OT: new spam/phishing attempt?

I received an email yesterday apparently from someone who I vaguely know (let's call him "John Smith"). Subject line was "Urgent Help Needed (John Smith) and the one-line message just read "I'm having problems here and need your help Urgently/Financially. Can I ask you a Favour?" No hyperlinks, just a flat text email.

It was obviously dodgy, but I couldn't immediately figure out what the scam was. I tried hitting 'Reply', and saw that the message was set to reply to John... except, oh no it wasn't - it was set to "John.Smithh1 @btinternet.com" rather than " snipped-for-privacy@btinternet.com". So presumably my reply of "Oh no John, how awful, how can I help" would have been met with a second email of "Thanks, please lend me some money by this paypal link" or whatever.

Is this a new scam? Can't say I've ever come across this before. Seems very labour intensive compared to most - the scammers will have to manually create a new account with a similar name to every email account they hijack. And isn't btinternet.com (which was the domain they used) a paid- for account only? If so how does that work?

It does seem odd to me that despite that the apparent sophistication of this scam, that the perp couldn't have spent a bit more time preparing a vaguely plausible and genuine looking message!

Reply to
Lobster
Loading thread data ...

There was a lot of hacking of yahoo and btinternet webmail last year, I think they have moved (or are moving) to gmail instead because of it, so lots of address book harvesting was done, probably worth mentioning this to "John" or anyone else who you know will have been in his address book, especially anyone who's more gullible or less savvy ...

Reply to
Andy Burns

It's become very common. What you might want to do is alert your friend that his address book has been compromised, and he should warn the rest of his contacts to ignore any similar messages sent to them.

Reply to
Graham.

I've received similar emails from people I know. I helped the "sender" of one of them to try to sort things out. In that instance the hacker had somehow managed to break the user's password, access his BT mailbox and change the password to keep the genuine user out. I assume the hacker then kept an eye on the mailbox so see if anyone was gullible enough to offer to help and would then reply to them with details of where to send the money.

Reply to
Mike Clarke

I read something similar a while ago on another group. Seems the receiver of the email sort of did know somebody by the posters name. The poster was stuck without money at an airport or something and needed cash urgently. He did not get it of course.

Reply to
Mr Pounder

I'm surprised they are new to you - I must have seen half-a-dozen over the last few years, and they are of course all scams and it's worth notifying your acquaintance that their account has been hacked (though they probably know already).

I'm told also that the messages deliberately incorporate bad spelling or grammar because they don't want canny or suspicious people like you to respond, only rather stupid ones, and this helps to sort the sheep from the goats. This applies even more to spam messages asking for help in moving millions of dollars from Nigeria, when they really only want one person in a million recipients to respond, otherwise they would be swamped by replies most of them from people far too smart to fall for the eventual fraud.

Reply to
Clive Page

Its al being done to get money as you say. Most suggest the person is stuck abroad and has lost their cards or is in hospital etc. The problem is that since the big hack of address books at yahoo and others they have a huge number of genuine email addresses to use and presumably their hacks got old emails as well in some cases. So yes, its labour intensive but potentially lucrative. Brian

Reply to
Brian Gaff

Actually what sometimes happens on some email accounts is that they can be configured to send emails from certain addresses to an account set up by the scammer. Thus what the user needs to do, and this is any user particularly if they use webmail, etc, to go in and look for redirects they have no knowledge of and reset them. Nobody much looks for this kind of thing. Luckily, it seems to have mainly occurred on Yahoo accounts which of course BT used for some time also. The clever bit is not actually changing the password so not alerting the person who was hacked. In time he will twig that mr smiths emails are no longer coming in, but he might by then have managed to get money form someone. There are many variations, and I understand BT has moved its email and Yahoo has closed a back door, so one hopes this will now drop off till the next hack I suppose. I never use online storage of email addresses. It gives hackers 24/7 time to hack into the account. Brian

Reply to
Brian Gaff

That would be why one of my throwaway accounts received a mail today from Barclays bank warning my account was "desactivated" ....

Reply to
Jethro_uk

Yes, it was most interesting to get an email from a friend who had gone to Cornwall on holiday to say she was stuck wthout any money in the Phillipines.

Reply to
charles

The one we got was alarmingly accurate, specifying the airport our friends regularly use. However, the language was just hopeless

Reply to
stuart noble

In message , Mr Pounder writes

My wife had that one. Seemingly from her cousin who does travel a lot. Initially quite believable.

I don't recall the route of how they hoped to receive actual funds from the gullible.

Reply to
Tim Lamb

Here's a typical example we received from a friend whose email account had been hacked.

Hello I'm sorry for this odd request because it might get to you too urgent but it's because of the situation of things right now, I'm stuck in Madrid Spain with Family right now, we came down here on vacation we were robbed, the situation seems worse as bags,cash ,credit cards and cell phone were stolen at GUN POINT, It's such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but don't have enough money to get our flight ticket back home, please I need you to loan me some money, I will reimburse you right as soon as I'm back home. I promise

Thanks In Advance

Reply to
Tim+

Same thing has happened to me recently.

Reply to
harryagain

I get several messages daily purporting to come from BT/Yahoo with various threats about my account with them All inviting me to "click here" to fix the problem.

Reply to
harryagain

It is possible to click on a web link that runs malware which extracts userids and passwords from cookies for yahoo web email stored on a PC. There was an example of how this works on youtube.

Reply to
Michael Chare

On Wednesday 22 January 2014 19:33 harryagain wrote in uk.d-i-y:

I got a phone call from Southern Electric saying I owed them some money as I was moving to another supplier.

They seemed very put out when I said I wasn't going to give them my payment details as they'd failed to identify themselves.

I said: "I'll call you using a number on your web" "Why" "You could be a scammer" "I assure you I really do work for Wouthern Electric" "That's exactly what a scammer would say"

She seemed very offended... She seemed to forget that she'd just asked me a load of (fairly harmeless) questions to verify MY identity!

The bloke I did call back saw the funny side as I was paying my outstanding bill...

Reply to
Tim Watts

I had one like that last week. From someone whose BT internet account was hacked. The from address was the correct BTinternet one but the reply to was to a yahoo account with the same name.

It was almost convincing, the person does travel a lot so a claim to have been mugged in the Ukraine and needing to pay hotel bill might just have been believable. I might even have excuse the uncharacteristic row of exclamation marks in the all caps subject line as down to shock. But knowing the individual in question I just wasn't bpossible that he could have become so technically proficient as to send an email to 'undisclosed recipients'.

Reply to
djc

I've just had one from Barclays Bank asking me to rest my login details. On reading to the bottom of the message I see it was sent by NatWest plc. Very interesting - but stupid

Reply to
charles

I had a marketing call from EDF where the caller wanted my name and address. When I politely declined, pointing out that I don't give details to anyone who CALLS me, he tried several ways to reword his script to extract my details. When he realised he was getting nowhere, he said "Wanker" as he put the phone down.

Oh dear ... caught on tape (so to speak). I had a hilarious chat with their supervisor (who started by claiming this call was not recorded, and was audibly shaken when I told her it *was* - by me. Cue being put on to a manager ... passed the time of day anyway. Particularly when it dawned on the manager that if I had recorded the initial exchange, I was almost certain recording the current one.

Reply to
Jethro_uk

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.