A Common Scam

Submitted by D2D on Sat, 06/26/2021 - 18:01

D2D Tech Note

Bob Havey

We have all received bogus email with an unbelievable offer, and invoice for something that we didn’t order, or a threat that some action would be taken if we don’t pay some ridiculous bill.  A really nasty one is the one where someone is asking for help. Everyone wants to help a friend.  The famous “I’m stuck in London and need cash” or more recently, “I need to get a gift card for some reason, and I can’t deal with it myself.  I will reimburse you.”  I have seen this one twice in the last 2 months.  It is done with multiple emails.

The first email asks if you can do an unspecified favor.  If you respond the second email asks you do purchase a gift card.  The apparent sender can’t do it himself for some flaky reason.  I have heard that if you actually get the gift card, you will get another email asking for a gift card with a larger sum of money.

The first thing to do is to check the sender’s email address.  Does the actual email address match the organization or individual that the email is allegedly from?  If there is no match, delete the message.

A recent problem was an email that looked for all the world like it came from someone I knew.  If you are really close to the apparent sender, you should be able to see the flaws in the story.  If you are not close to that person, you should know that the request is not appropriate, and that person wouldn’t ask for that kind of favor.   In this case, the customer’s email account had been hacked and in fact stolen.  The only protection you have in this case is to verify – by some other means than the incoming email address (think alternate email or phone) – that the apparent sender was the real sender and needs the help.  Without that verification, do nothing.

Most folks are pretty cavalier about their email passwords, and some just hate them, but this should demonstrate that they are necessary.  You don’t want to be the one with the hacked and stolen email account.  A lot of providers push randomly generated passwords, but those only fool humans.  Conventional wisdom is that longer is better.  Your favorite Bible verse, a quote from Shakespeare, Poe, Ian Fleming, or Danielle Steele is good if it’s over 14 characters.  Don’t be shy about misspelling a couple of the words and interspersing special characters.  No matter what you do, do not use a simple or obvious password on your email account.

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.