Email hacked, followed by potentially costly scam
By Michael Turton
Local contractor and Philipstown Town Board member Dave Merandy had a bad day on Monday, Nov.12 — and it had nothing to do with local politics or the construction business. In what has become an all-too-common crime, his email was hacked, making him the victim of a kind of identity theft that can not only cause great inconvenience but have serious financial consequences as well.
“My son called me first. He said people were commenting on Facebook that I’d been hacked,” Merandy said. People were making those comments because they had received the following email from Merandy’s email address:
This message is coming to you with great depression due to my state of discomfort. I came down here to Manila, Philippines with my family for a short vacation but unfortunately, we were mugged and robbed at the park of the hotel where we stayed. All cash, credit cards and cell phones were stolen off us but we still have our lives and passports. We’ve been to the embassy and the police here and they have done the best they can. Our flight leaves in less than 48 hrs from now but we are having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills. I am contacting you to ask for a short loan which I will refund immediately I get my family back home safely. Let me know if you can help.
Looking forward to positive response.
“I got calls and text messages from people; I couldn’t get emails, “Merandy said. “People were saying, ‘You’ve been hacked’ and ‘I know you know — but you’ve been hacked.” All of his emails, sent and received, have disappeared, along with all his contacts. Emails that did come after the hack landed in his trash bin.
Damage control and FBI warnings
Merandy did damage control as soon as he could. “I changed my password right away. And I canceled my credit cards,” he said. “I had made some online purchases, so I canceled them just in case.” He worked with his email provider and got his contacts back, but not any of his emails. He has since switched providers.
While Merandy probably had to bear some good-natured ribbing, he was the victim of a scam that the FBI takes very seriously. Below is how the FBI describes a common ploy used by hackers — one that could not be any closer to what Merandy experienced (fbi.gov/scams-safety).
Claims of being stranded swindle consumers out of thousands of dollars
Portraying to be the victim, the hacker uses the victim’s account to send a notice to their contacts. The notice claims the victim is in immediate need of money due to being robbed of their credit cards, passport, money, and cell phone, leaving them stranded in London or some other location. Some claim they only have a few days to pay their hotel bill and promise to reimburse upon their return home. A sense of urgency to help their friend/contact may cause the recipient to fail to validate the claim, increasing the likelihood of them falling for this scam.
“I was surprised that some people took it seriously,” Merandy said. One friend who called him said, “I can’t believe some people still fall for this.” Merandy did receive a couple of calls from people who were concerned, underscoring the fact that the scam does claim victims. “If they (the hackers) didn’t write such a bad scenario, maybe more people would bite,” Merandy said.
Email providers attempt to minimize the risk to customers being taken in by such schemes. Some of those who received Merandy’s bogus email saw this notice in bright red letters just above the text: “Be careful with this message. The sender’s account may be compromised, so this message could be a scam to steal personal information.”
A quick search of the Internet yields dozens of websites offering tips on how to avoid email hacking. Here is a summary of the most common advice:
– Change your password regularly. Some sites recommend that you do so every one to three months.
– If your email has been hacked, change your password immediately.
– Create a password that can’t be easily guessed by hackers. Use a combination of upper and lower case letters, numbers and symbols such as percent, dollar sign, ampersand, etc.
– Do not use the same password for various email or social media accounts. As one site puts it: “Think of the major losses you could suffer if a hacker gets into all your accounts.”
– Delete all inactive email accounts. If you are not using the account and it is compromised, hackers could do a lot of damage before you even realize there is a problem.
– Only give your email address to people and organizations you trust.
– Avoid giving your email address to every website that asks for it. Some websites are set up only to distribute malware or spyware.
Merandy appears to have avoided any major problems as a result of his email being hacked, but it is an experience he definitely does not want to repeat. “It was very bad,” he said. “It took a whole day. A whole day was lost.”