The messages claim that recipients have been randomly selected to receive £2,598,000.00. The emails say that to receive the grant they must make contact with the organization, which will reply with further instructions. But the emails, which claim to be sent from the "Diana Memorial Foundation," are not connected with the genuine Diana Memorial Fund.
Researchers from IT security firm Sophos said the emails are a variant of the commonly-encountered "letter from Nigeria" scams, also known as 419 Advanced Fee Fraud. These emails fool innocent users into believing that a large amount of money will be transferred into their bank account, but are really designed to steal information about the user's bank account or demand a "handling fee" for the money transfer.
"This email scam campaign is abusing the memory of one of the world's most famous women in its attempt to steal money from the unwary. Everyone should be suspicious if they are unexpectedly told they are about to receive a fortune," said Graham Cluley, senior technology consultant for Sophos. "Alarm bells should instantly ring when recipients see that they have to contact the supposedly legitimate organization via a Yahoo email address, but some may find the promise of riches makes them blind to the danger."
Sophos noted that the email refers to the name of a genuine employee of the real Diana Memorial Fund inside the message.
"Using the name of a genuine employee of the Diana Memorial Fund in the email may be an attempt to give the message greater credibility for anyone who searches for more information on the web," added Cluley.
"However, the postal address given in the email is not that of the real charity."