Phishing scam pretends to be your friend, looking for help, but beware
We have been to the Police here but they're not helping issues at all and our flight leaves pretty soon from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. your contribution will go along way here. Please be so kind to reply back so i can tell you what to do and how to get some cash to us..."I'm writing this with tears in my eyes,my family and I came down here to (Buckinghamshire) United Kingdom, for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit cards and cell were stolen off us but luckily for us we still have our passports with us.
We are freaked out at the moment.
'Wouldn't it be wonderful it we could all be a little more gentle with each other, and a little more loving, have a little more empathy, and maybe we'd like each other a little bit more.'
'I know that, like every woman of the people, I have more strength than I appear to have.'
-Eva Peron' "
What would you do if you got an e-mail like that from someone you knew well enough to care, but maybe not well enough to know whether he or she was, indeed, on vacation? In this case, you should heed the wise words of Judy Garland: "I wanted to believe, and I tried my damnedest to believe, in the rainbow I tried to get over, and I couldn't...So what? Lots of people can't!"
We couldn't either. So we called our friend in question and found out she was not on vacation in "(Buckinghamshire) United Kingdom" or anywhere else. She was at home, horrified to find out a bogus solicitation for personal charity was sent to her work colleagues.
How did this happen? Perhaps more important, what does the average person who doesn't make a living as an Internet skeptic need to remember to avoid being scammed?
First question first. This phishing e-mail is more advanced than the garden-variety Nigerian 419 because of its origins: a potentially trusted sender. At this point, most people are aware of phishing e-mails that pretend to originate from eBay, PayPal, Citibank and AOL. Phishing spammers need new strategies. So, among other possibilities: a) our friend's e-mail address book has been compromised; b) our friend has downloaded and is using some kind of compromised or bogus social networking tool; c) our friend's home PC has been compromised by a trojan horse, rootkit or some other piece of malware that's secretly shipping valuable information off her computer to someone else's. The Internet Crime Complaint Center, a three-agency law enforcement effort, posted this July 2 about what appears to be this scam.
Second question. Often, the phishing e-mail will contain enough clues to help you figure out if it's fake. First, the e-mail address it came from (firstname.lastname@example.org) looks suspicious, as our friend is neither Turkish nor Australian. Confirming that address with previous e-mails from your trusted sender will tell whether it's a fake.
Interestingly, as phishing letters go, the English grammar and punctuation is pretty good. The Judy Garland quote in the signature is real, and so is the Eva Peron quote. But doesn't the wording, "my family and I came down here to (Buckinghamshire) United Kingdom, for a short vacation unfortunately we were mugged at the park of the hotel where we stayed..." strike an odd note?
Parentheses aside, Buckinghamshire is a small county near London, home to Bletchley Park and a handful of other interesting sites. The phisher's sentence goes from a geographical generic (a county) to a specific ("mugged at the park of the hotel where we stayed"). Isn't that sort of like saying, "I was taking a short vacation in Iowa and was mugged in the parking lot of my hotel?" If this was really a friend looking for help, wouldn't the reference be to a city in Buckinghamshire ("my family and I came down here to Buckinghamshire, United Kingdom, for a short vacation, unfortunately we were mugged at the park of our hotel in Milton Keynes")?
The reddest of flags, though, appears in the plea: "Please be so kind to reply back so i can tell you what to do and how to get some cash to us..." As Eva Peron herself said, "shadows cannot see themselves in the mirror of the sun," and so, illuminating this sentence is the awkwardness of the call to action. A friend wouldn't ask me to reply to an urgent e-mail to get instruction on how to help. She would say, "please call me at (404) 555-1212 as soon as you get this message." If she were a close friend, she'd call on the phone, for heaven's sake. What's going on here is these phishers are looking for confirmed e-mail addresses to, at the least, carpet-bomb with offers for Cialis.
In summary, then, I have to say that there are some oligarchs that make me want to bite them, just as one crunches into a carrot or a radish. Oh, wait -- that was Eva Peron.