An emergency? I think not!

Hubby and I woke up this morning to an email sent by a friend, text below:

“Subject: an emergency:

How you doing? I made a trip to Scotland (United Kingdom) unannounced some days back, Unfortunately we got mugged at gun point last night! All cash, Credit card and phone were stolen, we got messed up in another country, stranded in Scotland, fortunately passport was back in my hotel room. It was a bitter experience and i was hurt on my right hand, but would be fine. I am sending you this message cos i don’t want anyone to panic, I want you to keep it that way for now!Our return flight leaves in a few hours but I’m having troubles sorting out the hotel bills, wondering if you could loan me some money to sort out the hotel bills and also take a cab to the airport about ($2200.00). I have been to the police and embassy here, but they aren’t helping issues, I have limited means of getting out of here, we canceled our cards already and made a police report, I won’t get a new card number till I get back home! So I really need your help. I don’t have a phone where i can be reached. please let me know immediately,would definitely refund it to you once we arrive! Hopefully tomorrow Hope to hear from you soon Thanks for your help love to all

(name removed)”

Now we knew that this friend was NOT in Scotland as we had dinner together only two days ago. A short phone call to check his well being and a bit of internet research on my part and it was quickly clear that it was a scam. Here is what happened:

Somebody got hold of his login details to his email account, changed the password and sent the email above out to everybody in his address book.

The scary part was, that this person continued to monitor the incoming emails and answered them in the name of our friend. This made it VERY convincing to some people, that it was really him. Additionally the scammer also had access to all emails saved in the account, giving him/ her ample background information about his / her potential victims.

This hacker attack seems especially aimed at free email accounts like Yahoo, Gmail, Hotmail and the like. Our friend still tries to find out how and by what means the hacker-cum-scammer gained access to his email account. There are basically two ways how that can have happened

a) When using a public / shared computer that was infected with malware / spyware or the like. Or

b) His own computer was infected, meaning that also other sensitive information like online banking etc might be in danger.

We tried to help us much as we could by sending warning emails to mutual friends informing them that he is well, at home and doesn’t need any money and by encouraging him to get his computer checked by a professional.

I am posting this to warn as many people as possible that this ?new? scam is making its way around the internet and to warn as many people as possible. If you want to learn more about scam, and even want to help to fight them, here is a good place to start to fight scam.

Stay safe, and be careful out there on the internet!

If you like this blog post and found it helpful, why not share it with your preferred social network? Handy links and bookmarklets above ^^^ 😉

38 comments to An emergency? I think not!

  • Arafat Hossain Piyada

    That another scary message I read within 20-25 days. I’m currently concentrating on web security issue and I myself get countless email about lottery and bank transfer. This is the first time I hear this type of email. You choose a right path by telling us about it.

    • hospitalera

      Yes, it was very convincing and that makes this kind of scams more dangerous then the usual “you send me $5000 and I send you $500000000000 back”. SY

  • *lynne*

    I was told that this had happened to a friend of one of my Malaysian friends; thing is, the friend-of-friend was off traveling, or had forgotten her handphone, something like that, when the “emergency email” went out so she was in fact legitimately uncontactable for a while, but it had many people very worried. To me, the good English would have been a good indicator that it’s not a regular Malaysian doing the typing :p

    • hospitalera

      In our case the bad English with a hint of American slang was the give-away. Our friend is a native English speaker of the very British variety! SY

  • Dana

    In indonesia, they use phone call to scam people like this. And there are many people lost their money because of it.

    • hospitalera

      That is even more frightening then an email because it causes an even greater feeling of urgency, SY

      • Vi

        A lot of people are providing to much personal information on the web, especially in social networks (facebook. myspace and etc) you can find addresses, phone numbers and in a lot of cases this info accessible to everybody.

  • Karen

    Whew! I can rest easy.

  • turisuna

    It’s remind me of a stranger who called me few months before, he said that my brother got accident and then he asked me to send some money to pay the hospital. of course at first I felt panic with this call and imagined what happened to my brother. But then I called his office and asked about his condition, and his friend said that my brother was fine, nothing happened to him. It was a phone scam, lucky me I didn’t send the money yet.

  • hospitalera

    Note to readers, I read the blog post in question at the end of the day rather superficially, when I was tired and not very attentive, for the rest, see my comment below, SY

  • Jimmy

    We like to think that we are all impervious to these Internet scams and that they would not catch us out but the trust builder here is that the email is in the name of someone we know.

    One really interesting one I have seen as of late is not as malice because they do not try to extort money from you but do increase the open rate on their spam…..

    It is made to appear as though it comes from your address and is sent to you, it’s done in bulk using wildcards and has a subject such as “reminder” even though we know we didn’t email ourselves and we do feel like deleting it the fact it has come from your just peeks the curiosity enough to get you to click and view the spammy message inside. I’ve never clicked though yet but as far as their measured open rates go you can rest assure that they will have increased.

