This morning when I checked my inbox I found an email from the parent of one of The Pea's friends, entitled "I Need Your Help". Babysitter cancel on her? Does she need me to pick up her daughter? No problem.
The body of the email read:
How are you doing ? I hope you are doing fine, I'm sorry that I didn't inform you about my traveling to England for a Seminar. I need a favor from you as soon as you receive this e-mail because I misplaced my wallet on my way to the hotel where my money,and other valuable things were kept, I will like you to assist me with a soft loan urgently. I will be needing the sum of $2,500 to sort-out my hotel bills and get myself back home.
I will appreciate whatever you can afford to help me with, I will pay you back as soon as I return,I'm counting on you on this, Kindly let me know if you can be of help so I can send you my details to use when sending the money through western union.I look forward to read from you later today.
Your reply will be greatly appreciated.
It was signed with her name.
Now, I'm no fool. I wasn't about to head to the nearest Western Union. For one thing, they live in a big, beautiful house in Palo Alto, so I doubt if she'd need to turn to me for a couple of thousand bucks. For another, any friend would call instead of email. If anyone doesn't know that email is a blatant scam, I've got a nice bridge I'd like to sell you.
So I emailed her back, --typing in her email address directly into the "To" field, not replying to the scam email -- and let her know that some phisher was masking their "from" address and using hers instead.
Imagine my surprise when I received her response:
Thanks a lot for your response and concern,I really need the money and I will appreciate if you can send it today. You can send the money to my details below through western union transfer or money gram, all you have to do is go to the closest western union location or money gram with the money in cash and instruct the agent to wire it to my personal details below.
Name : My friend's first, middle and last name
Address: 327 Great Peter Street.
London. SW1P 3NQ
Please As soon as you send the Money I will like you to email me the 10 digits (Mtcn) Numbers and all the details used in sending the money to me, I am counting on you okay.
I look forward to read from you later today.
Again, it was signed with her name. The email really was sent from her email account!
So I tried to call her home and mobile number, but couldn't reach it. I called her husband's mobile and he told me that someone had indeed gotten hold of her email account (she can't access it now) and was spamming everyone on her address list. The hacker stole her credit card information as well, and charged $4000 to her card.
Ick! Ick! Ick! Needless to say, she's a bit internet-shy at the moment, and they'll be running some serious anti-virus and firewall software on their home computer before she attempts to log on again. And it's a sober reminder that these things do happen. The only things I can think of to minimize the impact would be:
1) Periodically backup your contacts and email list to your computer so that if you get hacked like this, you can always create a new email account and let your friends know that they should treat your old account like spam.
2) Don't include sensitive information like credit card numbers or passwords in your email account (like Yahoo! Notepad, etc..).
3) Make sure you have a firewall and virus protection software.
Even if you do take precautions, I think we all still have to pray that something like this doesn't happen to us. And Thank God (or big banks) for credit card fraud protection.