Be a smarter customer! Get your copy of Scammed: How to Save Your Money and Find Better Service in a World of Schemes, Swindles, and Shady Deals. Critics have called it "eye-opening" and "inspiring" -- it'll "grab your attention and won't let go." Order it now on Amazon, Barnes & Noble or iTunes.

Warning: Email hijackings continue — here’s another horror story

by Christopher Elliott on August 18, 2010

Here’s a follow-up to an earlier post about email hijackings. You’d think people would get wise to this awful scam, but the tricksters are adaptable and they understand the power and influence of social media.

“Last week, some ass hijacked my e-mail and took it over, using a very real-looking spoof page to get my password, then going in immediately and changing all my passwords and security questions,” says Connie Crowther. “Over about a five day period, I spent 14 1/2 hours on the phone with various Microsoft security and tech specialists.”

It gets worse.

She continues,

We ended up cleansing my computer by remote, deleting all the trash they left behind in my system, apparently to continue to track keystrokes and new passwords.

Pretty extreme. But not as bad as what the scammers did with the data they stole.

The original e-mail, entitled “HELP”, was an appeal to send money to me, as I had been robbed by gunpoint and roughed up in London, my credit cards stolen, and I had to pay a big hotel bill.

They also used my e-mail Facebook post announcements to get directly into my Facebook page, also changing all the passwords there. They engaged my online friends in the chat system, again appealing passionately for money to pay my hotel bill and asking them to wire it to Western Union.

With MSN and Facebook combined, this stupid, poorly-written, awkward e-mail went out to all my clients, family friends, everyone — more than 1,400 people.

The reaction from her friends was predictable.

Within the first two hours of the dispatch, I had 302 phone calls! How embarrassing and annoying! It has taken me a week to get this all straightened out. I’m still getting notices from friends who were on vacation last week and just saw the e-mail.

It was harrowing, to say the least. I went into Facebook and changed all my settings after it happened, and I have a new procedure for signing into my email account.

Crowther has some advice for anyone who is concerned about becoming a victim of this scam.

First, she says, don’t fall for any pop-ups or boxes that prompt you for your password while you’re online.

“Also,” she says. “Don’t keep any personal information, passwords, shopping, trip documentation, etc., stored on MSN e-mail or Hotmail folders.”

To that, I’d add: change your passwords often, never log into a computer you don’t own and clean up your cookies from time to time so that no one else access your secure data.

There’s a Hollywood ending, though.

I’m happy to report that not a single one of the people sent money — but most of them checked in with me first. And I’m sure there were a lot more return e-mails that I never received during the few days they hijacked my e-mails, having them forwarded to them.

I would hate to see what happens when the real professionals try this scam. You know, the ones who speak English as a first language and are creative enough to move this scam beyond London. I think it’s only a matter of time before the pros start spoofing operations that you or I could easily fall for.

(Photo: escaped/Flickr Creative Commons)

Tagged as: Email, Gmail, Hijack, Spoof

  • Bill

    I think it is admirable that many showed the common sense to call to follow up and that apparently none paid the scammers.

    The credit card companies need to do a better job of advertising their services I guess. If you lost your wallet/purse etc in London, wouldn’t you call your bank to cancel your card and get another one? Oh yes, the email usually says your plane is leaving in a few hours – BUT the hotels generally already have your credit card information before check out anyways.

  • BucksterSF

    “First, she says, don’t fall for any pop-ups or boxes that prompt you for your password while you’re online.”

    Really. Sounds like some people deserve a hard earned lesson. Would you give you ATM PIN to someone on the street in a suit because they looked official?

  • Sarah Di

    You would think that they would figure out pretty quickly that being mugged in London isn’t going to get donations from family and friends at this point.

    Before I send money to anybody from an e-mailed or facebooked request, you can bet I’m checking personally with that person in a way that I can hear their voice.

  • Jenn

    Bets thing to do is have an email that has pop3 access, then set it up to delete emails once you retrieve t hem using your mail client. remove all contacts, messages, etc from web mail portion.

    Use common sense, never click anything with poor spelling/grammar, and if it says to wire money…contact the individual first (not via reply to message, call, visit, txt, etc them instead).

    Also, download the latest web browser, most of them these days will have spam/bad link protection built in. Keep this on!

    Lastly, always check the “from” name and email address – for those more technically inclined, check the long headers for domain information.

  • http:// 

    May I just say what a help to discover someone who essentially realizes exactly what they’re talking about on the internet. You certainly have learned to take an issue to light and make it necessary. Even more people need to read this and understand it all side of the story. I cannot believe you aren’t very popular as you positively have the gift.

Previous post:

Next post: