Phishing and Rescue-a-Friend / Traveler Scam

Anyone who uses the internet knows, or should know by now, the trick known as phishing, which refers to ways of acquiring sensitive account access information such as passwords. It could be an email purportedly from yahoo or the administrator asking you to reconfirm and enter your username/password so the account won’t be deleted. Those who fall for it give out their account details. It could be a bank account, which would be more problematic. The account is not deleted, alright, but it falls in the scammer’s control. This is an old trick or scam.

The traveler or rescue-a-friend scam, on the other hand, could be a stranger appealing to your good samaritan side and soliciting help because he/she lost his wallet while traveling. Send money, the email says, and that person will reimburse you when he/she sorts things out. There is a slim chance of success if the email comes from a stranger, so to be more effective, the perpetrator of the phishing expedition sends the email from the hacked account, which means that the recipients are most likely the family, friends and acquaintances of the account’s original owner. The message usually looks like this email that I received yesterday:

Hope you get this on time,Sorry I didn’t inform you about my trip to Spain for a Program, I’m presently in Spain, I am having some difficulties here because i misplaced my wallet on my way to the hotel where my money and other valuable things were kept. presently  i have limited access to internet,I will like you to assist me with a loan of  ( 2,500 Euro = 3,500 USD )  to sort-out my hotel bills and to get myself back home.

I have spoken to the embassy here but they are not responding to the matter effectively,I will appreciate whatever you can afford to assist me with,I’ll Refund the money back to you as soon as i return,let me know if you can be of any help.I don’t have a phone where i can be reached.

Please let me know immediately.

This is also an old trick or scam, but there is a twist.

Because the perpetrator of the phishing attack already has access to the email account, he/she could request for a new password from email and social networking sites such as, in relation to this particular email, linkedin (when you “forget” your password, you simply click the “forget password” link and the instruction on how to change password is sent to the hacked email account registered with the email or networking site).  I received an invitation to connect purportedly from this person (sometimes it pays to delay accepting invitations). A few days after that, I received this email which obviously falls under the traveler scam modus operandi. That would have been more believable if the language of the email was radically changed.

Compare the modus operandi with budol-budol or dugo-dugo crimes in real life. The helper gets a call from someone who is allegedly helping the boss or amo, who figured in an accident. Help is needed. Bring cash or jewelry to pay for medical expenses. In a case we handled, the helper was made to speak to the boss who could not speak properly because, the boss says, she’s in the hospital and a tube is stuck in her throat. Sounds more believable. More than half a million was lost.

Moral of the story? Don’t trust your friends. Or don’t trust your own email account. No, seriously, it merely shows the need for more vigilance against cybercrimes. No difference with the real world.

One comment

  1. Phishing is a way in which user name, password, debit card details are hacked. It is carried out by e-mail or instant messaging. If anyone lost his wallet during the traveling so many facilities are available for to safe his account. So aware from Phishing attack.

Leave a Reply

Your email address will not be published. Required fields are marked *