Sophos CEO targeted by email scammer

Steve MunfordSteve Munford is the Chief Executive Officer of Sophos. When he comes down to my floor and walks towards my desk, I realise I better look smart and pay attention to what he has to say.

It turned out that Steve wasn’t delivering my P45, but instead wanted to tell me that he had received an email.

Dear Steve Munford,

I am Dominic Jefferson, Attorney to Late Mr. R Munford, he worked as an Independent Contractor in Togo. June 2008, he, wife and their only daughter were involved in a car accident. I need your assistance in repatriating the fund USD10.5M, left behind by my Late client.

Sign up to our free newsletter.
Security news, advice, and tips.

Seeing as he runs a computer security company, Steve knew that it was an email scam.

But what Steve found strange is that his dad was a “Mr R Munford”, and he did work in West Africa, and he did pass away fairly recently.

Email to Steve Munford

However, there were some mistakes too. Steve’s dad wasn’t married, and he didn’t have a daughter.

Steve’s father’s work in Africa was in the early years of the 21st century, rather than 2008, and he’s not sure if his dad was ever working in Togo.

So, is this just a random email scammer who got lucky on some of the facts included in his email?

Or was this a concerted effort to scam a specific person, using pieces of information he had managed to find about his intended victim?

After all, you can imagine that a Chief Executive of a large technology firm like Sophos might be attractive to a scammer – as they may have a higher than average income. (Mind you, Steve chooses to cycle to work – so rumours of his richness may be exaggerated).

So, we’re not sure what to think of this email scam.

Of course, it’s possible that the emailer sent it to the wrong Steve Munford. So, if your name is Steve Munford, and your father died in a car crash in Togo, feel free to get in touch with Dominic Jefferson (we’ve helpfully left his phone number and email address available for you to use).

But don’t bank on ever receiving that $10.5 million..

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.