Part I: Are Genealogists Targeted in a Scam?
The first time it happened, I deleted the email without a second thought. There was no way this person who was supposedly in trouble while on vacation would contact me; she didn’t even know me. We had exchanged a few email messages concerning genealogy, but that was it. If she was in real trouble in another country, she wouldn’t be writing to me.
This was a scam.
Today, I received a second message similar to the first except this one was from a different ‘genealogy friend’. Unsuspecting individuals might jump into action and send money, believing they’re helping someone they casually know. After all, the email address was correct. Or was it?
But first, let me reveal the email message (subject line: “Help!!!”) this nasty person sent, complete with writing errors.
I’m writing this with tears in my eyes, Derek and I came down to London, United Kingdom for a short vacation. Unfortunately, we got mugged at the park of the hotel where we stayed,all cash and credit cards were stolen off us but luckily for us, we still have our passports safe.
We’ve been to the the Police here but they’re not helping issues at all and our return flight leaves in few hours from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills. Well, we really need your financial assistance..
Please let me know if you can help us out?
We’re freaked out at the moment !!!
The message was signed with the full name of the genealogy friend. If you receive this message from someone you’ve probably heard of in passing – on a genealogy mailing list perhaps – but don’t know, ignore their plea for money. Locate the true address of the individual named in the message and alert them to the fact their name is being used in a scam. Then delete the message.
Scammers try and force their victims to make decisions quickly, hoping they’ll send money before common sense kicks in or they learn the friend is not stranded. However, scammers don’t like variety. The exact wording in the message I received has probably been used thousands of times. I recall the first genealogy friend was also stranded in London under similar circumstances.
What I didn’t realise was how inventive these scammers are. When I located the true address of the name on the message, it turned out her and the one the scammer used were exactly the same except for one character. It was like using email@example.com instead of firstname.lastname@example.org (my real address). At a glance by someone who is panicked to learn a friend is stranded in a foreign country, they look exactly the same.
In this case, the email provider was Yahoo. I think it could have easily have been Hotmail. Those using these mail providers may be at higher risk of having their names used in scams because individuals can set up an almost identical address and take it down, leaving no trace of who they really are.
Part II: Scam Cuts Much Deeper Than Initially Expected
After further investigation, I learnt scammers are out to do more than pick the pockets of unsuspecting individuals; they’re out to trash mail systems and hijack Facebook accounts, too.
Last week, I wrote about the ‘Stranded in London’ scam that may use genealogists and others who post their email address on the Internet. Scammers create an almost identical email address as their intended victim, commandeer their victim’s address book and send messages to everyone, stating they need money right away to pay their hotel bill. The person who is supposedly stranded in London and robbed of their wallet are unable to pay the bill and are not permitted to catch their flight until it’s paid.
My friend who had fallen victim to these scammers reported that she had lost many things: 300 contacts in her address book, all her messages and folders and her Facebook page.
When I learnt of this, I contacted my friend whose name had been used in the first scam. Almost the exact thing had happened to her. All her contacts were deleted and the scammers had hacked into her Facebook account. She immediately contacted Facebook and had her account locked. This inactivated her page, so her on-line friends wouldn’t be tricked into sending money to the scammers. To reactivate her page, she had to prove to the staff at Facebook that she was who she claimed to be.
She said she has learnt several valuable lessons from the experience.
- Make copies of your contact list, so you can notify people through another system if something goes wrong.
- Set up accounts to notify you through texts or messages that something has been tampered with. For example, if I change my password on one of my website accounts, including Facebook, I receive an email message of the fact. If I receive such a message and I haven’t changed the password, then I know something is wrong and I should act immediately.
- With regard to Facebook, don’t login to your account using your email address. You have the option of creating a username instead. Use it.
- Become like Fort Knox; make your password impossible to crack. Sure you could use the month you were born, the name of your street or ABC123, but hackers and scammers will try those first. I admit, I’m guilty of easy passwords. After all, who can remember U6Mn45_iL3? I like not having to refer to a posted note to login to my accounts. However, I also realise if it’s easy for me, it’s easy for everyone else, too. If you still want to keep it simple, mix it up a bit. For example, instead of tibert123, use tIbeRT_123. Most passwords are case sensitive, so even if you simply use tibErt, it’s going to be harder to crack than using all lower case. One last thing, don’t use the same password for everything just in case someone figures it out.