Apple card scam

His account has been hacked. They found you in his contacts.

Either they used 'Reply-To' and you didn't notice. Or they gained access to acquaintance's email, perhaps a rarely used on (on something like gmail or hotmail). Or they have their phone in their possession.

It's trivial to set the From: address in an E-Mail to whatever you fancy so creating a message that looks like it's from someone else is easy enough.

How it was set up so the scammer got your reply (assuming they did) is a bit more difficult to work out. I suppose they might have set the Reply-to: header to something different from the From: header, it would depend on how your E-Mail client deals with that whether you'd notice or not.

Of course it could also simply be that the scammer has discovered your acquaintance's mail password and is sending/reading E-Mails that way. If your friend doesn't check E-Mails all that frequently it could be done without them noticing at all.

As others have said - the reply-to address was different to the from address and your email software didn't show it. Less likely, the scammer has set up an almost- identical email address. Using 1 (one) instead of l (lowercase Lima), or using 0 (zero) instead of O (uppercase Oscar), or e-acute instead of e, or something. It looked like your pal's address but wasn't.

Or it's an old email account no longer used ...

Yahoo email was always notoriously insecure. TW

Or used a character from a different character set, that has a different code, but looks almost the same as a normal character, so giving them a unique email account name.

A lot of legitimate businesses use a third-party email service, when the Reply-To address may be nothing like the From. It's less likely for domestic users to do this, but someone receiving a lot of business email might get used to this and not pay attention to mismatched headers.

Thanks for the replies. Reviewing the possibilities, it seems to me that a likely scenario could be that the scammer had hacked into my acquaintance's email account (I'd got that far myself!), the account wasn't checked very often (a Hotmail account, btw), and the scammer sent out his message and the replies over a short period and then deleted all the evidence, so that my acquaintance would never know.

I've looked carefully at the email address and can see nothing untoward about it - no slightly different characters or a different 'reply to', for example. IIRC there was a time, back in the DOS-days, when you could insert a character that never appeared on the screen. People used it in passwords. It may have been ALT 255. but I can't remember. It's possible in this instance, I suppose.

I had a mail from from an occasional customer in much the same form... they ultimately wanted a £100 google gift card for their niece.

I this cases they had hacked the password for the account owner (no surprise - he uses the same weak password everywhere). They had also changed the password on the account, and added two factor authentication to it so that the real owner could not get back it.

They also switched to continuing the conversation from a gmail address after the first response - hoping I would not notice.

They might be locked out of their account and unable to see the responses.

See above. However depending on what online filtering options are available with the account they could be more devious.

For example adding a filter to recognise your email address, and automatically forward your replies onto an external address, then delete them so that the account owner never sees them.

A hotmail.com account is the same as a live.com account, is the same as a skype.com account, is the same as an outlook.com account ... they're all microsoft accounts now.

The web interface can actually show a list of where/when the account has been used from

Has the friend been notified by any other contacts that they have had the apple card scam attempted?

Now might be a good time to persuade him/her to enable two factor authentication on the account?

But you can check that possibility with a view source on the emails.

Tip, if you get an Email or similar message from someone you think may be ‘dubious’ ( the Email, rather than your old friend), ask a question like : How did we meet? Be sure not to divulge anything in the question.

They tend to vanish if fake.

Scams using valid Email accounts are very common. Yahoo was targeted 15 or so years back- Yahoo had been ‘hacked’, along with a number of Companies who used it.

I see there is a flurry of ‘delivery’ scams now. I assume they asked for money for extra delivery charges/ missed delivery etc for items which don’t exist in the hope of getting money or, better still, Credit Card / PayPal etc details.

Yes, I had this a while ago. It was genuine.

I asked him the significance of some numbers, and to fill in a gap. He came straight back with the right answers.

Its relatively easy to compromise a machine, but not be able to access much of the secret data like card numbers etc, so the best way is to spoof emails to people in their address books trying to get them to foot the bill. Of couse there are many variations, like using money transfers to an account they have set up or send it to a different address as this is where the person lives who is getting the gift. Generally its just a mail drop. Brian

If the scammer locks the original user out of the account, then they can use the real address with impunity for a while. If it is not frequently used account - then possibly for an extended period before the owner does something (if they ever do!)

(worth warning the account owner via some other channel!)

Brian Gaff snipped-for-privacy@gmail.com wrote

Bullshit. And plenty don't have a machine anymore, just the smartphone.

What bill ?

What ?