How one of the oldest and most profitable email scams went back to its snail mail roots.

by Tim Leogrande, BSIT, MSCP, Ed.S.

🗓  JUNE 11 2026 • 15 MIN READ

A couple of months ago, a relative showed me a suspicious letter that she received in the mail and asked for my opinion about it. The letter was from James Remick, a principal partner with the law firm of Remick & Lexcor LLP of Toronto, Canada. Mr. Remick said he was writing on behalf of the late Dr. Anthony Leogrande, a real estate investor and precious stone dealer who had apparently died of COVID-19 and left behind an unclaimed life insurance policy worth over $11.5 million. Since no one had come forward to claim the money, and since my relative shared the same surname as the late doctor, Mr. Remick said he was prepared to add her name to the life insurance policy and split 90% of the proceeds with her (with the remaining 10% going to an unspecified charity).

I've been in the security profession long enough to have seen dozens of similar messages, but there was something personal about this one because it used our family name and it arrived via the U.S. Postal Service. The letter’s author presumably scraped our surname from somewhere on the Internet and appended it into a preexisting template. He then fired off a targeted phishing letter on what appears to be official letterhead, complete with a hand-stamped corporate signature block and a scales of justice logo.

The letter. Notice the official-looking letterhead, ludicrously long reference number, and the corporate signature block. I’d like to believe that the scales of justice were added ironically, but I doubt it.

The letter. Notice the official-looking letterhead, ludicrously long reference number, and the corporate signature block. I’d like to believe that the scales of justice were added ironically, but I doubt it.

This letter is an example of what the information security profession calls an advance-fee scam. It’s also referred to as a 419 scam, after Section 419 of Nigeria’s Criminal Code, which criminalizes this kind of fraud in that country.

According to the FBI,

“An advance-fee scheme occurs when the victim pays money to someone in anticipation of receiving something of greater value — such as a loan, contract, investment, or gift — and then receives little or nothing in return.”

This particular version of the scam has been around since the 1980s, when it was sent via postal mail or fax machines, but it really exploded in the early 1990s when the Internet and electronic mail became popular.

Other variations of advance-fee scams include the Spanish Prisoner (my personal favorite) and the Black Money Scam. The Internet Crime Complaint Center (IC3) ranks advance-fee scams among the top fraud categories of all time by victim loss. The 2023 IC3 report put total losses in the U.S. from advance-fee and related confidence schemes at over $650 million.

A newspaper clipping from 1904, describing an attempt to swindle a Pennsylvania man using the Spanish Prisoner advance-fee scam.

A newspaper clipping from 1904, describing an attempt to swindle a Pennsylvania man using the Spanish Prisoner advance-fee scam.

What makes the letter noteworthy from a technical and social engineering perspective is that it doesn't ask for any money upfront. That’s clever because early versions of the scam were clumsy and tried to set the hook prematurely by asking for the mark’s banking details in the first paragraph. This letter first builds rapport and tries to create an impression of legitimacy before attempting a solicitation. The request for "consent" is buried near the end, and it’s almost servile: "I will provide all the relevant documents to substantiate your claim as the beneficiary."

One detail that should stop any reader in their tracks is the claim that Remick can simply "add your name to the policy" as a beneficiary. That’s not how life insurance works under any official or legal framework anywhere. Beneficiary designations on a life insurance policy are established by the policyholder while they are still alive. Once that person dies, the designation is frozen.

<aside> 💡

I think most people intuitively sense that a lawyer can't simply contact an insurance company and add a beneficiary to a deceased person’s policy. But the letter uses enough authoritative-sounding language that this absurdity could slip by on a first reading.

</aside>

The letter also contains several grammatical errors, and I’m not pointing that out as a nitpicking academic. Scam letters and emails are often poorly written, and there’s some professional debate surrounding whether that’s intentional. The theory, supported by research from Microsoft’s anti-spam team, is that obvious errors in grammar, mechanics, usage, and style often function as a self-filtering mechanism, weeding out skeptical readers and leaving only the most vulnerable marks in the fraud pipeline.

Whether Remick’s sloppy writing is strategic or simply careless is hard to say, but it’s impossible to miss. He alternates between uppercase and lowercase “i” as a first-person pronoun. And the sentence, “I decided to contact you after series of attempt to locate members of a deceased family,” is so noxious that it probably killed the neighbor’s dog on its way to the page.

No licensed attorney at a legitimate Toronto law firm is sending out letters that read like they were run through a translation engine and then proofread by a native speaker who recently suffered severe head trauma. The letterhead looks somewhat professional, but the language doesn’t. That gap between presentation and execution is one of the most reliable signs of fraud.