Beware Of The Scam

[sceadugenga]

I shouldn't need to warn people of this but a reasonably well known Farang BKK journo has had his email account hacked and his entire address book taken.

Apparently every one in it, myself included, has received an email stating he's been robbed in Nigeria and could $3000 be sent urgently to get him home.

The guy is safe at home and suffering considerable embarrassment because of this.

Time I changed my passwords I guess.

[fred2007]

I shouldn't need to warn people of this but a reasonably well known Farang BKK journo has had his email account hacked and his entire address book taken.

Apparently every one in it, myself included, has received an email stating he's been robbed in Nigeria and could $3000 be sent urgently to get him home.

The guy is safe at home and suffering considerable embarrassment because of this.

Time I changed my passwords I guess.

Will they never learn

[RakJungTorlae]

I shouldn't need to warn people of this but a reasonably well known Farang BKK journo has had his email account hacked and his entire address book taken.

Apparently every one in it, myself included, has received an email stating he's been robbed in Nigeria and could $3000 be sent urgently to get him home.

The guy is safe at home and suffering considerable embarrassment because of this.

Time I changed my passwords I guess.

Will they never learn

Hacking an email account is an extremely difficult task even for pros, unless one guy has a few mins of time to set a key logger file or a Trojan on one of he’s computers. Now days it’s a mix between deceiving and grate deal of knowledge to enter account. The Nigerians are getting better in IT but I don’t think there at that level just quite yet. I know pro hackers who can do crazy stuff, but an email account takes patients and timing and luck.

So what’s the real story?

[Tywais]

So what’s the real story? [/font][/font]

It happens. Coincidentally last week the secretary called me to check an e-mail that had arrived from one of our PhD students who is overseas. Just so happens it says he is in Nigeria and needed 5000 USD to pay bills and get back home due to theft. We called him and of course he was no where near Nigeria and had no financial issues.

[RakJungTorlae]

Then they have managed to get it somewhere ells. There are programs that can give a fake email account with the same name as an individual. Well this is strange never the less. I’m going to leave a message with a few pros to get some feed back on this matter.

[j0hnga1t]

I just got one from a friend who lives in the south pacific.  They knew he was a teacher.  The letter stated he was attending a teacher's conference out there and had all his documents stolen (why someone would think their teaching methods are good is beyond me, so that was the first sign it was fake).  I knew right off the bat that it's probably a scam because he could always call home for money.  What and evil country, but then again you could get a good education on street smarts and how to scam people.  Yeah probably used a keylogger on a computer at an internet cafe

[RakJungTorlae]

Ok update.

Apparently there has been a lot of questions about 2 programs that I am now aware of witch sounds little user friends, highly possible to pull it off. The questions have been continues for a couple of months. hacking an email how ever it will take a grate deal of skill. But entering the IP of a computer and playing around on the desktop and some how downloading from the computer email contacts sounds a bit right to me. can anyone confirm these email contacts are windows Live? or company privet emails.

[sassienie]

Most email accounts are secure unless users give away their account details and passwords.

The following is a message that I receive often which is apparently sent by my email provider.

The scammers use the same email provider as the account holders and can be very convincing:

Dear Gmail (or whatever email provider you use) Account Owner,

This message is from Gmail messaging center to all Gmail free account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Gmail account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it's a present used account.

CONFIRM YOUR IDENTITY BELOW

Gmail! ID : ..........

Password : ...........

Date of Birth : ......

Country or Territory : ...........

Enter the letter from the Security Image : ........ 859304

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Gmail ! Warning Code:VX2G99AAJ

Thanks,

The Gmail Team

G MAIL BETA

No email account provider will ever send direct messages as above requesting personal account details.

If the account holder falls for the scam and submits the requested data, the scammers than enter into the account, change the user passwords, block access and completely take over the account including address books and all inbox/outbox messages.

Edited July 20, 2008 by sassienie

[mommysboy]

I shouldn't need to warn people of this but a reasonably well known Farang BKK journo has had his email account hacked and his entire address book taken.

Apparently every one in it, myself included, has received an email stating he's been robbed in Nigeria and could $3000 be sent urgently to get him home.

The guy is safe at home and suffering considerable embarrassment because of this.

Time I changed my passwords I guess.

What a scam on the internet, from Nigeria , surely not!!! are you sure?

Its a phish not a hack I think.

[farangene]

Its a phish not a hack I think.

I heard it was a phish and he supplied necessary info with his password.

[solent01]

Edit: Deleted post, as to verify content of post I would need to discuss a topic that is banned within this forum.

