When you receive an e-mail from a deposed Nigerian king requesting help with money, you know it’s time to hit the delete button.
But when such a plea comes bearing a familiar name and e-mail address, there’s more incentive to read the message—and maybe even send off some cash. And apparently some people do, making the stranded-friend scam the hottest e-mail hoax of the summer.
In this ruse, you receive an e-mail supposedly from someone you know saying that he or she is stranded abroad (typically in England or Wales) and needs a quick cash loan to return home, typically requested in the form of a Western Union wire transfer.
The usual sob story: I was robbed at gunpoint and lost everything. This scam actually starts weeks or months earlier, with the hacking of someone else’s e-mail account—not yours. The hacking is usually done in one of two ways, says John Kane of the National White Collar Crime Center, which runs the Internet Crime Complaint Center with the FBI.
Scammers can infect an e-mail user’s computer with malware that logs keystrokes, providing the crooks with account user names and passwords. Typically, the malware is installed invisibly when the computer user clicks on an enticing online link.
Another approach scammers use is to distribute “phishing” e-mails—such as information requests purporting to be from your e-mail provider or bank—and collect passwords and other personal data that allow the hacking. They send millions of phishing messages at a time, “so even if their response rate is a fraction of a percent, that’s a lot of potential victims,” says Kane.
Once they have a user name and password, the scammers sign on, and may change the password—with that, they take control of the account and lock the real owner out. Then they send out a stranded-friend plea to you and other people on the account’s contacts list.
This type of swindle was detailed last year by Scam Alert, but recent activity has triggered new warnings this summer from the Internet Crime Complaint Center, the FBI and others.
Even some of us at AARP have been hit. In the past few weeks, one of my colleagues, his daughter and brother-in-law all got “stranded in London” messages from different accounts. The e-mail account of another colleague was taken over by the scammers.
And I just received one, purportedly from an AARP member with whom I exchanged e-mail some time ago, thereby putting my e-mail address in her contacts list.