November 9, 2007, 8:27 am
E-Mail Scammers Ask Your Friends for Money
By David F. Gallagher
Nigeria continues to develop and export the world's most innovative Internet scams. In one bizarre variation that seems to have ramped up in recent months, the scammers are taking a page from Facebook and leveraging the power of social connections.
Hereís how it works: The scammer somehow breaks into a victim's Web-based e-mail account. He then impersonates the victim and sends an emergency plea for help to everyone in the account's address book, asking them to wire money to Nigeria. The e-mail includes some variation on a story about getting mugged or losing a wallet while on a trip to Nigeria.
This happened recently to Drew Biondo of Port Jefferson, N.Y. He said he was at home early one morning when his wife alerted him to an e-mail she had received from his Yahoo address about his Nigerian money troubles. He scrambled to try to regain control over his account, but trying to find a phone number for an actual human at Yahoo was "ridiculously difficult," he said.
Mr. Biondo, a public relations executive, used the Yahoo account for work e-mail and had about 600 people in his contact list, many of them journalists. He said he soon experienced "an influx of phone calls from every reporter I've ever spoken to," including some he had not heard from in years. "I credit this Nigerian scammer with one thing: he made me feel good inside because these people cared enough to drop me a phone call."
Yahoo asked Mr. Biondo for various proofs of his identity, including the long-forgotten answer to a security question he had set up ten years earlier. Two and a half days after it all began, he successfully logged into his account and sent out a mass mailing: "The long Nigerian nightmare is over."
Other people who have been victims of this scam admit that they gave up their e-mail password in response to one of those bogus phishing messages that ask recipients to "verify your information." But Mr. Biondo said he didnít fall for one of those ploys, and he still has no idea how his account was compromised. No viruses turned up on his computer.
The brilliance of the scheme is that while the story in the e-mail might strain credulity, people are obviously far more willing to trust a friend than the supposed widow of a former dictator. While none of Mr. Biondo's contacts fell for the ruse, some people somewhere must be sending money, because the scam is spreading. A Web search indicates that plenty of people have had their accounts hijacked, including:
A monsignor in the Falkland Islands ( "the person who would benefit from this scam needs to be stopped before Monsignor loses his good reputation.") A journalist in Saudi Arabia ( "Telephone calls to the Nigerian Consulate in Jeddah to report the crime were met with disinterest") The former editor in chief of the Malaysian National News Agency ( "I fear my name will be tarnished as though Iím seeking assistance and so on whereas I had never done so and it is a lie.") A Connecticut woman who actually does work in Africa ( "I hope nobody did send her money. I was close.") A doctor in India whose contacts need some cybersavvy ( "My friend tells me of a mail like that he received and many of them even sent in money that has been pocketed by the fraudster.") A woman in Milwaukee who doesn't know where Nigeria is ( "Szymborski said she e-mailed Yahoo about a dozen times but didnít hear back.") And even a fellow Nigerian ( "Na wao. Since it's becoming increasingly difficult daily to achieve international scams from Nigeria, these bad boys now target their own brothers.") Mr. Biondoís experience in particular demonstrates one of the problems with moving more computing tasks from the desktop to the Web, as Google and others would like us to do. In many cases, just one little password is keeping bad people away from your precious data. And if you are relying on free services from a company like Google or Yahoo, your chances of getting prompt and personalized customer service in a time of crisis are low.
Mr. Biondoís new solution to this problem is to spread the risk: "I have a Gmail account which forwards to my Yahoo account, so if one goes I have a backup."
Here is the full text of the e-mail sent from Mr. Biondoís account:
From: Drew Biondo (...@yahoo.com)
HOW ARE YOU DOING? I WANT YOU TO KEEP THIS CONFIDENTIAL BETWEEN BOTH OF US, I KNOW THAT I CAN PUT MY TRUST IN YOU ON THIS. PLEASE DO NOT LET ME DOWN. RIGHT NOW I AM IN AFRICA, NIGERIA. I CAME HERE ON A TRIP TO SEE A FRIEND AND WHEN I GOT HERE I LOST MY WALLET CONTAINING THE ADRESS OF MY FRIEND AND HIS CONTACT PHONE NUMBER, ALONG WITH MY ATM CARD AND OTHER VALUABLES.
SO RIGHT NOW I DO NOT EVEN HAVE ANY MONEY ON ME . I AM STAYING IN A HOTEL NOW , AND THE MANAGER IS ALREADY RANTING OVER HIS MONEY AND AS TIME GOES BY THE BILLS ARE INCREASING.
I WOULD WANT YOU TO LOAN ME $2000. I PROMISE TO PAY YOU BACK AS SOON AS I GET BACK... I WOULD WANT YOU TO HELP SEND THE MONEY VIA WESTERN UNION . GET BACK AT ME ASAP.
HOPE TO READ FROM YOU...
I'll always send a one line email to help the scammer get on the right path:
THOU SHALT NOT STEAL
Be sure to read the other scam warning pages:
Page 1: Internet scams
Page 2: Sell your Sailboat to Africa!
Page 3: American based scams
Page 4: Boat for sale scam
Page 5: Room for Rent scam
Page 6: Motorhome for sale scam
Page 7: I've lost my wallet and need your loan!
Page 8: Give me your PIN number, I already have your credit card number.
Page 9: How to accept payment for your boat without getting scammed
Page 10 Counterfeit checks
Starboard and Port
Grandpa's Funny Pages