But lets just say, it's very possible, and not that difficult, if you have the knowledge and tools at your disposal

Edited July 20, 2008 by solent01

[petitechevre]

dont warn people next time, its always funny to see someone fall for something that makes no sense.. even after the news in every country has described nigeria as a scam country for years..

those that get caught, deserve it and should be exposed on TV(like they are actually) in a sad story with a dramatic music which is in fact a big old load of sarcasm by the producers.. It's gonna for the TV industry. brings money in.

[sceadugenga]

The "phishers" are right of course, he was conned into parting with his details.

I used the term "hack" due to a lack of personal PC literary skills but I'm aware of the difference now.

sassienie's excellent post shows how convincing they can be.

To the small cheese I can only say that the world would be a much poorer place without the genuinely naive and innocent and the rest of us cleverer and more street wise people have a responsibility to point out the traps and pitfalls in life to them.

The truth is, they never learn... even the hard way.

[df2006]

it,s a terrible thing when you browse tru a forum to check people out and you find this kind of thing about your own country, i am ashamed completely without words. this has cost me so much, everywhere i go, when i introduce my self as nigerian, i am looked upon as a fraudster, this is a country that has a hundred and forty million people and a handfull of f.............king scoundrels has reduce us to a nation of liars. attached below is how they got the fellows details, and sent his follks the email, that he was missing, please go tru it and be careful about the emails you get. cheers

It's a long story, but it's a word for caution, I

pray we never get into such a scam!!!! Amen.

"Wonders will never end as these desperate thieves will do anything; the

next thing we will hear is that they have their mothers on

sale!!!" Do send to loved ones…

The victim wrote;

NEW STRATEGY OF SCAMMERS

My name is Professor Moruf Adelekan. On 3 June 2008 , I

received an email in my hotmail address asking me to

reconfirm my account or risk it being

deleted. The mail

stated that "hotmail" is experiencing congestion

problem, and would delete all accounts not reconfirmed

within 48 hours or so. This "hotmail" alert

mail looked quite genuine as it had the MSN logo etc.

Believing this mail was genuine, I responded by supplying

all the required details including my password. On 4 June

2008 , I was alerted by friends all over the globe that

they have received an e-mail purportedly signed in my name

stating that I have been stranded in Malaysia and asking

people to send money to me via Western Union .

As I used the same password for my yahoo account, the

scammers also gained access into my yahoo account and sent

a similar mail to many people on the contact list. The

fraudsters changed the passwords in both accounts and

completely denied me access to the accounts. I could

therefore only send out a disclaimer to a small number of

contacts who I could remember and reach by phone or through

other means.

The amount of damage that the scammers have done and could

do in the short and long term could only best be

imagined.

First, the scammers have sent the hoax mail to so

many people all over the globe, including my several

contacts during my stint in the United Nations. Many of

the latter I have not communicated with for years. The mail

has also gone to many professional colleagues. Thanks to

those of you who could contact me one way or the other to

check what has happened. However, many do not even know

where I work at the moment and I only hope they have not

fallen prey to the antics of

the scammers. My Medical

Director here in the UK received his own copy of the e-mail

while attending a conference in the USA . He quickly left

the conference room and sent a message to his secretary to

contact me before getting the money across to me. Of

course, I was sitting in my office when the MD's

secretary contacted my own secretary.

Secondly, I have many sensitive documents in the two

accounts that have been compromised. I have therefore

alerted my professional colleagues and bodies, business

concerns, local and international law enforcement agencies

about this scam to pre-empt and avert (as much as possible)

any illegal use of these documents.

Thirdly, this scam has put me and my family under intense

stress since 4 June 2008 . In the days following

the

scam, we had to respond to telephone calls from concerned

colleagues and friends from all continents 24 hours of the

day.

Further the whole episode has been like "robbery

without a gun" with these scammers gaining full access

to documents I had always thought were "reservedly mine

and confidential". There is also the fear of

the unknown with regard to what illegal use these scammers

could make of the documents. Finally, it is psychologically

depressing and distracting when you have several work time

lines to meet.

What measures have I taken? I reported the incident to

yahoo and hotmail within 24 hours of its occurrence. I

received automated messages from both organizations stating

that some action would be taken. However, up till now,

only

hotmail has asked me to formally lodge a complaint to them

through my Solicitor. I am currently working on the latter.

Following some advice I received from an IT expert, I was

able use the "forgot your password" prompt on my

old yahoo address, answered the security questions and

reset my password. Hence, I have regained full access to

my old yahoo address although I do not intend to use the

compromised address any longer. As hitherto stated, I have

alerted relevant individuals and organizations on the

security aspects of the scam.

Lessons to learn

1. Never fall into the same trap I fell into.

Never respond to any mail requesting that you reconfirm

your yahoo and hotmail account under whatever pretext,

particularly where you are requested to

supply your

password.

