Due to a new scam going around and worryingly working quite well, this article is designed to highlight what it is, how to avoid it and also how to recover from it.
Inspiring this post is an email I received from a friend based in the US at around 3am local San Francisco time (conveniently!) It’s a new type of scam/threat that was recently reported on in the London Evening Standard. The scam involves getting into an email account and emailing all contacts a sympathetic request for money due to being mugged while travelling (click images below to see larger version):
What’s dangerous about this scam is the following:
1) The email is personalised, signed from the first name of the person that owns the email account
2) The “reply” email address is an email account setup for this specific scam which uses the same email suffix as your account! For example, if your address is firstname.lastname@example.org, it will automatically create an account called email@example.com and send all replies to that account. This means the scammer can co-ordinate receiving money from a different email account which looks like the real owners!!!
3) In extreme cases, the reply email address will be the persons original email address but they would have been locked out of their account. This is even more dangerous as the person sending money verifies whether it’s real by emailing to ask!
4) Friends vulnerable asking for help is a great way of getting some quick bucks
The world we live in is actually more friendly and trusting than you may think. According to the Standard post, someone within security in the Armed Forces coughed up over €500 for his friend in need without spotting it was all a bit hoax.
In the case where the hacker gets in and simply emails your contact list, you can see this has happened by looking in your sent mail which will show all the outbound emails. The easy remedy is to email all your contact list explaining whats happened (and of course change your password to something complex! See post on security of passwords..!)
If you’re locked out your account, it’s a little worse. You will need to get in contact with your email provider with legal identification in order to get your account reset as the hackers change the security and recovery options on the account as well.
For more advice please feel free to email me (joshuasugarman@[removethis]gmail.com)
Tweet me @thejsug !