A friend's email account just got hacked. He's now lost access to the account because the hackers immediately changed the password upon gaining access to his account.
 

Then they started sending out scam emails from his account to every contact of his, this means whomever that my friend has ever exchanged emails with in the past.

The first two scripted emails that the scammers sent out are as follows. It's a textbook hacking scam. Many variations of the same are out there with slightly different reasons for asking for gift cards or bitcoin.
 

Presumably, my friend had compromised his email account login details to the scammers during a phishing attempt. So they didn't really hack his account. He most likely handed over his login credentials to the scammers willingly but unknowingly. 
 

Quote

Subject: Catch Up

 

Hi 
Sorry to ask, do you have a free moment over email? Please let me know! 
Thanks

Quote

It good to hear from you , I need your help to get an apple iTunes gift card for a friend’s daughter who is down with cancer of the Liver, it's her birthday today and I promised to get it for her today, can you get it from any store or supermarket close to you ? I'll refund you back as soon as possible. Please let me know if you can handle this so I can tell you the amount and how to get to her.

 

The thing about phishing emails is no one is following up to catch the culprit, it's a risk free business, can you blame them

22 minutes ago, scubascuba3 said:

The thing about phishing emails is no one is following up to catch the culprit, it's a risk free business, can you blame them

 

Very rarely do phishers, scammers, online fraudsters or hackers ever get caught. They are usually two steps ahead from the moment they start their attack and their identity is usually protected by layers of online autonomy.
 

Catching them requires a fair amount of effort and usually involves a sophisticated plot designed to lure the scammers to a physical location where they can be captured by law enforcement. And this rarely ever happens given the vast number of scammers versus the limited number of law enforcement resources by comparison.
 

It is also typically an issue of law enforcement jurisdiction where the law enforcement agency being notified by the victim is not able to operate in the foreign country where the scammers are located.
 

Victims are often located in Western countries and the scammers are often located in countries like China, India, Brazil, Nigeria, Russia, etc. So it becomes an international cross-border legal challenge to be able to do anything and it requires vast law enforcement resources to do so. Thus, the best defense still remains to simply be awareness. 

People aren't still that stupid, are they ?  Like I would ever word an email like in the sample.  Or email anyone anyway.  That's what FB or a phone is for.

 

Someone gets an email from me, without me contacting first would know it's BS.

1 hour ago, KhunLA said:

People aren't still that stupid, are they ?  Like I would ever word an email like in the sample.  Or email anyone anyway.  That's what FB or a phone is for.

 

Someone gets an email from me, without me contacting first would know it's BS.

Disagree. Not everyone uses faceache or similar and across continents email is often the preferred means of communication.

However yes the examples posted would immediately raise red flags.......