Another great scam email came today. I’m sure this will start a trend, so I will post it here for any others who are suspicious but Google before they question. It’s so interesting to see scams develop, I enjoyed this, it was a valiant effort leading to another fail. The email was from a friend of mine, for this example we’ll say his name was John Smith. The email came from Johns account, firstname.lastname@example.org, the email address was his. The subject line read, “Emangency—John Smith!!!”. My friend is a very intelligent man, and can certainly spell emergency. That’s what triggered my initial suspicion before even reading the email. The email read as follows:I am writing you in a tensed mood and urgently require your kind aid asap,I came down here to Spain, for a short vacation unfortunately i was mugged at the park of the hotel where i stayed,all cash,credit card and cell were stolen off me but luckily for me i still have my passports with me.I’ve been to the embassy and the Police here but they’re not helping issues at all and my flight leaves today but am having problems settling the hotel bills and the hotel manager won’t let me leave until i settle the bills,
pls let me know immediately, pls hurry
SIGNATURE LINE REMOVED FOR SECURITY
So one, I knew my friend was in fact not in Spain. Two, he would not put his name in the subject line. Three, no one says tense mood. Though the email came from a legit source, it shows that scams can even come in the form of an email from a friend. And what if I had responded? Well, the reply-to address was email@example.com. What is the reply to address? The reply to address is simply the address that the mail will be sent to if I hit reply from my email. So my response would go straight to the hacker who would then no doubt ask for a wire transfer of money.
Simple resolve, I texted my friend, who had already seen it from a family member. A simple password change to remedy the situation.
The moral of the story? Email accounts are not secure and can be hacked through things like facebook and apps that collect you data and allow you to log in to accounts through their interface. Always use “medium strength” passwords. Medium strength passwords are generally 8 characters and include at least one capitol letter, one small letter, and a number.