<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=192888919167017&amp;ev=PageView&amp;noscript=1">
Friday, March 29, 2024
March 29, 2024

Linkedin Pinterest

News from Iceland triggers eruption of e-mail scams

By John Branton
Published: May 23, 2010, 12:00am

What’s the old saying, the only thing that’s certain is death and taxes?

Let’s add scam artists to the list. You name it, they come up with a con.

A volcano erupts in Iceland? They’re on it.

Scammers have been taking over people’s e-mail and social network accounts, posing as the owner and sending out messages claiming they’re friends who are stranded somewhere because of the eruption — and need cash, experts say.

The same e-mail hijacking scam surfaced in Vancouver this week when a woman called The Columbian to report it. This time, the con was about England.

Tip: you can interact with this map using your fingerscursor (or two fingers on touch screens)cursor. Map

Tuesday morning, the woman said, she received an e-mail purporting to be from Diane, an acquaintance who said she’d been mugged in London.

“Diane” said she was asking for help “with tears in my eyes” — after losing her cash and credit card to the mugger.

“My flight leaves in less than six hours,” she claimed, adding “I’m freaked out at the moment.”

Not knowing what to do, the woman said she sent an e-mail back to “Diane,” in effect telling her to hang in there.

Almost immediately a second e-mail arrived, asking for a couple thousand bucks, the woman said.

But that same afternoon, the real Diane e-mailed to say “My e-mail was hijacked by a scammer.”

Fortunately, the woman had sent no money.

The latest scam

Claiming to be stranded by the Iceland volcano is the top item in the newest update from http://scambusters.org, a free, longtime scam-warning blog.

Scambusters is regularly updated and its extensive website can be searched for all kinds of ploys. It’s widely respected by police and other experts.

“Once again scammers are trying to cash in on the latest natural disaster — in this case the Iceland volcano eruption,” says scambusters. “Hijacking e-mail and social network accounts, they send messages to the owners’ contacts claiming to be trapped overseas by flight cancellations or delays and asking for money.

“We advise readers to thoroughly check out any ‘send-money’ requests supposedly related to the volcano.”

But how do scammers do it?

There are plenty of ways hackers can take over someone’s e-mail account — and there are ways to protect yourself — said Maggi Holbrook, senior computer forensics investigator with the Digital Evidence Cybercrime Unit of the Vancouver Police Department and Clark County Sheriff’s Office.

“The victim often responds to an e-mail with a link to a (bogus) website and follows instructions to enter certain information to unlock their Facebook account, or e-mail account (or banking or whatever account),” Holbrook told The Columbian in an e-mail.

“And when they do as instructed, they unwittingly enter the information needed for a hacker to access and even change their account information.

“Once the hacker has that information, they have access to whatever personal information that person has posted and the ability to take over the account,” she said.

Toughen passwords

But folks can fight back in these cyber battles, Holbrook said.

The best weapon: gnarly passwords.

“Too many people use passwords that are based on personal information and are easy to remember,” she said. “Too many people still choose to use overly simplistic alpha-numeric combinations like “abc123” — or common dictionary words such as ‘pizza’ or other common words which are easily brute-forced.”

Some scammers have “brute force” software that can, over time, try every possible password and break into accounts with simple ones, experts have said.

“Passwords should be strong,” Holbrook said. “At LEAST 8-10 characters which are a combination of upper/lower case, numbers, and special characters, e.g., “JBk79$2H*r.”

Her further advice: “Change all your passwords FREQUENTLY — At least every 60-90 days and DON’T use the exact same passwords for your e-mail, social networking sites, and banking information. Mix ’em up.”

Holbrook also offered techniques for remembering the monstrosities that constitute safe passwords in these larcenous days.

“Develop a mnemonic for remembering complex passwords (IL2eP22a!! = I Like 2 eat Pi22a!!) (Note that I substituted the number “2” for the “Z” in this mnemonic).”

And the old standby warnings about being suspicious still apply, Holbrook said.

“NEVER respond to an e-mail OR a phone call asking for your personal information, Social Security number, account information or passwords. Legitimate operations will NEVER ask you for this information over the phone or by e-mail.

“If you receive a phone call or e-mail or a social networking site posting from someone claiming to be a relative or friend in a dire situation, DON’T fall for it,” she said. “Hang up and contact them/call them back at a KNOWN number (or call other relatives) to verify the situation. DON’T fall for the ‘I am in the hospital … got arrested … got my passport stolen …’ scams. You should never be embarrassed to verify information.

“Check with your Internet service provider or your closest trustworthy ‘geek friend’ for additional recommendations,” Holbrook said.

mobile phone icon
Take the news everywhere you go.
Download The Columbian app:
Download The Columbian app for Android on Google PlayDownload The Columbian app for iOS on the Apple App Store

Folks can also pay for various Internet services or software to foil scammers, working in several ways, some that generate tough passwords and keep track of them for customers.

For a comparison of offerings, visit http://nextadvisor.com and click on two files, Security Software and Identity Theft.

John Branton: 360-735-4513 or john.branton@columbian.com.

Loading...