email. It annoys me that eBay is sending out that “check you details” email in that form, for example.

Profile photo of DerekP
Member

I agree with the principle of “No-one should EVER click on a link in an unsolicited email. ”

Simple rules like that can help keep us safe. If we have to stop and think, then we risk making errors that compromise our security.

I recently contacted my bank after a targeted but unsolicited call from them, which had asked me to confirm my identity by giving details such as my date of birth etc. I refused because it is poor practice to disclose any such details in response to an unsolicited call. When I refused, the caller hung up – which made it seem even more like a scam. My subsequent contact confirmed that it had been a genuine “marketing” call.

Profile photo of Patrick Steen
Member

Hello Robert, thanks for the comment. Some of the ‘real’ emails weren’t great, so well done for being cautious. We’ve asked Natwest to ensure they use the customer’s full name, for example. I’ve also tweaked the end of the quiz to reference that you may have been extra cautious.

Member
DaveH says:
23 July 2016

What a very silly quiz. I’d normally hover over email addresses and links, to detect dodgy emails, but can’t in this quiz. Waste of time.

Profile photo of John Ward
Member

Yes. Dreadful. 72 seconds down the drain. Whatever next?

Profile photo of Patrick Steen
Member

Hi Dave, that’s good advice to do that. It’s hard to add that functionality into the software, so we’re just testing the visual cues to spot in emails.

Profile photo of malcolm r
Member

Email received
“We are looking for UK residents to test the Dyson DC50 Multi floor Vacuum Cleaner against the Philips FC8810/01 Robot Vacuum Cleaner

Can a robot vacuum cleaner really do as good job as the Dyson? Does the Dyson even compare to the vacuum cleaner you currently use?
If you are chosen as one of our product testers, all we ask is that you provide us with an honest and fair review and in return, you can keep both products with our thanks.”

Is this too good to be true……….? Anyone know? I wonder how many will reply to it with what consequence. Just a hard sell? Or………

Profile photo of wavechange
Member

I’ve not seen that one. I guess its for suckers and they will take them to the cleaners.

Profile photo of duncan lucas
Member

Another scam malcolm , its one of many in the same vein that are aimed at information gathering —YOUR information . They usually mean you have to fill in your personal details in order to qualify for the “prize ” (non-existent ) – quote- so that the prize can be delivered to you we require this or that personal info. There is no way shape or form that the robot vacuum could practically compete with the Dyson . Even if it was kosher I have looked at those emails that other people get over the years and they want your info for third parties . Dyson are not doing well on those ball vacuums in comparison to their older models which I have , they turn up in droves at car-boot sales selling for £30/£40 but try and get an older model and your talking £50 .

Profile photo of malcolm r
Member

If it looks too good to be true………………… But I wonder how many people will respond?

I’ve also had a spate of emails offering 500 GBP vouchers for different supermarkets. Not from the supermarkets of course. Why should anyone want to give me 500 GBP………..?

And a “free” ipad – offer extended – with life insurance. Small print “* iPad Mini offered on selected insurance policies, requires a minimum monthly premium of £100 and a policy term of 12 years or more.* On selected products .

People need to learn just what “free” doesn’t mean. That “free” ipad mini that you could buy for £300 will come only when you agree to spend £14400 minimum.

Profile photo of duncan lucas
Member

And it is too good to be true malcolm , although I have found many like it on the web seeming to be the “real thing ” I have also got conformation I am right .-Product testing scam promises free iPhones and other fake gadgets – 6-7-2016 you could be told you have to purchase something like “testing for D ummies ” or “teach yourself Products trials -cost £25 /you are asked to join a product testing panel -cost £10 by DIRECT DEBIT – thats right your banking details on a NON high secure banking website ,it will be taken each month from your banking account . Flattering as it may sound there is no way firms developing products want your opinion . If you are promised cash or expensive gadget for a “few minutes work ” steer well clear = lovemoney.com/news/11741/beware-the product-testing-scam. And the other ones – 10 minutes of filling in a survey to see if you qualify including all your personal details -get the message ?

Member
John Copland says:
24 July 2016

My score was 4/7 and I identified the fake emails 100%, but erred on the side of caution with 3 genuine emails. Despite my erring on the side of caution the commentary I received at the end of the test suggested that my score was simply “good” and that I had allowed certain emails to slip past me and that this showed how easy it is to be fooled by sophisticated phishing attempts. Who on earth compiled this test?? Surely the end result is to show that you treat all such emails with suspicion and access the sites through normal secure channels. The test appears to be telling me to relax my security and click on links if everything else seems OK.

Profile photo of duncan lucas
Member

As you are not the first to comment on the reasons why John ,it backs up my suspicions that this is a test to see if BB can break down your genuine aversion to clicking on links in emails so that more business can be transmitted over the web by emails as well as advertising . When I read week in -week out of millions being scammed worldwide on international websites and business tech websites by doing just that—clicking on an email by those who dont know the pitfalls involved it makes me very upset.

Profile photo of Old_Deuteronomy
Member

I’m with John and all the others who have highlighted the illogicality of this ‘test’. Fail safe rejection is better than taking a chance. I NEVER click on links in unsolicited mails but, if interested, separately go to the provider’s genuine website and investigate there. To give me a mediocre score for being careful seems to the exact opposite of all the warnings issued by anti-fraud agencies. Back to the drawing board, methinks.

