At Scam Detectives HQ we’re always keen to help a friend in trouble. If they really are in trouble that is….
This morning we received an email from one of our clients which read as follows:
I’m really sorry to reach out to you this manner and I’m sorry for not informing you about my urgent trip to Scotland. I am here for a Seminar and to complete a project.
I want this issue to be confidential between You and I because I don’t want people to get worried about my situation.
Everything was fine until I got robbed on my way back to the hotel and I lost my Wallet, mobile phone and some valuables during this incident. I had to block my account and bank cards immediately.
I am facing a hard time here because I have no money on me to clear Hotel bills and some expenses. I’m sending you this message because I need your help with a loan of £3350 to pay up the bills and make arrangements to get back home.
Am sorry for the inconvenience this message might cause you but please understand that am in a very bad situation right now and would appreciate if you could help me out.
So, can’t we help him out?
Apart from the obvious problem that we simply don’t have £3,000 lying around to help out a friend in need, it’s a scam anyway.
It’s called the stranded traveller and to make it work, the scammers only need two things:
1) A compromised email account
This is where it all starts. A moment of carelessness, using a public wi-fi hotspot, library computer or cybercafe, forgetting to log out of webmail, or (even if you never check your email away from home) having an easy to guess password and the scammer’s in. Once your email account is compromised, the scammer has access to all of your contacts and will send out their approach as shown above.
2) At least one supportive friend with cash to spare
If just one of your friends agrees to help you out, the scammers are in the money! Now, you might think, bearing in mind the terrible grammar contained in the email, that someone who knows you wouldn’t fall for it. But, it’s human nature to want to help, and someone panicking about your well-being will probably overlook the wording/spelling/grammar, putting it down to you being upset about the situation you’ve found yourself in.
If they believe that you’re stranded in (as the email claims) Scotland, they’re not going to call you at home. The email also states that your mobile was stolen, so they’re not going to call you on that either. So the only way they can contact you is via email. If they reply, the scammer will respond giving them instructions to send the money via Western Union to an office in Scotland. BUT, Western Union payments can be collected anywhere, so your friend will have no way of knowing where the money was collected, and the first you’ll know about it is when they start asking you to pay back the loan.
What other problems does this cause?
Apart from the risk of your friends and associates sending money and being ripped off themselves, having your email account compromised can cause massive problems for you.
You’ll need to check that your computer isn’t infected with a backdoor virus, keylogger or other malware that has led to your password being compromised. Run a full virus scan and deal with any infections BEFORE you log in to any other online services.
You probably use your email address to access online banking and social networking, and you’ll need to update your passwords with these services immediately and check that they haven’t been compromised by the scammer. Going forward, you’ll also have to keep an eye on your credit rating to make sure that no products have been applied for using your identity.
You may also use shopping sites like Amazon and Play.com, which store your payment details so you can order stuff quickly and efficiently. If you do, you’ll need to check that these accounts haven’t been compromised and change your passwords, otherwise your friendly scammer could be ordering pretty much anything in your name and having it delivered anywhere in the world.
All of this can take considerable time and effort on your part, and there’s always the risk that you’ll miss something and find that you still fall victim to other forms of online fraud. It’s better to make sure that you’re not put in that position in the first place if you possibly can!
So, how can you protect yourself?
1) Be very careful when using public computers or networks to log in to your email or other subscription services. There’s a useful guide from “LifeHacker” on using public networks safely here
2) Make sure that you’re using a strong password that consists of numbers, letters and special characters (*, $, !, £ etc.) to make life difficult for hackers
3) Use a different password for every site you use.
4) If possible, don’t use webmail (hotmail/aol/yahoo/gmail) for sites that require a password. Once a hacker has control of your email account, they can request password reminders from the websites you use and compromise these accounts. Use your ISP email address for anything that requires a password.
5) Keep a list of the sites that you use somewhere safe offline so you know who you need to get in touch with if your email account is hacked
6) Keep a list of your contacts somewhere other than your webmail account, so you don’t lose them if your account is hacked
This may all seem like a lot of work, (and a pain in the arse!) and it is, but prevention is ALWAYS better than cure and a few minutes work now could save you long hours of running around if your account is ever compromised.