    Thanks for the heads up on this one, I don’t think I would fall for it personally but it does give you a snapshot of the inside of their mind and how they are thinking.

  • Udegbunam Chukwudi

    I actually got an alert from a friend of mine warning me not to pay any attention to any email I might receive “from him” asking for money. His yahoo account was hacked and the same thing above was sent out to everybody on his email list. Fortuantely for him a friend of his who’s studying with him called his attention to it.

    Day in day out, more sophisticated scams are been cooked uo and I just pray that I don’t fall for an elaborately set up one. Anyway, I quite paranoid about lending large sums of money or giving out my card/bank details, so I guess that could help me in a way!

  • Ann

    Tsk tsk tsk. What a pity for those who were victims of this heartless hacker. These people (spammers) should be locked away in a dungeon for years! Money is not easy to have, you have to work your butt in order for the people to eat and have a comfortable life. I couldn’t believe that a person like this can do such an awful act. Stealing away people’s privacy, dignity, money and time! This is a lesson for everybody to not believe immediately, they should weight the situation clearly like what the author of this post did.

  • Croatia expert

    Lately I have been received a trick mail from UPS, which apparently contains some kind of worm which would send out mails to your contacts – as sender is says UPS Manager xxxxx yyyy and subject is UPS Tracking Number 5554887 – the mail contains a ZIP called something like UPS_Invoice_NRxyz.zip

    The text in the mail goes like this

    “Hello!

    The courier company was not able to deliver your parcel by your address.
    Cause: Error in shipping address.

    You may pickup the parcel at our post office personally!

    Please attention!
    The shipping label is attached to this e-mail.
    Please print this label to get this package at our post office.

    Please do not reply to this e-mail, it is an unmonitored mailbox.

    Thank you.
    United Parcel Service.”

    As I receive the mail the first time, I was luckily not expecting any packet from UPS, so I got suspicious immediately and Google spam mail from UPS, apparently this was a problem already back in beginning of 2008, but I couldn’t find anybody, warning about recently having received this mail.

    So now you are warned, so please watch out,

    Brgds, Morten

    • hospitalera

      Yep, got the same one several times over, but as i never use UPS there was no danger falling for the scam and opening the attachment that contains the worm/trojan/virus etc. Thanks for the warning nevertheless, I am sure it will help one or more of my readers, SY

  • Croatia Expert

    @hospitalera, are you still getting the mail from UPS? i just received another one from them about 1 hour ago? It seams like they are very egor to spread this virus.

    Morten

    • hospitalera

      Remember, it is not actually UPS that sends these messages out, it is a hacker that masks as UPS! SY

  • Michael Cowell

    This was a really scary internet scam. I will send this link to all of my friends as a warning incase this will happen to my account ( hopefully not) cause I do open my email on some inter cafe shop. Thanks for this post

  • Croatia Expert

    @Michael Cowell, if you visit a proffesional run internet shop, you can open your mail with out any worries, ask if the have disk protection running or simular solution running, then you should have absolutly no problems using an internet cafe.

    Also another tip in relation to internet cafe, make sure that the have solution which would automatically sign you out from e.g. MSN when you logout from the system.

    Happy surfing, Morten

  • hospitalera

    Also having an up-to-date antivirus / anti-malware / firewall etc on your own laptop helps if you use an internet cafe with your own machine. In case you use one of their machines, better log manually out of everything you have logged in and also empty cache, bin, etc. SY

  • Frank C

    I’d guess that they probably picked up a keylogger somewhere along the way. There are a lot of these going around right now that are using an exploit in IE to work their evil magic.

    My son’s PC got hit with one this week because he clicked on a link in a chat from a ‘friend’ of his. It wasn’t the friend but the scammer. Now I’m in the process of reinstalling Windows XP on that PC and making him swear to only use Firefox from now on.

    • hospitalera

      Yep, Windows XP and Firefox are a great combo, even better would be a MAC with Firefox as a browser 😉 SY

  • charlie

    Wow, it was such a scam email…i have received many of them, stating that they need money asking credit card numbers, bank accounts…we should be aware of that to avoid phising.

  • heri

    I have received a lot of scam email.
    I don’t know how to avoid it until know.
    It’s really suck.
    I hope someone can find some how to avoid that, free charge of course 🙂

  • carolburnett

    It’s so scary and alarming more if these scammer or hacker got a victim on his fraudulent acts. This must be spread to all pc-users especially those who have online transactions. Thanks for sharing your experience. We should all be aware of this.

  • David Kotkin

    One simple and non-technical answer to your question is, change your password frequently. The hacker will get less chance to cause trouble.

    If I am not wrong then google shows you the last login time. If someone has hacked your account and logs into your account then this will change.

