In days of old, a man without a signature would just mark an 'X', but today it seems like there is another, more common, signature. I was doing some work the other day and came across a Word document that had an attachment. It turned out to be a phishing scam but part of the document caught my eye.

The signature did not match the name. The name was Dr. Simon Brown and the signature looks like this:

The signature was for Carl A. [indecipherable]. This made me wonder if it was just some generic image of a signature that scammers use. So after a search through our file collection and a stroll around the internet I found that I was correct - this is one very popular signature indeed with the phishing community. Now there are many blogs and sites out there that cover these scams in far more detail but this is what I found about files with this image embedded in it.

  • There have been scams using this signature in them since at least 2006.
  • The following are some of the names that have been attached to the signature in the phishing attachments:
    Dr. (Mrs.) Felicia Daniel Dr. (Mrs.) Mercy Hartemink Dr. Austin Benjamin
    Dr. Ferguson Andrew Dr. Frank West Dr. George Williams
    Dr. John Briggs Dr. Larry Smith Dr. Mack Anthony
    Dr. Mark Brown Dr. Mark Winters Dr. Martin Evans
    Dr. Matt Brown Dr. Richard Morrison Dr. Robert Mueller
    Dr. Smith Brown Dr. Smith Don Dr. Smith Williamson
    Dr. Steve Mark Dr. Tom Wilson Jenni Falconer
    Michelle Falkosky Mr. Christ Rawlins Mr. Daniel Rougerie
    Mr. Evans Henshaw Mr. Graham Smith Mr. James Norris
    Mr. Muhtar Kent Mr. Roberth Mueller Mr. Teddy Kennedy
    Mrs. Brunelli Naleen Mrs. Elizabeth Walters Mrs. Lisa Parker
    Mrs. Lourdes Vidaurre Mrs. Nicola Mckeon Mrs. Patricia.S.Brown
    Mrs. Rita Brown Mrs. Rosemary Clair Prof. Alex Kingston
    Prof. Martin Johnson R. Simon Brown Rev. James Moore
    Rev. Robert Morgan Sir. Muhtar Kent
  • At least 15 had the title of "Coca Cola Games/Lottery Coordinator"
  • The documents are all related to winning a prize of around £400,000 to £1,000,000 from different companies in England.
  • The following company names are among those that have been used illegitimately in these fake lotteries:
    BBC
    British High Commission
    British Telecom
    Coca-Cola
    ESPN
    Fifa World Cup
    Golf international
    Microsoft
    Nokia
    Toyota
    UK Lottery
    Yahoo

I suspect many of you have seen these emails, but if not they all follow the same sort of format. They tell you that you have won a prize and ask for a whole bunch of details so that you can claim that prize. I even came across one that wanted a photo. For those who have not seen them here are a few examples. Please note the signature on all of them, it should look familiar.

The oldest reference that I found to the signature on the web is a shipping company that dates their website to 2003. This leads me to believe that this was an open source image that the scammers have enjoyed using. (Unlike the various logos you see above, which are trade and service marks that are used illegally.)

I still do not know what the original name was though, Carl A...

- Michael Johnson
MMPC Melbourne

P.S. I do not think that I need to say it again but never open an email from someone that you do not know. It is very unlikely that you have won the Coca-Cola lottery or any lottery for that matter. Please use safe practices when dealing with email.