Profile photo of Patrick Steen
Member

Hello John, thanks for your comment. The quiz is simply to spot the fake from the real emails – considering some of the real ones aren’t great does show you’ve done a good job of being suspicious. I’ve tweaked the paragraph at the end of the quiz to reference that thanks to your feedback 🙂

Member
Arthur Phllips says:
27 July 2016

To be fair, the quiz simply highlighted the convincing appearance of fake e-mails. It was not trying to catch people out. However I think Which should have given more importance to avoiding clicking on any link in an unsolicited e-mail, since such a button could just as easily be a download command to place a virus on the computer. If any genuine company, particularly my own bank, is stupid enough to send me a link in an unsolicited e-mail, then they deserve to pay out when fraudsters copy them convincingly but they shouldn’t then be passing the cost back to me and other innocent customers in the form of bank charges.

Member
Jackie says:
27 July 2016

Fresh from a vishing scam I think it is important to share the method the criminals used on me. I got a call from Microsoft alerting me of a high level of alerts from my I.p address I questioned how they got my home phone number they said they are linked to the government and security is key to them and if I did not purchase a security package they would not allow me or any other device in my household access to Windows!
The engineer from Microsoft gained remote access to my computer there it showed me that a bug was duplicating and infiltrating my bank account and all of my activity. The polite man offered me a reduced security package from Microsoft the engineer created a safe online link.
I questioned everything I don’t think I am a gullible person my guard was down they new my computer was slow, my Facebook was hacked they showed me this and I knew this I foolishly finally relented and logged into my online banking the screen went black many times I saw and read the security verification before logging in but that page was created by the fraudsters the minute my summary page came up the polite man from Microsoft disappeared and a foreign language was spoken the man asked if I spoke that language (I am not going to say what there is too much hate in the world and this was a criminal) he then told me he was taking all of my money to pay for his daughters wedding the computer switched off the line went dead.

Talk about a kick in the gut! My Son got me to phone my bank the shut the online banking down and investigated. This slime of human paid the money into my biggest payee to create a familiar pattern in my banks eyes and would have lay dormant until a bigger amount was worth it to them. Sly, sleek and sick. My computer was cleaned but is beyond repair my bank were fantastic. But I feel distraught I was taken in.
They planted a virus a week ago I saw the icon never touched it but did intend on renewing my security package.
I am not greatly computer savvy just basics but I have learned a invaluable lesson for my children and I.
This has to be brainwashed into the world via media, 1 or 2 tv adverts is not enough it’s more important to protect good intentioned folk with computer / online advice than what car to buy or programme to watch.
I know people will think how could she fall for that! It was truly very convincing.
Take care

Profile photo of chrisjohnson
Member

use PureVPN UK VPN Service to stay safe online

Member

Yes i have had a lot scams on here and letters 4 which was from Habib Bank Scotia Bank Canada two different ones from south Afarica and this morning one Union Westerner which i got copy out and took to there office in Glasgow and it is the first one seen and was shock and one from a Linda Biggs the letters started from the Netherlands now thy come from St Margarita and now i send them to scamdex who are dealing with these complaints from all different poelpe who are having the same trouble i was surprise to read some of them

Member
Linda Brown says:
30 September 2016

l have never been scammed by an e.mail but the quiz made me a little hesitant in some of them specially
the bank one l usually report to spam if in doubt

Member
Alexander Holdom says:
30 September 2016

Natwest.com/online does not exist, so No.5 I think (the Natwest one) must be a con!!!!

Profile photo of John Ward
Member

In the last few days I have received this e-mail message and obviously have been wondering whether it is genuine or fake. There are one or two clues and I have decided on balance that it is unlikely that I would soon be in receipt of US$12.5 m.

This is a mail from the desk of the Director Funds Declaration Manager, Bank Negara Malaysia in person of Dato Li Ming Ong. We use this opportunity to apologies for the delay of your payment and all the inconveniences and inflict that we might have indulge you through. However, we were having some minor problems with our payment system, which is inexplicable and have held us stranded and indolent, not having the aspiration to devote our 100% assiduity in accrediting foreign contract Payments. We apologize once again from the records of outstanding contractors due for Payment with the federal government of Malaysia, your name was discovered as next on the list of the outstanding contractors who have not yet received their payments and as the Funds Declaration Manager of Bank Negara Malaysia, I Dato Li Ming Ong will do everything humanly possible to make sure these transaction is concluded in good faith. I wish to inform you now that your fund is in square peg is now and can be voguish, your payment is being processed and will be released to you as soon as you respond to this letter. Also note that from my record in my file your outstanding contract payment is US$12,500,000.00 (Twelve Million five hundred thousand United States dollars). Kindly re -confirm to me the followings: . . . . As soon as this information is received, your payment will be wired to your nominated bank account directly from our onshore bank of settlement or via Diplomatic Delivery of your fund in Legal Diplomatic Consignment Box to your valid home address. [etc, etc]“.

I also am now in square peg and feeling voguish.