I Hope you get this on time, I made a trip to Kiev,Ukraine and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle my hotel bills with the Manager.
I have made contact with my bank but it would take me 3-5 working days to access funds in my account, the bad news is my flight will be leaving very soon but i am having problems settling the hotel bills and the hotel manager won’t let me leave until i settle the bills, I need your help financially(£1,950) and I promise to make the refund once i get back home, you are my last resort and hope, Please let me know if i can count on you and i need you to keep checking your email because it’s the only way i can reach you.
yahoo email address? These seem to be the most common for this variety of scam.
No, the email appears to be his own email address. As such it would appear that someone has taken over his email and is able to access and control it externally.
So, I suspect that any reply to his email address would be answered by someone else using apparently bona fide credentials.
Did you inspect the email header?
I occasionally receive emails where the sender address purports to be from my own company’s site – a dead giveaway, but a quick inspection of the information in the expanded header information reveals them to be nothing of the sort.
Another favourite is spoof HMRC and VAT emails, and spurious invoices or notifications of payment of one form or another. All these will have apparently legitimate source information but inspection will reveal that they generally originate from Russia or Nigeria. Many also contain an attached .zip file. Do not open it on any account!
Unfortunately I don’t appear to have one in my mail box at the moment, butnext time I get one I’ll post the header for general information.
The same thing happened to a web site I’m a memeber of. Someone hacked the site and now emails appear to come from people’s email lists, often a relative.
Thanks for flagging this. I suspected the email I received was not genuine, but the sending address is shown as his address, yes.
Is there any way of regaining reliable control of the account, or will Johnny need a new address now (which may be a bigger blow than losing a passport even!)?
Expand and inspect the header of the email to determine its true source. It is highly likely it didn’t actually come from his account in the first place, spoofing the displayed address is trivial.
It does appear to genuinely come from his account. That suggests his PC has been taken over and is sending these out. I would suggest he will need to remove the virus/malware – so a complete virus removal and malware removal and then change passwords.
Yes, it’s not unusual.
A few days ago my missus received one from one of her clients that contained quite a nasty virus.
Inspection of the header revealed that it had been CC’d to what appeared to be the client’s entire emali address list, as would be expected. Her antivirus software spotted it immediately.
The existence of that list is a dead giveaway that the host computer has been attacked and taken over.
As my main machine is a Mac, I’m not too concerned, but for my PCs i wrote my own email client that only downloads the headers, and permits me to delete the emails I’m not interested in or am suspicious of on the web server, which contains my whitelist and blacklist anyway.
It is fairly simple to spoof an email sender address: http://en.wikipedia.org/wiki/Email_spoofing
Sounds legit to me. I sent him £100.
~ Michael Mann
~ Al Gore
Okay, not really. The carbon markets suck these days.
would you send to me only half of that money? 950 pounds will do, thanks in advance