PHUKET: I have been holding off writing about more email scams, waiting so I can write about nailing somebody and getting them thrown in jail. So far, no luck. But in the past week Iíve received two messages from people I know, here in Phuket, who have had their email accounts hijacked. Thatís quite a coincidence Ė if it is a coincidence Ė so I figured I better warn you about the "mugging" scams.
Like the Ď419 scamsí I wrote about in April, these are also considered "Nigerian" scams, even if the perpetrator is living in Los Angeles or London. Itís been estimated that email scams are the third largest industry in Nigeria Ė no, thatís not a joke Ė with an estimated take of US$100,000 a day just from American victims.
Here is an example of messages I received, supposedly from Phuket residents
, last week:Sorry I didn't inform you about my trip to Spain for a Program, Unfortunately for me all my money along with my bag where my passport and valuable things were got stolen at gun point on my way to the hotel where I lodged, since then I have been without any money, I am even owing the hotel here, so I will like you to assist me with a loan of 2950 Euro to sort-out my hotel bills and to get myself back home. I have reported the incident to the police here but they are not responding to the matter effectively, I will appreciate whatever and any amount you can afford to assist me with, I'll Refund the money back to you as soon as i return,let me know if you can be of any help. I don't have a phone where i can be reached, i only have access to internet here. Please let me know immediately if you can be of any help to my situation.Thanks.
(This came in from a French Yahoo account (@yahoo.fr).
The messages were signed with the purported senderís full name, telephone number and address, and both were sent to the email address I use in Thailand. They are absolutely, completely, utterly fake. I couldnít trace the second message, but the first one was sent from Lagos, Nigeria.
Hereís how the scam works.
The thief recruits and develops a network of mules, in multiple countries. Frequently the mules are in the countries on visitor or educational visas, or with no visa at all. Good mules must be able to follow directions exactly, and have reasonably good IDs.
There are lots of stories about how the mules get recruited, but in some cases theyíre local residents who respond to advertisements looking for "mail forwarders" or to "fulfill orders at home."
The mules are told that they need to collect money sent to them, and forward it to someone else. In payment, they get to keep 10 per cent of the amount of the "order." A good network of mules is worth its weight in gold. Literally. Iíve seen evidence that the mules are shared among scammers.
The thief then figures out how to break into your Hotmail, Gmail or Yahoo mail account. There are lots of ways to do that. Consider that, in the past year, Steve Thomas has amassed a list of more than 28,000,000 user IDs (many of which are email addresses) and passwords (some encrypted, some plain text), which have been publicly posted on the internet. You can check your email address at his site: pwnedlist.com
That isnít the only source of email addresses and passwords. Botnets (which are primarily based on Windows XP computers) collect passwords. Some phishing emails have you "log in", click a link that supposedly goes to your email account. You type in your email address and password, and the bad guys harvest it. There are many collections of swiped passwords sold in bulk on underground sites.
If the thief can log in to your email account, he (itís usually a "he") immediately changes the password. That keeps you out of your email account, makes it harder to figure out what happened, and even harder to fix it.
Frequently using automated tools (and increasingly using sophisticated CRM methods), the thief sends out the same message to all of the people in your address book. Then the scammer waits for responses. They rarely sit on an account for more than a day. In the interim, you can't get into your account, and may not know why.
If the scammerís smart they use an internet connection that's basically untraceable, such as a Nigerian 3G wireless account, or use a VPN. The fact that they're using Hotmail, Gmail or Yahoo mail makes it difficult to trace without a court order, and if you can ever get a court order through, they'll be long gone.
The thief follows a well defined script, possibly adding a twist in the plot along the way. The goal is to get you to send money to one of his mules, via Western Union, Moneygram, or postal money order Ė all of which are very hard to trace. Itís in the scammerís interests to get you to transfer money out of your home country. That makes it virtually impossible to track.
After a day or so the scammer just walks away. Youíre left with an email account you canít log in to, a bunch of friends who are worried that you got mugged Ė some of whom may be embarrassed because either (a) they fell for the story and threw away their money to support some scammer, or (b) they fell for the story but were too cheap to help.
How to clean up afterwards? Each mail provider has their own steps for recovering hacked accounts. For specific information, Google "mail account hacked" and then the name of the service Ė Hotmail, Gmail or Yahoo.Woody's Sandwich Shoppes hold computer sessions under the tutelage of Seth Bareiss every other Wednesday afternoon, from 1 to 3pm. If you have a Windows problem that needs to be solved, drop by one of Sethís free afternoon sessions. Details in the Phuket Gazette Events Calendar.
Live Wire is Woody Leonhardís weekly snapshot of all things internet in Phuket.
Follow him on Twitter: @PhuketLiveWire, and "like" the pages at facebook.com/SandwichShoppe and facebook.com/phuketgazette.net
, or send him mail at Woody@KhunWoody.com