  • Jom

    I also read about another scam which involved sending mails to people in the address book of a person praising a company that sold real cheap laptops. This person became aware that his email account was been hacked when he received an email from his cousin who asked when he was going to get the laptop from the site he praised!

    The best way to fight this is I think to call the person in whose name such mails come and verify it.

  • Chris

    After working in the IT field for a while, its good to be aware of scams. Its amazing how the the spyware improved once the crooks discovered how to make money with it.

  • Rob

    You may not know somebody has been using your identity until you are turned down for a loan or rejected in a job interview due to a bad credit rating you didn’t know you had. And the longer it takes to detect fradulent activity, the higher the cost is for you to correct it.

  • King

    I’ve heard this type of fraud in the internet. can’t believe there is this kind of job. and further more I’m new to this. with no experience i might trapped in. well thanx for the warning.

  • Alberta Business Plans

    It’s done in bulk using wildcards and has a subject such as “reminder” even though we know we didn’t email ourselves and we do feel like deleting it the fact it has come from your just peeks the curiosity enough to get you to click and view the spammy message inside.

  • Jerin

    That is a scary story. Not only was the hacker posing as your friend and answering his mails but he/she was also trying to rip off his friends. I am sure that those friends will not take kindly to him once they realize that they have been scammed. Also how come your friend did not realize that his mail was hacked?

    And it’s also very scary that the hackers are way more advanced than the security that we are receiving for using e-mails etc. One of the best ways to prevent this is to frequently change passwords and other login info. And also try to switch to a dedicated server or mail.
    Thanks for bringing this up as a warning.

  • Josh

    Wow, this is a really clever scam. It’s getting scary how much more advanced the scammers are getting. It was easy to spot these things before when they were obviously fake and the spelling/language were a giveaway (i am ambassador to Nigerian Prince, i must wire you 65,324,120$ immediately!) But now with more advanced hacking techniques and grammatical language it’s getting much harder to spot the scams. I often find myself checking the email headers and image locations even on legitimate emails just in case.

  • John Allen

    I believe we all are missing two or three points here discussing security issues, first up your friend has to make sure that he wasn’t a phishing victim, which like he would have got an email looking like his best friend’s email address, he followed the link in it asking for his mail login details to access or anything like that, that would have sent the password to the hacker. I believe many people still become the victims of phishing, all they need to do is to completely avoid following links from emails which require you to login and another thing you guys can do is to see at the location bar of your browser, where it’s pointing to. If it’s a login page of facebook for example (I don’t remember the login page so it’s an example) : facebook.com/login.php then it’s fine but if its thisisanexample.com/facebook/login.php looking identical to Facebook’s login page then it’ll raise eyebrows.

    Also public computers or shared computers may have KEYLOGGERS installed which will track everything you type so it’s another factor to consider. And keep your computer safe by installing antivirus and FIREWALL (it’s in CAPS because not many people realize that antivirus can only remove the viruses but FIREWALL actually blocks viruses or any other hacker entering into your system, firewalls may be annoying for a new user using but it’s really good and can be beneficial because it asks for your approval everytime there’s an activity in your PC involving Internet for instance whether you want to allow your browser to access Internet etc).

    And yes…choose a strong password please! Not like your birthdate or your office location etc.

  • John Allen

    And yes, I forgot to share my own personal experience.

    I’ve a email address which I posted during commenting on a blog, now I made a mistake that blog didn’t require the email address but I still gave it…what it did was it made my email address public. And that page attracted quite a lot spam, ever since then I’ve received hundreds of spam emails in my inbox, some are claiming that they’re from Africa and are bank managers…have got millions of dollars bank a/c access and wants to share it with me…some emails are pretending to be from paypal asking for my personal information…

    One advice is that these spams are there to stay! We all have to be smart enough to not become victims of that. I personally prefer two email accounts, one solely personal or work keeping it safe from all the websites apart from some good ones and other for registering on blogs, subscribing to them or on forums where I’ve to register etc so my personal email address remains safe from all the spams. Because accept it or not…some of the forums or blog subscribers may give out your email address to spammers who will keep sending you dozens of such crap.

  • Brad

    This scam mail looks more on a professional and ingenious level than the ones we used to have two years back. I remember getting a scam mail sometime back from a Nigerian Queen saying that she wants to give away all her amassed wealth to me in return for my details. The mail even had pictures attached along showing a native village just to prove that it is genuine. Many people fall for these scam mails in the greed for easy money online, but what one must understand is that there is no “easy” money or “freebies” out there for you for just reading mails.

  • Jin

    You can be deceived, not only by email, but also on a cellular phone.
    In Russia now distributed the following method of deception. On the phone the victim send sms with a request to ring at the number listed, because with any relative of the trouble occurred. The man calls back to the specified number, and the call is charged, and very expensive. Trickster said indistinctly, incoherently, thus increasing the cost of the call.