Help! Trapped in London….

by techtiptom

Originally posted on on 08/15/2011

Received this e-mail from my brother-in-law last week:

“How are you doing? I and my family came over to England(UK) for a short vacation. unfortunately,we were mugged at the park of the hotel where we stayed,all cash, cell phones and credit card were stolen off us but luckily for us we still have our passports with us.”

“We’ve been to the Embassy and the Police here but they’re not helping issues at all and our flight leaves tomorrow but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills. Please I really need your financial assistance..Please, Let me know if you can help us out?”

“i will be waiting to hear from you.

First thing I noticed was the grammar and punctuation was wrong. He is a highly educated man, he would never make these simple mistakes. And when I clicked the reply button, an entirely different e-mail address popped up, not his….

Imagine that you receive an email from a friend or relative claiming that he or she is stranded in a foreign country and desperately needs your help to get home. The email originates from the friend’s real webmail account and may even include the same email signature that your friend usually uses when emailing you. Thus, you might be inclined to believe that the email was legitimate, at least at first glance. However, the emails are a clever scheme by Internet criminals designed to trick people into sending them money.

This scam has two distinct steps. The first step requires the scammers to hack into a random webmail account. There are various ways that the scammers manage to achieve this, including using a webmail phishing scam attack. In such attacks, the scammers will send out large numbers of bogus emails that try to fool users into providing their webmail account login details.

Unfortunately, at least a few of the recipients of such phishing emails will fall for the ruse and submit their webmail details to the scammers. Armed with these details, the scammers can then login to the compromised accounts and begin part two of their nefarious scheme.

Once they have hacked into an account, the scammers can then send an email with the false claims about being stranded and in need of money to all the email addresses included in the account’s address book. Since the messages are being sent from the hacking victim’s own webmail address and are likely to include his or her real name and email signature, at least a few recipients are likely to believe the claims in the email. Of course, many will quickly realize that something is not right. They may know for a fact that their friend has not travelled overseas as claimed or they may suspect a fraud attempt. But even if only one contact in a large address book falls for the ruse and sends money in the belief that he is helping a friend in dire need, the scheme will work and truly pay off for the scammers.

I have seen many different versions of these scam attempts. Names and other details differ depending on who’s webmail account the scammers have hijacked, as do the countries where the “friend” is supposedly stranded. The amounts of money requested in the messages may also differ. But, in spite of such superficial differences, all such messages are versions of the same basic scam. Sadly, many people have become victims of this scam and lost money to these criminals.

Be wary of any email that you receive that asks you to wire money, even if the message appears to come from a friend. Moreover, users of webmail should make sure that their account details are as secure as possible, and be wary of possible phishing scams designed to steal their webmail account details. Many people may have several webmail accounts, some of which are not often used. Thus it is a good idea to check all webmail accounts regularly to ensure that they have not been compromised.