Friday, November 11, 2011
The new flim-flam could be happening to you right now
A few weeks ago a friend of mine received an email from a longtime acquaintance saying that he had been “mugged in London” and asking her to send him some money to help him get home.
Knowing that he had several family members and many closer friends to fall back on, she was really taken aback.
“The nerve of him,” she said.
Although I hadn’t heard of it before, I told her it sounded like a scam and suggested she call him, which she did. It turns out it was a scam. He was home, had not been mugged and hadn’t been to London in years.
Then, just today, I get this email text in my own inbox purportedly from a friend of mine:
“Hope you get this on time, I made a trip to Spain, Madrid and had my bag stolen from me with my passport and credit cards in it. The embassy is willing to help by letting me fly without my passport, I just have to pay for a ticket and settle Hotel bills. Unfortunately for me, I can't have access to funds without my credit card, I've made contact with my bank but they need more time to come up with a new one. I was thinking of asking you to lend me some quick funds that I can give back as soon as I get in. I really need to be on the next available flight.
Western Union transfer is the best option to send money to me. Let me know if you need my details (Full names/location) to make the transfer. You can reach me via email.
Thank you for your input and support.”
This message is especially hilarious to me because this particular friend has owed me a few hundred dollars since roughly 1999 and would never dare ask me for more money if she were dying.
The new “I’ve been mugged in – name a foreign city” is a more sophisticated version of the old “Nigerian letter” which has been around for years. The Nigerian letter (send me your bank account number and several thousand dollars in processing fees and I’ll split this $50 million with you) is itself a new computerized version of the old “flim-flam” (Psst, I just found this money in the street. Give me some “earnest money” to show me you’re honest and I’ll split it with you).
As it happens, journalist James Fallows details in the November issue of The Atlantic magazine how the exact same “mugged in Madrid” con happened to his wife.
As Fallows explains it, six years of his wife’s emails disappeared from her Gmail account at the same moment that he and everyone else in her email address book received the “I’ve been mugged in Madrid” appeal in their own email accounts. Since the two of them had just finished breakfast and were in the same house, they understood instantly that they had been hacked.
Typically, any replies to the email are actually rerouted to an account set up by the hacker, who then sends additional, seemingly personal, messages encouraging concerned friends and family to send money while preventing the victim from finding out about the scam.
If any of the victims’ friends and family members fall for it, they might be out a few hundred dollars, pain enough right there, but the real danger is that by hacking into an email account, the hacker can gain access to passwords and personal information about banks, credit cards and other online accounts that could prove much more costly.
If the hacker gets just one such password, he may have hit the jackpot because most of us are so prone to using the same password or couple of passwords over and over. Otherwise, how are we going to remember all of them? The Fallows article has some good advice on this issue. I urge you to read it.
The Fallows were forced to close out or change all of their financial accounts, but they did eventually retrieve the six-years’ worth of emails from cyberspace or, as it’s called now, “the cloud,” those remote servers that store our stuff for us.
In investigating the incident, Fallows discovered that like the Nigerian letter, most of the hackers responsible for the mugged emails are located in Nigeria, the Ivory Coast or other places in West Africa. A convincing scammer running several of these dodges at a time can make on average $500 a day if only one or two gullible friends believe the story, investigators told him.
The swindle is so new it hasn’t even made it on to snopes.com, the venerable urban legend website. One variation that does show up there though doesn’t even need a computer, just a telephone number. In this one, the scammer calls and claims to be the victim’s grandson in need of money in some distant city to bail himself out of a DUI. Since grandparents often have little contact with grown grandchildren and may not know their whereabouts or recognize their voices, this could work, though a heavy foreign accent might be a giveaway.
Snopes points out that these types of scams are especially insidious because while most frauds depend on the victim’s greed (flim-flams, the Nigerian letter), this one preys on the victims’ generosity and kind hearts.
If you get an email from me saying I’ve just been mugged somewhere in Europe, just send money to my home address, and if you don’t have my home address, well, you’re not that close a friend, are you?