2. Please realize that the scammers are becoming

more desperate by the day and do not care in the least

about the possible multiple psychological, social and

economic consequences of their action. Hence, we should

be sensitive to any other tricks they may come up with.

A British MP Sarah McCarthy-Fry also became a victim to

a similar scam method last week (see BBC News

http://news.bbc.co.ukhttp://news.bbc.co.uk/ of 19 June

2008 ).

3. Do not keep or save sensitive files and

documents on your yahoo, hotmail or similar accounts. They

are no

longer as safe as we had always thought they were.

The experts advise that such documents should be kept in

our hard disks and essentially should be

password-protected.

Some people have even suggested that yahoo and hotmail

should no longer be used for serious business and we should

instead subscribe to less-popularized and less at-risk

e-mail providers. A serious food for thought, I would

think.

4. Please read more about steps to take to avoid

becoming a victim to this scam technique called phishing in

the security sections of yahoo or hotmail.

5. Remember this is a clear case of prevention

being better than cure. If you fall a victim, you are

completely on your own struggling to cope to with the

multiple adverse effects,

including contracting a solicitor

to fight your case for you. My experience is that yahoo

and hotmail as organizations are very slow in responding,

if they do at all.They would also not take any immediate

action to close down the affected account due to privacy

rights of their subscribers, among other possible

reasons.

6. Please circulate this write-up widely to your family,

friends and colleagues in order to raise awareness and

prevent more people falling victim to this scamming

technique.

Conclusion: E-mail scamming is taking a frighteningly

dangerous dimension as scammers now use the more invasive

method called phishing, which exposes their victim to

serious consequences as highlighted in this piece. Those of

us whose daily business hinge squarely on the

e-mail system

need to be fully aware of this and other newly emerging

scamming methods. We should alert one another and work

with relevant organizations including law enforcement

agencies to stop the scammers in their track. We should

take all precautions to avoid becoming a victim to what I

have described as "robbery without a gun".

Thank God, I am not aware that any of my contacts has sent

any money to the scammers but this does not make the

possible short and long-term impacts any less damaging. I

thank you all for your support during this trying

period.

Professor Moruf Adelekan

Blackburn, UK

22 June 2008

[tartempion]

I shouldn't need to warn people of this but a reasonably well known Farang BKK journo has had his email account hacked and his entire address book taken.

Apparently every one in it, myself included, has received an email stating he's been robbed in Nigeria and could $3000 be sent urgently to get him home.

The guy is safe at home and suffering considerable embarrassment because of this.

Time I changed my passwords I guess.

Yes, when you are stupid enough to give your user name AND password away to someone claiming to be Yahoo-mail or similar

Nigeria and 3000 USD says enough

And Jeez, get yourself a REAL email account, I only use Yahoomail etc as trash-email

Edited July 22, 2008 by tartempion

[stumonster]

Secondly, I have many sensitive documents in the two

accounts that have been compromised. I have therefore

alerted my professional colleagues and bodies, business

concerns, local and international law enforcement agencies

about this scam to pre-empt and avert (as much as possible)

any illegal use of these documents.

sensitive documents in yahoo and hotmail email accounts ? I wonder how common this is.

I do laugh when I see so many "professional" organisations advertise a contact email that is yahoo or hotmail

[awakened]

And Jeez, get yourself a REAL email account, I only use Yahoomail etc as trash-email

How would you define a REAL email account and what would you recommend?

[Bluelotus]

So .... Am I out the 3 grand ?

[Insight]

Secondly, I have many sensitive documents in the two

accounts that have been compromised. I have therefore

alerted my professional colleagues and bodies, business

concerns, local and international law enforcement agencies

about this scam to pre-empt and avert (as much as possible)

any illegal use of these documents.

sensitive documents in yahoo and hotmail email accounts ? I wonder how common this is.

I do laugh when I see so many "professional" organisations advertise a contact email that is yahoo or hotmail

Ditto. There's very little expense and effort required nowadays to get yourself a private email account configured, reducing the chances of receiving one of these "phishing" emails to almost none.

For me, somebody's credibility takes a big hit when I receive a business card from them listing a Hotmail, Yahoo or Gmail account.

[sweetchariot]

Haha. I used to have a 'proper' email address, but now I am not working I only have hotmail. I set the account up several years ago, and set my computer to remember it.

After reading this thread I have now changed it from 123456 to something a little more complicated. Thankyou to the OP.

As for idiots giving out their passwords, I have little sympathy I'm afraid.

[sceadugenga]

And Jeez, get yourself a REAL email account, I only use Yahoomail etc as trash-email

How would you define a REAL email account and what would you recommend?

Personally I can't see that a "real" email account would be any more secure than a Yahoo, Hotmail or Gmail account. No doubt someone will enlighten me though.

[Insight]

And Jeez, get yourself a REAL email account, I only use Yahoomail etc as trash-email

How would you define a REAL email account and what would you recommend?

Personally I can't see that a "real" email account would be any more secure than a Yahoo, Hotmail or Gmail account. No doubt someone will enlighten me though.

Might not be as secure, but could reduce your exposure to these phishing attacks (unless you are specifically being targeted by the attackers).

The person mentioned by the OP appeared to be the target of a generic, Hotmail-wide attack originally, where the attackers then used the details within the guys mailbox (once they had gained) access to hoodwink people in his address book for cash.

[Marvo]

I set the account up several years ago, and set my computer to remember it.

After reading this thread I have now changed it from 123456 to something a little more complicated. Thankyou to the OP.

OK sweetchariot, I've tried 654321 and that doesn't work! Give us a clue...

[solent01]

Through proxy and brute force it is possible to gain entry to web based email, every spoty faced script kiddy has the know how, but to cover your tracks 100% is difficult. A pro can cover his/her tracks, but you and I are not ever going to be the target of a pro (well unless your high profile of course). Don't ever, ever give out info via email, if a service you use contacts you via email to conferm details its a phish, they never do this, they inform you of actions required via thier own HTTPS when you log in.

Edit: Today I recieved an email from a online payment service saying thay my account may have been used fraudently, please click the link provided so we can verify your account............ not only can they target my IP address, they can get my details of account (if I provide them with it of course), Yeah right, my action was ...... DELETE EMAIL.

Edited July 23, 2008 by solent01

[NanLaew]

It has nothing to do with gmail, yahoomail, hotmail or ANY mail account. Even if you are using an email client like Outlook or Thunderbird, it's all down to keeping your identity to yourself. Some people think that because it's email and over the internet to 'my account on my computer' that it's 100% secure. It's like getting an unsolicited letter in the post saying 'please fill in the information below and mail back'. Would you do it? No way! So it's time some people paid attention to what they use the internet for.

Email is NOT secure, never has been, never will be. I think ISP's and email services need to make this clear in GREAT BIG RED LETTERS whenever someone signs up or renews their account.

[TopDogger]

Hacking an email account is an extremely difficult task even for pros, unless one guy has a few mins of time to set a key logger file or a Trojan on one of he's computers. Now days it's a mix between deceiving and grate deal of knowledge to enter account. The Nigerians are getting better in IT but I don't think there at that level just quite yet. I know pro hackers who can do crazy stuff, but an email account takes patients and timing and luck.

So what's the real story?

Ask one of your Pro hacker friends what "pishing" is...

[petitechevre]

Hacking an email account is an extremely difficult task even for pros, unless one guy has a few mins of time to set a key logger file or a Trojan on one of he's computers. Now days it's a mix between deceiving and grate deal of knowledge to enter account. The Nigerians are getting better in IT but I don't think there at that level just quite yet. I know pro hackers who can do crazy stuff, but an email account takes patients and timing and luck.

So what's the real story?

Ask one of your Pro hacker friends what "pishing" is...

phishing is asking someoen for their username and password and getting it because that person is dumber than a pile of elephant poop

[Samuian]

Different scam, doesn't really belong here but, they are definitely inventive, at first glance it doesn't look like a scam but it CERTAINLY is... if we send them the details - they will come up with some weird western union or Visa Card constellation...

From:

Dr. Dave Smith <[email protected]>

Sent: Sat Jul 26 13:00

To:

[email protected]

Priority: Normal

Subject:

RESERVATION

Type: Text

Alert:

The users email-address has been added to the addressbook

Good Day,

I am Dave Smith,i would like to book reservation for 6 people that will be coming for vacation in your area on the 6th September to 14th September 2008.

If you have vacancy for the specified period, give me the total cost of 6 single or 3 double rooms for 8 nights for the 6 guests. Also, confirm if you will accept major credit card for your payment.

Thank you and looking forward to hearing from soon.

Kind Regards,

Dr. Dave Smith

[emelie]

Yeah right, my action was ...... DELETE EMAIL.

you are so rite! and i repeat: DELETE! DELETE! DELETE! never answer, never even consider.........

[keestha]

Probably people participating in internetforums like this one, are a bit more internet savvy than many other computer users.

People falling for phishing scams and so on, do so not because they are stupid, but because they don't know.

Many times acquaintances forwarded me fake virus warnings, and every time I felt obliged to mail back explaining that the person who started it, urging receivers to forward it to everybody they know, only did so in order to enjoy the snowball effect.

Edited July 26, 2008 by keestha