Nowadays, e-mail inboxes are routinely flooded with scams—from missing pet and child notices, to official-looking IRS refund communications, to the infamous Nigerian money solicitations. Social media has opened up private lives to public viewing and also significantly aided identity thieves. I field numerous calls on this topic every week. In fact, I received an inquiry from a Vanguard crew member just the other day related to what has become a very common e-mail scam.
I think this is a scam. I know Samantha, but we’re not close friends (her daughter is in my son’s class). I can’t figure out why she would email me about this and not work with her husband and other closer friends.
Is there a way to find out if this is a scam without me having to contact Samantha? If this is a scam, I’d also like to be able to warn other parents who may receive this email.
Thanks for any help you can offer.
Here’s the message, allegedly from Samantha*:
I really hope this gets to you in time, I was involved in a robbery during my trip to Barcelona Spain. I was mugged, all my belongings including mobile phone and credit card were all stolen. I asked my bank to cancel my cards and place hold on my account to avoid unauthorized access. I need your help flying back home.
Am cash strapped at the moment. I’ve made contact with my bank but the best they could do was to send me a new card in the mail which will take 3-5 working days to arrive here. I need you to lend me some money to sort myself out of this predicament, i will pay back once i make it out of Barcelona, western union is the fastest option to wire funds to me. Let me know if you need my details (Full names/location) to effect a transfer.
This is, as the crew member suspected, a scam, but people do react emotionally and part with their money upon getting such messages. How do these spear-phishing e-mails find their way into inboxes? In this case, the bad guys probably hacked Samantha’s account and gained access to her address book. Everyone in her address book then got the solicitation.
If just one unsuspecting recipient takes the bait, the scammers gain money as well as a connection. They’ve also likely gained access to the rest of Samantha’s files. They’ve probably harvested her banking information and other financial data. If friends who get Samantha’s email click on any attachment in the message, they might unknowingly unleash a key logger or other data-capture program into their computer system. The vicious cycle then continues, with new victims unknowingly creating additional victims.
Here’s how you can protect yourself.
1. Stay away from public computers. There’s an even greater risk of scams if you use a public computer to access your e-mail. If you’re spending a weekend at a bed-and-breakfast and your smartphone can’t get a signal, resist the temptation to sign on to the B&B’s computer to check your e-mail.
2. Assume you do have a problem. If you visit a lot of websites, it’s likely there’s something on your computer that shouldn’t be there. Make sure you have properly installed and activated antivirus and anti-spyware protection. And check it daily. Malware (malicious software) protection is constantly updated. Make sure you have the newest release to maximize your protection.
3. Pay attention to your accounts and statements as well as any confirmations you receive via e-mail or regular mail. Also be vigilant about your eBay and PayPal accounts, staying on guard for unusual or unexplained activity. If you see something, act quickly.
4. If you have a personal firewall, make sure it’s on and up to date. If you don’t have a firewall, consider installing one. Also, check all the addresses your firewall allows for aberrant or unrecognizable addresses. If you find some, they may be evidence of a problem. This is a trigger to look deeper and run some scans.
5. Don’t change your passwords first thing if you’ve been scammed or suspect a problem. Without addressing the problem, the viruses on your computer will likely pick up the change, and you’ll be no better off. Only change your passwords after you’ve downloaded antivirus, anti-malware, and anti-spyware programs; run them on your computer; and the scans come back clean.
6. Review accounts for unauthorized activity. Routinely review your checking, credit card, and any other financial accounts, including trading accounts. Do you have an eBay account? Check whether anyone is listing auctions under your account.
7. Don’t keep important, unencrypted files on your desktop or in your phone. You’re asking for trouble if you keep unprotected data in one place.
Frequent and quick checks will put your mind at ease and save you money and frustration if you find a problem early. In an upcoming blog I’ll talk about identity theft and the specific steps you should consider.
*I’ve changed names to protect any real people.