I write this post to alert you all to a new form of scandalous cyber scam. Last night, at 7:30pm, I received this email below directly from the address of a good old friend, Elisabeth, from the United States. It was a bulk mail as my email address was not visible. Nor was the message personalised to me.“Hello,I’m writing this with tears in my eyes,I came down here to London,England with my family for a short vacation and i was mugged at Knife point last night at the park of the hotel where i lodged all cash,credit [sic] cards and cell were stolen off me.I am even owing the hotel here,the [sic] hotel manager won’t let me leave until i settle the hotel bills now am freaked out.So i have limited access to emails for now, please i need you to lend some money so i can make arrangements and return back I am full of panic now,the [sic] police only asked me to write a statement about the incident and directed me to the embassy,i [sic] have spoken to the embassy here but they are not responding to the matter effectively, I will refund the money back to you as soon as i get home, I am so confused right now and thank God i wasn’t injured because I complied immediately.I await your respondRegards Elisabeth”I was clearly surprised by the way the note was written with its poor typing as I know Elisabeth to have impeccable English and great typing skills. But, putting it down to the stress of the incident, I was prepared to overlook the English and believe the story — the fact that I am based in Paris made it reasonable to have sent me the mail, I thought. I was on my iPhone in a conference and so I blithely replied wondering how we were supposed to connect. The so-called Elisabeth then replied with a second mail:“the muggers took my phone as well and i wish i could call you but i can’t because i didn’t have access to phone at the moment,I have nothing left on me and i’m grateful to God that i still have my life and my passport cos it would have been worst if they made away with my passport.I am full of panic now and i will be glad if you can help me outElisabeth” [sic]
This second mail was too much and as I prepared to ask the person to prove that she was indeed my friend Elisabeth, I received a third mail:
“all i need now is money…760pounds,let [sic] me know if you can lend me the money and i will instruct on how to get it to me
Once I had connected with Elisabeth to discuss the scam, I discovered that the person had taken over her email entirely and had also managed to divert Elisabeth’s mobile telephone number (it was reconfigured by this perpetrator not to accept incoming calls!).
Notwithstanding my “give me proof” mail, I sent a final message asking for details to wire money… And, after midnight last night, this was the mail I received:
“You can wire it to my name via Western union so that i can use my passport for verification here western union outlet here in London
This is the details you need at western union location below –
Name – Elisabeth & FULL LAST NAME
Location – 30 Leicester Square London United Kingdom WC2H 7LA
Kindly visit www.westernunion.com/locator to search for an agent location near you.I shall have your money reimbursed immediately on my return.Thank you so much,Please once you are done sending me the Money please help me scan a copy of the Western union receipt or help me write out the Money transfer control number (MTCN).
Different from the Nigerian “I’ve got money to give away” scam sent from some more or less creative email address, the ugly and scary components of this scam approach are the real email address, the nature of the supposed ordeal as well as the REAL TIME element.
My first reaction on getting home was to change my passwords. I suggest that we all do the same. Cyber theft is a very real threat and a super hassle to undo. Please do pass this message along among your friends to make them aware. If I get any further updates from Elisabeth, I will be sure to post.
Add-on (noon on 14 Jan 2010): I googled this nasty email and have found, as you can imagine, others posting on this same scam already. Evidently, this scammer has been working this since late last year (early November)… Here is just one reference: La Shawn Barber’s Corner;
The bigger question is what to do if this happens to you and how to avoid your account getting kidnapped? I read in one forum for a compromised gmail address about filling out the account recovery form… which apparently takes multiple tries before succeeding. I quote from the above-mentioned forum:
“Keep trying the account recovery form. People have reported success after multiple tries. And just-in-case… This page will help you through the account recovery process: http://mail.google.com/support/bin/answer.py?hl=en&answer=46346
For information about account recovery (includes a link to the Account Recovery Form) see: http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=117219.”
And, further advice from 9News.Com on how to avoid having your account compromised:
“To avoid being a victim to this type of crime, Cyopis recommends:
– Don’t use the same password for multiple accounts and change the passwords regularly.
– Use longer passwords. Shorter passwords are more easily compromised.
– Monitor your financial and personal data regularly.
– Make certain your computer has a good firewall and security program.
– Limit your personal information on social Web sites.
– If you get an e-mail that doesn’t look right, ask more questions and believe less.”