Facebook Lotteries to Avoid – with help from AA419

This morning I received a tip from one of the top West African fraud experts in the world, Derek Smythe from AA419. Derek and his team had been in communication with several victims of a “Poker Lottery” scam and had documented a set of linked domains.

PokersLottery[.]me website

The home page of these websites explains how the Lottery works:

Under The Gambling Act 2015, The Poker Lottery Online Board’s Purpose Is To Benefit The Facebook Community By Distributing The Profits From States Lotteries Run By The United State Of America,United Kingdom,Australia And Canada Lotteries Commission.

The Board Is Empowered By The Gambling Act To Make Allocations To Lottery Distribution Committees; The Minister Responsible For The Board For Distribution For Community Purposes; And This Statutory Bodies – A Worldwide Promotion For Disabled, Employed And Unemployed Workers, Retired, Young & Old People. A Sophisticated Automated Database To Randomly Select E-Mail Accounts And Profile Page Owners That Frequently Surf The Facebook. Consequent Upon This, Your Facebook Profile Account Was Chosen As A Winner. 

Doesn’t that sound a bit suspicious?  Sure, if that’s all there was … but wait, there is more!
Each website has a list of the 100 “beneficiaries” who have been chosen to receive a prize!


Today is your lucky day!  Of course, since there are only 100 winners, they needed to make a bunch of these websites.  Derek and the team at AA419 documented quite a few of them yesterday and today, including these:

Poker Lotto domains, from AA419

The “Beneficiaries” pages all looked something like this, where each named individual is someone who has been invited to be scammed by receiving a Facebook message:

Beneficiary List from a Poker Lotto page

Another Beneficiary List Style

As far as we can tell, the “Status” has one of three meanings:

Delivered – you’ve already been suckered.
Not Yet Claimed – you’ve received the Facebook Message, but have not “verified” yourself.
Processing – you’ve provided your personal information, but they don’t have your money yet.

The “AGENT/OFFICER IN CHARGE” link takes you to a Facebook Page, which will be the source of the message that you received via Facebook Messenger.  For many, this acts as a Verification.  They get a message, they follow the link, they see their own name, and when they click “AGENT/OFFICER” it takes them to the Facebook page of the person who sent them the message, completing the loop, and solidifying the concept that this is a “real thing.”

Some of the AGENT/OFFICERs we found were:

It is also possible that the “Delivered” statuses are just decoys, because who would actually fall for these scams, right?  Actually – according to AA419 and their law enforcement friends, these guys have already stolen money from dozens of victims!

So what happens next?  Next, we need to gather a bit of personal information so we know where to send your money, and make sure that we file your tax information about your winnings:

Necessary Information to Claim Winnings

There were actually several versions of the Verification Form, with some asking for an SSN while others did not.  We believe this may indicate what country that particular form was targeting.  For example, many of the victims were in South Africa, which does not identify their National ID number as a “Social Security Number.”  By not having that field, they may avoid raising suspicion.

Quite a few of the websites are hosted on SquareSpace, who thankfully has been terminating the domains as AA419’s team swung into action!  Thankfully several of them now look like this:

Well Done, SquareSpace!

So how much did the victims lose?  Strangely, it appears that you get to choose your own winnings, depending on how large a payment you are willing to make.  Yes, as you may have guessed if you are familiar with 419 Scams, there is a small fee that needs to be paid.

Cheap? Pay $1050 to claim $50,000.  Loaded?  Pay $420,000 to claim $20 Million!

On the form one fills out to choose their prize, note that one of the required fields is that you must upload your photo id!!!

Our advice?  Perhaps you shouldn’t do that!

US Government Facebook Lotteries?

While Derek and I were exploring the sites and looking for additional ones, we realized that there is another version of the scam that imitates United States Federal Government Agencies.  All of the above works in exactly the same way, however instead of being branded “Poker Lotto” the websites take on a more “Official” tone.

The first one we found claims to be a service to help those who find themselves unemployed run by the United States Agency for International Development (USAID).


The USAIDWBENEFITS[.]COM website is hosted in NameCheap’s data center in Los Angeles on the IP address

There are sixteen pages of beneficiaries who have won the USAID WORLD BENEFITS award, listed in alphabetical order by first name

USAID Benefactors, from A … 

… to Z 

The other US Government agency we found being abused in these scams was the Department of Labor.

wcabcompensations[.]com and also wcabdhhs[.]org

The “Winners List” from wcabdhhs[.]org

The WCAB / DHHS site is more advanced than the Poker Lotto sites, though not as advanced as the
USAID site, which seems to be the most recent in the evolutionary chain.

The Department of Labor doesn’t seem to have as much money as Poker Lotto.  The “Claim” fees are smaller, but then so is the maximum prize:

Don’t copy this!  It is (C) 2019 the Workers Compensation Appeals Board and the Department of Health & Human Services!

I’m not quite sure what the National Endowment for the Humanities has to do with this one . . . 

The address information left behind on this “Contact Us” form tells us a bit about how long these scams have been going on.  When we searched on the address information with the phrase “Claim Your Grant” as part of the search, we found that the National Endowment for the Humanities put out a press release on June 21, 2016 warning people about exactly this type of scam!  See: “Scam Impersonates NEH” on their website.

The Workers Compensation Board version of the scam is likely just as old, as one of their “AGENT” Facebook pages that are listed on these scam sites was created in 2015 and updated in 2016!  People may have been receiving notices of Lottery winnings from her account for a Very Long Time!
Asuncio from the Worker’s Compensation Board has the odd Facebook Handle “CLAIM IT ONLINE1” 
The other Workers Compensation Appeals Board website did have an option to claim a LOT MORE MONEY, but you also had to pay a much larger fee:

$15 Million!  And all I have to send to Nigeria is $1.2 Million!  What a deal!

A Facebook Lottery?

The last lottery of this type that we explored actually imitates Facebook itself.

The Facebook Benefit site also uses “A Sophisticated Automated Database to Randomly select E-mail Accounts And profile Page Owners that frequently surf the Facebook.”
They like to capitalize almost as much as ME!

fbusersbenefit[.]com Beneficiary List

The agent for this one was – 

Could You Do Us A Favor?

WHEW!  That was a lot of Lottery Scams to review.  Could you do us a favor?
First, please share this blog post with your friends so they will be aware of this type of scam. Victims tend to be elderly and perhaps more trusting of computers, so sharing this with your older friends might be helpful.
Secondly, if you, a friend, or a family member has encountered any of these lottery scams and have saved any of your communications from the scammers, it would be SUPER HELPFUL if you could share that information.  Especially if you have email addresses or bank accounts that were used by the scammers.  
Feel free to leave me a comment below if you’d like to pass it to me, or if you are in the United States, please take a moment to share your details with the FBI’s Internet Crime and Complaint Center,   The great people at AA419 work closely with the website and would love to have you report details about anything you may have experienced related to this or other scams by visiting the Scam Survivors Forum.

*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner, UAB. Read the original post at: