Beware of this SCAM

Hello Readers,

The email account of a high school classmate of mine was recently hacked.  The hacker was able to send a ‘distress’ email to all of the addresses in her email account.  One of those addresses was the mailing list for our high school batch.  Imagine how we felt when we received the following:

This is quite shameful, but I just have to let you know my situation right now and I am really hoping you will help Sorry I didn’t inform you about my trip to the UNITED KINGDOM for a program, I’m presently in EDINBURGH, SCOTLAND I was robbed at gun point on my way to the hotel by some hooligans and they made away with my bag and other valuables. My passport is intact and safe because the Hotel Management seized it because I owe them and other belongings are been retained by the hotel management as well pending the time I pay my Hotel bills. I need to pay the hotel bills and get back home. I was escorted by the hotel security to Municipal Library so i can send this email.

I need you to Loan me £ 1,550 GBP (Pounds Sterling) to pay my hotel bills and get myself back home. I will repay you as soon as i get back home. I will appreciate whatever you can assist me with. My cellphone was stolen as well, I’m on my way  to the Metropolitan police now to give a report, let me know what you can do for me at this time. My situation here is really critical, just like all hell has broken lose against me. I’m confiding in you please. I need your assistance. I promise to pay you back as soon as i am back home.

Yours faithfully,
(Our classmate’s name)

This type of scam has been going around for a few years and have taken on several forms.  It is worldwide.  The classmate whose account was hacked lived in Manila.

One really bold form of this type of scam is receiving an actual phone call from the scammer.  There is a talk show on KGO radio in San Francisco which I listen to, and one of the callers a few weeks ago told a story of her grandmother who got a call from her “grand daughter”.  The call started with “Hi, it’s me…”.  The gramdmother, thinking it sounded like one of her grand daughters, responded with the grand daughter’s name, “is this Sue?” (for example).  At this point, the scammer was instantly given a starting point (a name), and proceeded to scam grandma into sending her $3,000,  pleading and crying since she was stranded somewhere remote.

This scam plays on human emotion.  Understandably, who in his/her right mind would not help a love one or a friend in need?  The best we can do is to get everyone aware of these things.

Here are a few tips:

— If you receive a similar phone call, it is normal to be concerned.  However, ask questions the relative in distress and you only know.

— Call other relatives and confirm.

— For email scams, to prevent hacking of your email account in the first place, do NOT click on file attachments no matter how innocent looking it maybe.  This includes ‘applications’ on Facebook sent blindly by friends.  Only open file attachments if you are expecting one from someone.  Unsolicited file attachments may carry viruses and trojan horses than will install a small program in your system to gather email addresses as a starting point for these scams, and send it out to the scammers’ servers for processing.

— Know what to look for.  In a recent phishing email I received from ‘Citibank’,  the email  said that there has been “suspicious activity” in my checking account and they needed to verify my username and password using a link provided in the email.  There were several red flags which I recognized immediately:

  • I do not do business with Citibank!  This alone should make you send this email to the trash.  However, what if your checking account is with Citibank?..  so read on.
  • They addressed me as ‘Dear Customer’ — companies you do business with will always address you using your real name since they know who you are. Never ‘Hello’, ‘Mr. Customer’, etc.
  • The website address was not a domain for Citibank, for example http://citibank.xyx.com.  ‘citibank’ in this example is the sub domain.  A legit Citibank address should have had ‘citibank’ just before the ‘.com’.  For example, https://customer.citibank.com.  This also holds true with email addresses.  For example, “[email protected]” is NOT a legitimate email from Citibank.
  • The website link that was provided to ‘verify’ my username and password was not secure (SSL), this is signified by the letter ‘s’ at the beginning of the URL in ‘https:’.   SSL or Secure Sockets Layer is a system where a business doing commerce online is required to verify their identity and website with a certificate provider. After positive identification, they are issued a certificate which they install in their servers.  Once this is installed, all transactions between your browser and the server are encrypted, preventing eavesdropping.   Take special note and look for the ‘s’ in “https” on the website address, especially when entering credit card numbers and other personal information.
  • Finally, all banks will not ask you for your password and username!  ONLY scammers do this.

Have a safe online experience, everyone!

The email scam described above is documented in Snopes.com: http://www.snopes.com/fraud/distress/family.asp