As we are aware of the recent issue with a few thousands of emails, lets see how some of these scammers have used the emails they hacked into.
The following email was sent to a small business support’s email id for financial gain from email@example.com – an email id belonging to their client.
“I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, i’m stuck in New York City with family right now, we came down here on vacation , we were robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it’s such and crazy here in london , i need help flying back home, the authorities are not being 100% supportive but the good thing is we still have our passport but dont have enough money to get on flight ticket back home, please i need you to loan me some money till im back home to pay back , i will refund you as soon as i’m back home, i promise , all we need is $800”
The issue looked genuine. The only odd thing was that it was sent as ‘BCC’ (undisclosed recipients). However, the email was from the client’s id.
The following reply was sent to the email id of the client.
“Not a problem. Please let us know what we need to do.”
Then this person got suspicious and sent this message immediately.
Is there a number we can reach you?
Within 10 minutes there was a reply from the email id as follows…
“Well I’ll can’t access any cell right here , all i need is $800 more to complete my ticket fee right now , I can get it back to you as soon as im back home , You can wire me the money via western union , You only need my name and the country name here , I still have my passport ID to pick up the money here
Name : First Lastname
Country Name : New York, United State of America
Thats all you need , You got it right ?”
This is a tricky situation as you don’t want to be seen as unsupportive when a client is in genuine trouble. Thus, the business was willing to send the money. However, they called the client’s mobile in the U.S and he answered – making it clear that the email was not sent by him. If it wasn’t answered they were all set to send the money, since, they were not aware of anyone being fooled in this way before. The business wanted to widely circulate this to prevent people from being fooled this way.