<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=192888919167017&amp;ev=PageView&amp;noscript=1">
Friday, March 29, 2024
March 29, 2024

Linkedin Pinterest

Scammer hacks into e-mail account, begs for cash

By John Branton
Published: June 9, 2010, 12:00am

A would-be thief has hijacked the e-mail account of a Vancouver volunteer community leader and sent out e-mails to people on her contact list — claiming to be from her and pleading for cash.

A Columbian reporter who has written stories about the volunteer’s activities, and was on her contact list, was one of several people who received the fraudulent e-mails late Monday afternoon.

“I had left for U.K. for an urgent situation, unfortunately for me robbers attacked the Hotel I lodged,” the e-mail claims. “They made away with my entire luggage, all my money and my contact diary.”

The bogus sender asked this reporter to wire 2,000 pounds by Western Union to an address in the United Kingdom, and promises, “I will refund it immediately i get back.”

Tip: you can interact with this map using your fingerscursor (or two fingers on touch screens)cursor. Map

The volunteer, who asked that her name not be used to avoid being targeted again, is the president of a local neighborhood association and works with a city volunteer patrol program.

She said about eight people on her contact list called her beginning Monday afternoon to report getting the bogus e-mails. Some are Vancouver employees who were warned by city information technology staff that it’s a scam.

The ruse is one of the more recent ones described by scambusters.org, a free blog and extensive searchable website that’s widely respected by police. Some scammers claimed to be stranded by the Iceland volcano ash and asked for money.

Besides sending the e-mails, the hijacker changed the password on the volunteer’s e-mail account, making it impossible for her to access it, she said.

She said she doubts any of the 100 or so of her e-mail contacts sent any money to the scammer. But she’s had to call folks to warn them and re-create her contact list, which also was blocked by the scammer’s password.

“I’ve spent hours putting it back together and talking to people and explaining,” she said.

As The Columbian reported late last month, after another such scam was reported in Vancouver, there are plenty of ways hackers can take over your e-mail account — and there are ways to protect yourself.

The information came from Maggi Holbrook, senior computer forensics investigator with the Digital Evidence Cybercrime Unit of the Vancouver Police Department and Clark County Sheriff’s Office.

How do scammers get in?

“The victim often responds to an e-mail with a link to a (bogus) website and follows instructions to enter certain information to unlock their Facebook account, or e-mail account (or banking or whatever account),” Holbrook wrote.

“And when they do as instructed, they unwittingly enter the information needed for a hacker to access and even change their account information.

“Once the hacker has that information, they have access to whatever personal information that person has posted and the ability to take over the account,” she said, but folks can fight back in these cyber-battles.

The best weapon: gnarly passwords.

In the world of Internet security, something like J!B@!k7$2H*r doesn’t stand for cussing. It’s a password, but it may get the scammer cussing.

“Too many people use passwords that are based on personal information and are easy to remember,” she said. “Too many people still choose to use overly simplistic alphanumeric combinations like “abc123” — or common dictionary words such as ‘pizza’ or other common words which are easily brute-forced.”

Some scammers have “brute force” software that can, over time, try every possible password and break into accounts with simple ones, experts have said.

“Passwords should be strong,” Holbrook said. “At least eight to 10 characters which are a combination of upper/lower case, numbers, and special characters, e.g., “JBk79$2H*r.”

Her further advice: “Change all your passwords frequently — at least every 60-90 days — and don’t use the exact same passwords for your e-mail, social networking sites, and banking information. Mix ’em up.”

Holbrook also offered techniques for remembering the monstrosities that constitute safe passwords in these larcenous days. “Develop a mnemonic for remembering complex passwords (IL2eP22a!! = I Like 2 eat Pi22a!!) (Note that I substituted the number “2” for the “Z” in this mnemonic).”

And the old standby warnings about being suspicious still apply, Holbrook said.

Never respond to an e-mail or a phone call asking for your personal information, Social Security number, account information or passwords. Legitimate operations will never ask you for this information over the phone or by e-mail.”

Folks can also pay for various Internet services and/or software to foil scammers in several ways, some that generate tough passwords and keep track of them for customers.

For a comparison of offerings, visit http://nextadvisor.com and click on two files, Security Software and Identity Theft.

Loading...