Advisory 5

TLP Rating: White

Email Scam Alerts

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) provides the following advisory. This is to advise all Internet users in Vanuatu that there are Email Scam threats received by users in the following form/format with Subject header:

  • "This email address is being protected from spambots. You need JavaScript enabled to view it. is hacked"
  • "Google Reward End Of Year Promotion 2018” Lottery
  • "Gmail Lottery Awards"

At this stage, the threat is categorised as the following: Email Scams, Email Spams, Phishing Emails, Extortion Emails, and potentially Blackmailing.

What Happened?


Take careful measures and attention to emails received in your email inbox before evening thinking and attempting to click on the email or any associated attachment.

There are recent reported cases within Vanuatu, received by CERT Vanuatu on similar Email Scam threats. These Email Scams are sent out randomly to users, requesting for sensitive personal information. Below are some examples:

Figure 1: Email Scam - Extortion Case

Figure 2: Gmail Lottery Email Scam

Figure 3: Google End Of Year Promotion 2018

Email Scam Type 1: - The Extortion Approach

The "Extortion Type Email Scam" claims it has compromised and infected your system (computer or laptop) with a virus (Trojan). It claims to have access to all your personal information such as contacts, files from your computer, photos and videos. The scammer would then request the victim to send payment in the form of Bitcoin (BTC) in order for the scammer would delete all the files and not upload the files to shame the victim.

See Figure 1 above for more information on the type of email received.

Email Scam Type 2: - The Google Lottery Approach

The “Google Lottery Email Type Scam” uses the following email subject header: “good news” or “OFFICIAL NOMINATION LETTER” to send out email scams. The masquerader leverage on Google and Microsoft in United States to inform the email receiver (victim) that their email address is the winner of a price money of one Million, Five Hundred Thousand (USD$1,500,000.00) Dollars. Winners shall be paid and must be claimed within 10 days of the draw notification. The masquerader then requests the victim (email receiver) for the following details: Full Name, Telephone Number, Batch Number, Reference Number and Wining Number and more. See Figure 2 and Figure 3 above.

How do I Stay Safe?

If you are the receiver of the email scam, CERT Vanuatu advice that you execute the following minimal precaution steps:

  1. Do not click on any email attachment or links provided in the email.
  2. Report the incident to CERT Vanuatu on This email address is being protected from spambots. You need JavaScript enabled to view it..
  3. Delete the email.
  4. Share the advisory and precaution steps among users in your organization and communities for awareness purposes.
  5. For more information and safety and awareness tips, see Online Advisories & Alerts.

Best advice:

Be vigilant while surfing the Internet and accessing your emails. There are similar types and forms of email scams randomly circulated and sent out. Please refer to the above “How do I Stay Safe?” precaution steps to ensure your safety online.

  1. Download advisory (English): Email Scam Alerts - Advisory
  2. Download advisory (French): Attention - Arnaque par Courriel
  3. Download advisory (Bislama): Imel Skam Alet