"From:YOUR FRIEND
Sent: Wednesday, March 03, 2010 11:15 PM
Subject: Sad News!!!
I'm writing this with tears in my eyes,my fam and I came down here to London,England for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off
us but luckily for us we still have our passports with us.
We've been to the embassy and the Police here but they're not helping issues at all and our flight leaves in less than 3hrs from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills.
Am freaked out at the moment.."
Seems like they first hack the email account, change the password so that the victim won't be able to access her account. Then send mails to the people in the contact list. Though it's new to me but seems similar stuff already happened through Facebook. Details of the earlier incidents were reported here. Also here is a funny discussion of the hacker and a person to whom the hacker was seeking help after compromising a facebook account.
But this time in case of my friend it was not facebook but msn. So seems like they are now spreading their access over the accounts. Now once your are victimized what should you do???
Well, following are few things you could do to prevent your friends from falling prey of the trap:
1. Firstly make sure you have a strong password for your account containing upper case and lowercase letters, digits and at least one special symbol like #, $, & etc.
2. Better to change your password every 3 months or so.
These reduces the probabilities of being hacked. But still there is a chance and if that happens and your friends start getting scam mails from your account, do the following:
1. Try to login to the compromised account. If you are lucky enough to get into the account change the password immediately. You can also try "Forgot Password" option if that is working.
2. If you could login to the account, mail all your contact stating that your this account was hacked and do not reply to any mail from this account.
3. Also if you have any other accounts (facebook, orkut, linkedin etc), please update your status with the same information so that others will be informed about the same.
4. If you have any other email account, log in to that and inform everybody in you contact. (Luckily you might have the same set of contacts that the compromised account has.)
5. If you are using the same password in your other accounts change it immediately.
6. Also you can try reporting the incident to your email service provide and request them to block or reset the account and give it back to you. This process varies for different email service providers. For gmail try this, for hotmail/msn try this, for yahoo this could be helpful.
7. If you want to go further, you can contact the corresponding law and enforcement agency who deals with cyber crime for further investigation.
8. Incase of investigation, email headers of the scam mails could be useful as that could gives the ip addresses of the hacker which could lead to her location. So better ask your friends who got the mails to keep the mails/capture the email header and store for further investigation.
9. Also using ReadNotify you can trace the hacker and give that information to the law and enforcement agency.
10. Last but not the least, it could be possible that the hacker was using some sort of trojan or keylogger in your computer to get the account information. So scan your computer by antivirus/antitrojan software to ensure that your machine is clean.
Also keep yourself always updated with the knowledge of various scams and let others know.
This happened to me just this morning, with the exact same wording. It purported to come from a friend. I wrote back asking for verification - something nobody would know but my correspondent and me; and how could I help?
ReplyDeleteThe second email just said "send $1,000 to me (friend's name) at (an address in Great Britain)."
I wrote back and reminded my "friend" that he had forgotten the important step of giving me some information by which I could positively identify him, something a scammer would not know. He responded, "Are you kidding? - You're sending the money to my name!" At which point I was pretty convinced it was bogus.
I called my friend on the phone, and - there he was at home in the United States, not in England at all.
I reported it to a government website that investigates email fraud/identity theft.