OceanGate disaster spawns advance fee scams, Bitdefender Antispam Lab warns

The search for the Titanic-bound submersible operated by OceanGate Expeditions ended in tragedy for the five explorers set on surveying the debris of the passenger liner that sunk on its maiden voyage in 1912 near Newfoundland, Canada.

While the world was poised on the edge of its seat watching the desperate efforts to find the Titan submarine and rescue the passengers, scammers were making other plans.

Within 24 hours of the US Coast Guard’s announcement that it had found the debris of the deep-sea submersible, fraudsters had already found ways to exploit the tragedy that killed all five members of the expedition.

Beginning June 23, Bitdefender Antispam Lab has tracked tailor-made scams exploiting the accident. In the first version of the scam email fraudsters impersonate Mrs. Christine Dawood, whose husband Shahzada and son Suleman died aboard the OceanGate submersible.

The bogus emails, mostly from IP addresses in the US, were directed to users in English-speaking countries, including the US, UK, Australia and Ireland.

The email begins by introducing Mrs. Dawood, her loss and her alleged decision to use a hefty sum ($18.5 million) deposited by her late husband in a bank in Canada for charity.

The scammers seem to have made use of media articles and rumors about Mrs. Dawood's health.

“Honestly, I decided to donate this money to help motherless/underprivileged/widowed babies as I am dying and diagnosed with cancer and I don't think I can control this bad time in my life,” the phony email reads.

“I have decided to donate our son Suleman's deposit to help motherless/disadvantaged/widowed babies to rest their soul and God accept their soul in heaven; I am going to have surgery soon, I need your urgent response to know if you will be able to do this project and I will give you more information on how the funds will be transferred to your bank account.”

In a second version of the scam, threat actors are contacting users, allegedly on behalf of the late Shahzada Dawood’s lawyers. The correspondence claims to provide users with a part of the family’s fortune and urges recipients to immediately reply with personal information that will allow them to secure the transfer of funds.

Unlike the previous version of the scam campaign, the cybercrooks ask users to fill out their name, phone number and address, and provide a separate email address where they continue the conversation with the scammer.

“I want you to know that I have had everything planned out so that we shall come out successful. I have an attorney that will prepare the necessary document that will back you up as the next of kin to late ShahzadaDawood, all that is required from you at this stage is for you to provide me with your Full Names and Address so that the attorney can commence his job,” the scammer said.

“After you have been made the next of kin, the attorney will also fill in for claims on your behalf and secure the necessary approval and of probate in your favour for the move of the funds to an account that will be provided by you. There is no risk involved at all in this matter, as we are going to adopt a legalized method and the attorney will prepare all the necessary documents.”

Both versions of the email-based swindles clearly illustrate how con artists continuously update their tactics, tailoring their attacks to exploit current events and add new twists to already existing scams.

The ongoing campaign piggybacking on the OceanGate accident is unfortunately just another rendition of a traditional advance fee scheme that costs victims their data and money.

In this type of fraud, targets are asked to wire money as bank guarantees, taxes, legal or other banking fees before they will receive what they are promised.

Likely, recipients who reply to the email or provide any contact information will be tricked into moving the conversation to instant messaging apps such as WhatsApp, where the scam artist will attempt to persuade them to provide sensitive information and wire money.

Tragic and cataclysmic events have been among the most exploited topics for cybercriminals in recent years, from the pandemic to the war in Ukraine, and the humanitarian crisis in Turkey and Syria.

We urge all users to watch out for attempts to further capitalize on the tragic event and to avoid communicating with the scammers.

Our prayers go out to the victims and their families.

Stay safe everyone!