How to identify scam emails like "Consignment Box"

Also Known As: Consignment Box phishing scam
Damage level: Medium

What is "Consignment Box"?

Upon thorough examination of the email, it has become apparent that it is a classic example of a fraudulent scheme, masquerading as a message from a diplomat delivering a substantial sum of money. Typically, scammers behind such emails aim to extract money and (or) personal information from unsuspecting recipients.

Consignment Box email scam

More about the "Consignment Box" scam email

This email purports to be from a person claiming to be Diplomat Mark Wilfred, informing the recipient of their arrival at Dallas/Fort Worth International Airport in Texas with two boxes of consignment worth $9.5 million. The sender asserts they were instructed by ECOWAS to deliver the funds.

However, they claim to face delays due to the absence of a yellow tag required by airport authorities, which can supposedly be obtained for $100. The email urges the recipient to contact the sender urgently via phone or text, providing contact details.

It requests personal information, such as full name, phone number, delivery address, and nearest international airport, under the guise of facilitating the delivery process. Additionally, the sender requests payment of $100, either directly or in the form of an iTunes gift card, to cover the cost of the yellow tag.

The letter stresses the urgency of the payment, claiming it will enable the immediate delivery of the funds. It provides an email address and encourages the recipient to reply with the payment confirmation or iTunes card picture.

Victims who trust such emails can experience financial losses, as they may end up sending money or providing personal information to fraudsters. Moreover, they might become susceptible to identity theft or further scams, leading to prolonged financial and emotional distress.

Users should exercise caution and skepticism when encountering emails that make extravagant promises or demand urgent action.

Threat Summary:
Name Consignment Box Email Scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim A diplomat has arrived with boxes of consignment worth $9.5 million for the recipient.
Disguise Letter from a diplomat named Diplomat Mark Wilfred
Symptoms urgent requests for personal information or payment, unfamiliar sender addresses or domain names, spelling and grammar errors, and suspicious attachments or links.
Distribution methods Deceptive emails
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similar scam emails in general

Emails of this kind often share common characteristics, such as urgent requests for action or payment, promises of substantial financial rewards or benefits, and requests for personal information or unconventional forms of payment. They may also contain grammatical errors or inconsistencies in language and formatting.

Additionally, these emails often create a sense of urgency or fear, urging recipients to act quickly without taking the time to verify the legitimacy of the sender or the contents of the message. Examples of similar scams are "Abandoned ATM Master Card", "Overseas Partner", and "Donation To Charity Home".

How do spam campaigns infect computers?

Malware distribution through email involves cybercriminals sending emails with malicious attachments or links. The primary goal is to deceive users into interacting with these links or files, which, upon opening, can infect and compromise the victim's device. Pretty often, files in such emails are disguised as important documents (e.g., bank statements or invoices).

Common file types used for malware distribution include executable files (.exe), Microsoft Office documents (e.g., .doc, .xls, .ppt), PDF files, compressed archives (e.g., .zip, .rar), and JavaScript files (.js).

How to avoid installation of malware?

To minimize the risk of malware infections, prioritize downloading software and files exclusively from reputable sources like official websites and authorized app stores. Steer clear of pirated software and cracking tools. Exercise caution when handling email attachments and links, particularly if they originate from unknown senders or appear suspicious.

Keep your operating system, programs, and security tools up to date. Remain vigilant for any signs of suspicious links, pop-ups, or advertisements, especially when browsing dubious websites. Utilize reputable antivirus or anti-malware software and conduct regular system scans.

If you have already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Text presented in the "Consignment Box" email letter:

Subject: CALL ME OR TEXT ME URGENT (929) 456-3767

I’m Diplomat Mark Wilfred I have been trying to reach you about an hour now just to inform you about my successful arrived Dallas/Fort Worth International airport Texas with your two Boxes of Consignment Box worth $9.5M Nine Million Five Hundred Thousand Dollars which I have been instructed by ECOWAS to be delivered to you. The Airport authority demanded for all the legal back up papers to prove to them that the fund is no way related with drug money, I have presented the papers I handed to them and they are very much pleased with the paper's I presented but the only thing that is still keeping me here is the Yellow Tag which is not placed on the boxes, one of the Airport Authority has advise that we get the yellow tag so that I can exit the airport immediately and make my delivery successful. I try to reason with them and they stated the yellow tag will cost us just $100 Dollars only to get the two tag placed on the boxes as that tag will enable deliver today

Please try and reach me with my number (929) 456-3767 TEXT ME OR CALL ME as I can not afford to spend more time here due to other delivery I have to take care of. Here are the papers backing the funds together with my ID CARD as I can accompany you to your bank were you will deposit the fund successfully with these papers. I have all vital paper with me but I can only present you the hard copy when I reach your house as that it's the diplomatic rules, such as authorization to deliver.

