Account theft (and a small amount of justice)

So, there I was in my office working hard (during summer break, no less, I hope my boss reads this) on LESSON (our school’s marking system) when I received a distressing email from a friend of mine.

Apparently he had been mugged during a trip to Spain (something I found very surprising as we’d just had dinner with him on Thursday, and he hadn’t mentioned a trip then), and the miscreants had stolen everything but his passport. All my friend needed was a small loan of €2000 to cover his hotel bills and taxi to the airport. Sent via Western Union, that admirable institution that takes such pains to make sure that money ends up where it’s supposed to.

Transcript
Burgundy:
Scammer
Black:
Me

Yeah. This particular friend would have trouble racking up a €200 hotel bill, much less ten times that amount. I immediately got on the phone and called his wife. Sure enough, their Yahoo account had been compromised and she could no longer access it. I talked her through Yahoo’s compromised account process, and she was able to reset her password using her security questions (apparently the scammer hadn’t changed those yet). Checking the original email showed that the scammer was accessing Yahoo’s webmail through a web proxy, hidemyass.com.

When she finally got into their account, all of their contacts had been deleted along with the last few months of their sent mail. She sent an email to Yahoo explaining the situation and got an automated reply saying that she would be contacted within 24 hours. In the meantime, she has no way of letting her contacts know the message is a fraud. Even worse, the “SOS from Spain” email had a reply-to address that was subtly different from the original, an added i between first initial and last name. This means that, even though she has regained control of her own account, anyone replying to her email will be replying to an account still under the control of the scammer.

I didn’t want all that effort by the scammer to go to waste, so I sent an email to the fake account asking how I could help my dear friend in Spain. To make a long story short, I went back and forth with my “friend” for three and a half hours, finally offering to loan him €1000. I only ended the fun when the scammer insisted on having the Western Union confirmation number.

I ended the conversation with a supposed link to the confirmation number, but which was actually a tasteful picture of a donkey braying. I then contacted a technician at hidemyass.com and forwarded them the emails along with the log of the scammer accessing the donkey picture. Surprisingly, the originating IP was from Nigeria. What a shock!

It did turn out that the scammer was actually paying to use the web proxy, so the technician suspended their account. Which means that instead of making money of this particular scam, the scammer actually lost money. It’s not much of a win, but I’ll take what I can get.

Padlocked gate credit – Padlock by Ian Britton. Used under the CC BY-NC-ND 3.0 license.