I got a call early last week from a customer who found out from friends that the following e-mails were coming from her e-mail account:
I’m writing this with tears in my eyes, I traveled to Tarragona in Spain for a program and unfortunately for me i was robbed on my way to the hotel. Cash, cell-phone and credit cards were also taken from me. I am so confused right now, I don’t know what to do or where to go. So I have access to only emails.
I’ve been to the embassy and the Police here but they’re not helping issues at all,they asked me to wait for 3weeks but i can’t wait till then.The hotel manager won’t let me leave until i settle the hotel bills.Please can you lend me €1,350 Euro so i can pay for my bills and also arrange for my flight back home. As soon as I get home I would refund it immediately. Please I need you to get back to me so I can let you know how to send the money to me.
I’m looking forward to hearing from you.
Clearly this was a Phishing scam at work. I juggled my schedule and got to her house as soon as I could. I discovered that her Yahoo Mail account has been hacked in some very interesting ways. First the reply to address was changed to one that ended in .ca rather than .com which is what her’s ended in. That way when people replied to the above e-mail, it would go straight to the scammers. Next they redirected anything that was destined to her inbox to a mobile device like a Windows phone or an Android phone. Third they had a e-mail sorting rule set up to send items to the trash. Fourth they added a secondary e-mail account to replicate e-mail to. Finally, they deleted her address list.
Now it took me a while to undo all of that. But in the process of that I was interested in how long this might have been going on. Yahoo Mail has a feature that shows you the login history of the account. What I saw didn’t surprise me. Since April, someone was accessing this person’s e-mail account from Nigeria. Of course Nigeria is the world capital for Internet based scams which are referred to as 419 scams because of the Nigerian Criminal Code section that covers this crime. The problem was that this person was about to go on a trip and had been booking her trip online and having everything related to it coming to this Yahoo Mail account. Thus I was afraid that other accounts could have been compromised. As it turned out, her Visa card had unauthorized transactions on it. Not good. As a result, that’s been corrected by getting a new card and all her online accounts such as shopping sites and airline sites had their passwords changed. The customer also contacted them to watch for any other “interesting” activity going forward. Finally she changed her password for her Yahoo Mail account to a much stronger one.
So, what do you do if you’re in this situation? You need to act immediately to protect yourself. You should also make sure that nothing else has been hit by the same people who hacked your e-mail. Finally, you need to make sure that none of the people on your contact list are going to send money to the scammers. The latter is important as one of this customer’s friends had just finished withdrawing money to send to her. Had my customer not stopped them, the scammers would have scored.
And that’s why these scumbags do this. If they get one person to fall for this, they score. Do yourself a favor and don’t be their next victim.
A Customer Gets Hit By Nigerian Scammers…. Be Warned!
Posted in Commentary, Security with tags 419 scam, Hacked, Nigeria on June 4, 2012 by itnerdI got a call early last week from a customer who found out from friends that the following e-mails were coming from her e-mail account:
I’m writing this with tears in my eyes, I traveled to Tarragona in Spain for a program and unfortunately for me i was robbed on my way to the hotel. Cash, cell-phone and credit cards were also taken from me. I am so confused right now, I don’t know what to do or where to go. So I have access to only emails.
I’ve been to the embassy and the Police here but they’re not helping issues at all,they asked me to wait for 3weeks but i can’t wait till then.The hotel manager won’t let me leave until i settle the hotel bills.Please can you lend me €1,350 Euro so i can pay for my bills and also arrange for my flight back home. As soon as I get home I would refund it immediately. Please I need you to get back to me so I can let you know how to send the money to me.
I’m looking forward to hearing from you.
Clearly this was a Phishing scam at work. I juggled my schedule and got to her house as soon as I could. I discovered that her Yahoo Mail account has been hacked in some very interesting ways. First the reply to address was changed to one that ended in .ca rather than .com which is what her’s ended in. That way when people replied to the above e-mail, it would go straight to the scammers. Next they redirected anything that was destined to her inbox to a mobile device like a Windows phone or an Android phone. Third they had a e-mail sorting rule set up to send items to the trash. Fourth they added a secondary e-mail account to replicate e-mail to. Finally, they deleted her address list.
Now it took me a while to undo all of that. But in the process of that I was interested in how long this might have been going on. Yahoo Mail has a feature that shows you the login history of the account. What I saw didn’t surprise me. Since April, someone was accessing this person’s e-mail account from Nigeria. Of course Nigeria is the world capital for Internet based scams which are referred to as 419 scams because of the Nigerian Criminal Code section that covers this crime. The problem was that this person was about to go on a trip and had been booking her trip online and having everything related to it coming to this Yahoo Mail account. Thus I was afraid that other accounts could have been compromised. As it turned out, her Visa card had unauthorized transactions on it. Not good. As a result, that’s been corrected by getting a new card and all her online accounts such as shopping sites and airline sites had their passwords changed. The customer also contacted them to watch for any other “interesting” activity going forward. Finally she changed her password for her Yahoo Mail account to a much stronger one.
So, what do you do if you’re in this situation? You need to act immediately to protect yourself. You should also make sure that nothing else has been hit by the same people who hacked your e-mail. Finally, you need to make sure that none of the people on your contact list are going to send money to the scammers. The latter is important as one of this customer’s friends had just finished withdrawing money to send to her. Had my customer not stopped them, the scammers would have scored.
And that’s why these scumbags do this. If they get one person to fall for this, they score. Do yourself a favor and don’t be their next victim.
1 Comment »