I received an email this morning from a distant relative. This is what it said:
I’m sorry for this odd request because it might get to you too urgent but it’s because of the situation of things right now, I’m stuck in Madrid Spain with Family right now, we came down here on holiday we were robbed,the situation seems worse as bags,cash ,credit cards and cell phone were stolen at GUN POINT, It’s such a crazy experience for us, we need help flying back home, the authorities are not being 100% supportive but the good thing is that we still have our passport but don’t have enough money to get our flight ticket back home, please I need you to lend me some money, I will reimburse you right as soon as I’m back home. I promise
Alarm bells started ringing immediately. It looked suspicious, but at first I wasn’t sure. I only had an email address for this person, so I couldn’t ring her up and ask if her email address had been hacked.
It didn’t take long to confirm that indeed the message was a scam – typing in just the first phrase from the message into Bing produced over 500,000 hits.
It’s clear that her Hotmail account has been hacked, and taken over by a scammer. She may be able to get it back, with Hotmail’s help, but any damage has already been done.
This article, Hacked!, by James Fallows describes the situation very well, and in fact it’s almost the same scam email that was used. The only difference is that in the article, it’s a Gmail account that was hacked. One statistic that leapt out at me:
At Google I asked Byrant Gehring, of Gmail’s consumer-operations team, how often attacks occur. “Probably in the low thousands,” he said. “Per month?,” I asked. “No, per day,” followed by the reassurance that most were short-lived “hijackings,” used to send spam and phishing messages, and caused little or no damage, unlike our full-out attack.
As more of us start relying on the Cloud to handle our email and to store confidential data, it becomes even more important to use strong passwords that are changed often. As the saying goes: passwords are like underwear…