Scam Story: Gone Phising for E-Victims
A few years ago I received a worrying email, apparently from Martha Knapp, the director of the Hartford Historical Society. We’re in touch pretty often for news stories, so I recognized Knapp’s distinctive email address. The subject line included her full name and the words “Help, Awful Vacation Trip.”
The email said she was visiting the Philippines with her family, and they’d been mugged at gunpoint. The robbers had stolen their cash and credit cards, and they were scheduled to fly home that day.
“We’re having problems settling the hotel bills, and the hotel manager won’t let us leave until we settle,” the message said. “We are freaked out at the moment. … If you can help us out, write me back.”
In some ways, it was unlike other phishing emails I’d received. It appeared to have come from someone I knew. Everything was spelled correctly, and the wording, informal American English, might have been hers. But the storyline read like a scam: friend traveling overseas gets in trouble and needs money wired ASAP.
On the off chance it was real, and because I was curious, I wrote back. I asked her to call me at work, but the response came by email. They needed $2,450 but would appreciate any amount, which they’d repay when they got home.
“You can have it wired on my name via Western Union. Here’s my info. … As soon as it is done, kindly get back to me with the confirmation number.”
That sounded like a typical scam, and I figured Martha would have called if she really needed help. Then, taking a closer look, I realized the email address wasn’t actually hers — an “i” had been swapped out for an “l,” easy enough to miss at first glance.
I emailed Martha to let her know. She’d received similar messages from everyone on her contact list, she said in a phone interview last month. “They knew I wasn’t in Manila.”
Soon after the fake message went out, she changed the password for her email account. That seems to have done the trick.
She hasn’t been hacked since.
— Aimee Caruso