Re-confirm to me your information urgent
Full Name...............
Correct phone number ...........
Delivery Address ..............
Your Nearest International Airport.............

You can direct the tag fee to our Head Office as they will get the Yellow Tag here for you authority. reply on my E-mail (diplomatmarkwilfred512@gmail.com) GET BACK TO ME WITH THE $100 NOW OR BUY $100 ITUNES CARD SEND ME THE PICTURE NOW


E-mail (diplomatmarkwilfred512@gmail.com)
CALL OR TEXT ME URGENT +1(929) 456-3767
Zangi messager 10-5935-1118

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Types of malicious emails:

Phishing email icon Phishing Emails

Most commonly, cybercriminals use deceptive emails to trick Internet users into giving away their sensitive private information, for example, login information for various online services, email accounts, or online banking information.

Such attacks are called phishing. In a phishing attack, cybercriminals usually send an email message with some popular service logo (for example, Microsoft, DHL, Amazon, Netflix), create urgency (wrong shipping address, expired password, etc.), and place a link which they hope their potential victims will click on.

After clicking the link presented in such email message, victims are redirected to a fake website that looks identical or extremely similar to the original one. Victims are then asked to enter their password, credit card details, or some other information that gets stolen by cybercriminals.

Email-virus icon Emails with Malicious Attachments

Another popular attack vector is email spam with malicious attachments that infect users' computers with malware. Malicious attachments usually carry trojans that are capable of stealing passwords, banking information, and other sensitive information.

In such attacks, cybercriminals' main goal is to trick their potential victims into opening an infected email attachment. To achieve this goal, email messages usually talk about recently received invoices, faxes, or voice messages.

If a potential victim falls for the lure and opens the attachment, their computers get infected, and cybercriminals can collect a lot of sensitive information.

While it's a more complicated method to steal personal information (spam filters and antivirus programs usually detect such attempts), if successful, cybercriminals can get a much wider array of data and can collect information for a long period of time.

Sextortion email icon Sextortion Emails

This is a type of phishing. In this case, users receive an email claiming that a cybercriminal could access the webcam of the potential victim and has a video recording of one's masturbation.

To get rid of the video, victims are asked to pay a ransom (usually using Bitcoin or another cryptocurrency). Nevertheless, all of these claims are false - users who receive such emails should ignore and delete them.

How to spot a malicious email?

While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:

  • Check the sender's ("from") email address: Hover your mouse over the "from" address and check if it's legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
  • Check for generic greetings: If the greeting in the email is "Dear user", "Dear @youremail.com", "Dear valued customer", this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
  • Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don't click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0... you shouldn't trust it. It's best not to click any links in the emails but to visit the company website that sent you the email in the first place.
  • Don't blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it's a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.

To minimise the risk of opening phishing and malicious emails we recommend using Combo Cleaner Antivirus for Windows

Example of a spam email:

Example of an email spam

What to do if you fell for an email scam?

  • If you clicked on a link in a phishing email and entered your password - be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there's a chance that criminals won't have enough time to do any damage.
  • If you entered your credit card information - contact your bank as soon as possible and explain the situation. There's a good chance that you will need to cancel your compromised credit card and get a new one.
  • If you see any signs of identity theft - you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
  • If you opened a malicious attachment - your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using Combo Cleaner Antivirus for Windows.
  • Help other Internet users - report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Crooks send identical letters to thousands of recipients in the hopes that someone will be duped. These spam emails lack personalization and are mass-distributed.

I have provided my personal information when tricked by this email, what should I do?

Based on the details shared with scammers, consider reporting the scam to appropriate authorities or organizations, keep a close watch on your online accounts for any signs of suspicious activity, and reach out to your bank or financial institution if needed.

I have downloaded and opened a malicious file attached to an email, is my computer infected?

If the file you have opened is executable, it is probable that malware has already infiltrated your system. However, you may have evaded infection if it is a document such as a PDF or Word file. Simply opening these documents does not always result in malware infiltrating your system.

I have sent cryptocurrency to the address presented in such email, can I get my money back?

No, cryptocurrency transactions are typically irreversible, so it is unlikely you will be able to retrieve your money.

I have read the email but did not open the attachment, is my computer infected?

Simply viewing an email does not pose a risk. However, interacting with links or opening attachments within the email could lead to a system infection.

Will Combo Cleaner remove malware infections that were present in email attachment?

Although Combo Cleaner is effective against many known types of malware, some advanced threats may remain hidden deep within your system. Therefore, performing a full system scan is essential to thoroughly detect and remove any concealed malware.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

QR Code
Consignment Box phishing scam QR code
Scan this QR code to have an easy access removal guide of Consignment Box phishing scam on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.