Friday, February 10, 2012

The Traveler Scam

I received a call from a friend recently. Let’s call her “Mable” just because I think that name is funny. She excitedly explained that her email account had been hacked. Someone using her name sent email to all her fiends in her Contacts list telling them that she, Mable, was stranded in London and needed money. We have seen quite a bit of this lately.

The message from “Mable” read, “I'm stuck in London, England right now, I came down here for a short vacation then i was robbed, worse of it is that bags, cash and cards and my cell phone were stolen at GUN POINT, it's such a crazy experience for me, I need help flying back home, the authorities are not being 100% supportive but the good thing is i still have my passport and return ticket but currently having troubles paying off the hotel bills and also getting a cab to take me to the airport.  Please i need you to loan me some money, will refund you as soon as i'm back home, i promise.All i need is ($900 USD) but dont know how much you would be able to spare..we will be waiting to hear back from you on how you can get the fund to me please.”

The “stranded” person asked Mable’s friends to wire the money to them via Western Union. Some recipients of this kind of message might be a bit skeptical of the claim and might ask a question or two to make sure it is really their friend who is stranded. Because the scammer has access to your web-based email account, they can often search for details and be quite convincing.

Here is the anatomy of this scam:  First, a scammer hacks into a random webmail account. There are various ways of doing this such as a webmail phishing scam attack. In such attacks, the scammers will send out large numbers of bogus emails that try to fool users into providing their webmail account login details. Unfortunately, at least a few of the recipients fall for the ruse and submit their webmail details to the scammers. Once he has access to your account, the hacker will usually change your password and lock you out of your own account.

Next, the scammer sends a version of the “stranded” story to everyone in the “Contacts” list. Of course, many friends know you well enough to know when you are in town or not but some people just want to help and fall for the trap.

If you find yourself locked out of your own email account, you may be a victim of this scam. The only thing you can do is call your email provider and get them to assist you. If you’ve not yet been scammed, just remember that your email or Internet provider will never, ever ask you for your email login credentials.  So, be skeptical of anyone claiming to be a representative of AT&T or Comcast or whoever your provider is. Be even more skeptical of anyone asking for money. Besides me, of course.

No comments: