How They Solicited Thousands Of Dollars, Stole Her Gmail Contacts, and Shut-Down My Sister-In-Law’s Facebook Account

I think by this point we’ve all had been a victim of ‘phishing’ or at least have had one friend who has. For those of you who aren’t familiar with the term ‘phishing’ it is this:

“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

Wikipedia

So, basically if you’ve had a friend send you a very suspicious looking email with simple sentence directing you to a completely random website then you’ve been involved in a ‘phishing scam’. Here is an actual example of one that was emailed to me recently from a friend’s hotmail account:

steve last year I was able to turn my life around with something beyond measure [insert weird link here] I respected by every single person I know nothing has been a better choice than the one you are about to make right now my mother has finally given me the respect I’ve always desired now you will prove to everyone that you can achieve whatever you set your mind too


Looks fairly harmless, but makes you feel kind of vulnerable too…….right? Some crazy person hacks into your email account, sends a silly email out to all of your contacts, you change your password and that’s that.

Well, if there’s something I know about online scammers it’s this: they’re relentless, desperate, and getting better at their craft.

Such is the case with my Sister-In-Law. Two days ago all of her contacts (me being one of them) in her gmail account were sent this email titled:

Worst Case Scenario ( NEED HELP )

“I’m writing this with tears in my eyes, [her husband’s name] and I came down here to Wales,United Kingdom with the girls for a short Family vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us. [Her husband’s name] got beaten up because he was trying to protect us, he is currently at the Hospital receiving treatment. [her daughter’s name] and [her other daughter’s name] are at the Hospital with him.

We’ve been to the embassy and the Police here but they’re not helping issues at all and our flight leaves in less than 3hrs from now but we’re having problems settling
the hotel bills and the hotel manager won’t let us leave until we settle the bills.

Am freaked out at the moment”

Terrifying isn’t it?!?

As you can see the ‘phishers’ not only hacked into her gmail account, sent this email to everyone of her contacts but also used my sister-in-law’s husbands and daughters names to provide credibility.

You may be wondering how they got their names. Well, here is the kicker….they hacked into her facebook account, found out who her family was, and used their names in the email.

Then the Phishers changed her facebook password so she couldn’t get back into her facebook account to warn her ‘friends’ of the phishing attempt. The phishers had gained complete control of both her email and facebook accounts.

Makes you want to change both your email and facebook account’s passwords right now doesn’t it?!? Well, pump-the-brakes….I will get to that in a minute.

So, back to her hacked gmail account, the phishers goal was to solicit money from all of her contacts, friends, and family. What wasn’t found out until a few hours after the discovery of this, was that the phishers set up a separate email account that looked almost identical to her gmail account except for the subtraction of one letter “n” in the account. For example, if my email account was ‘stevedunnhelps.com’ the phishers would have changed it to ‘stevedunhelps.com’.

They did this so that every incoming email back to her email account would be automatically forwarded to the new email account the phishers set up….which they now have complete control over. They did this so they could now contact all of the people who would respond to the initial plead-for-help email without her knowing about it.

The phishers were directing the people willing to help her to wire money to an account were they could easily pick up the money and be on their way. As of this point, I know of at least one person who wired her $1900.

We later found out that the phishers who had accessed her email account and facebook account were operating from an IP address in Nigeria. Whether or not these phishers made away with the money or not remains to be seen.

However, the damage done to my poor Sister-In-Law’s facebook account may be permanent. She still can’t access that account.

So the morale of the story is to make absolutely sure that your passwords are hard for a phisher to crack. Using a symbol to represent a letter, using a mix of numbers/symbols, and using letters in combinations that don’t spell actual words are all good ways to prevent your accounts being ‘phished’.

A special thanks goes out to my Brother-In-Law ….”K”. He’s an IT guy who found out all the little intricacies of these phisher’s scheme. He also provided me a lot of good advice for protecting your accounts with strong passwords.

 

 

If you feel like someone else could find this story useful please feel free to share.

 

 

Written by Steve Swearengin
on August 31, 2011