Late last week, I received this harrowing email from a client and it is a great insight into online fraud:
I’m writing this with tears in my eyes,my family and I came down here to Manila,Philippines for a short vacation.unfortunately,we were mugged at the park of the hotel where we stayed,all cash and credit card were stolen off us but luckily for us we still have our passports with us.
We’ve been to the Embassy and the Police here but they’re not helping issues at all and our flight leaves in few hours from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills. Well I really need your financially assistance..
Please, let me know if you can help us out? Am freaked out at the moment!! Peter
What would you have done?
What I hope you would have done was be suspicious because that would mean you have honed your ‘ear’ for the con artists and crooks who clog the shadows of the internet.
As you’ll see in the transcript below, I did play with this friend for a while in the hope of having the local police nab him/her.
One good thing about my experience last week, is that we all get to watch ringside and teach others to be aware.
Sharpening our wits online (your business depends on it)
There are many stories of business people being taken in by authentic-sounding scams because they do not make the time to get familiar with the online world and learn its ways.
This leaves the door open for crooks to play confidence tricks and commit fraud, as might have happened with Peter’s email on Friday.
- Lesson One: The crooks hacked Peter’s Yahoo email account. This means they were able to email all his contacts and pretend to be him. Never trust unexpected emails, especially those with sensitive information, attachments or links.
- Lesson Two: The crooks used a common, worn out template of a fake sob story to rope us in and prey on our empathy for a friend or contact. If ever in doubt, look for extra evidence. I could have called Peter on his mobile or, in this case, copy the opening line of the text and place it in Google where 117,000 pages came up, warning us about this scam.
- Lesson Three: The crooks go hard on the sympathy vote. You MUST make sure all staff, friends and family are aware that people do this and know how to at least DO NOTHING while you work out a quick, trusted way to test the authenticity of an unexpected email or social media message. A quick way to remedy that is to subscribe to the free security alerts from staysmartonline.gov.au.
- Lesson Four: Guard your emotions. Crooks play upon our sympathy, ego, fears and greed, so any messages about a stranger being in love with you, a rich person offering you quick money, or a distressed friend needing urgent funds, need to be suspected and tested before any action.
I would go so far as to say, even if you are a business person still holding out against ‘this web thing’, you do need to educate yourself on scams and netiquette as part of surviving in the 21st Century.
Setting the trap
When I got this message, I had the sort of day that let me dash back and forth between the email and my tasks. So I put into plan a trap to catch the bad guys.
My thinking was that given they had told me the Western Union branch to send money to, all I had to do was stall them until I could get some Filipino police to attend and wait.
This is where Social Media was helpful.
By contacting three Filipino friends on Facebook, I was put in touch with a Cyber Crime detective in Manila, but unfortunately, due to time differences, we only got to make contact after our connection to the scammer went cold.
Frustratingly, I tried emailing and tweeting the police in Manila, asking for contact to set this trap before getting my local contacts, but no response came.
While I admit police resources are stretched everywhere, I hope all security services pay more attention to their online channels that seemed to happen in Manila that day.
I was advised that I would have had to send a small sum through the wires to make the sting, which I was happy to do, if it meant ridding the world of this scum.
So, even though we failed, I did have a lot of fun keeping this crook on the hook, as you will see.
The transcript of a conversation with an internet fraudster
Here is the email conversation, blow by blow. While I could say it is being copied here for communal education, it really is just for the fun of it.
Crook: I’m writing this with tears in my eyes,my family and I came down here to Manila,Philippines for a short vacation.unfortunately,we were mugged at the park of the hotel where we stayed,all cash and credit card were stolen off us but luckily for us we still have our passports with us. We’ve been to the Embassy and the Police here but they’re not helping issues at all and our flight leaves in few hours from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the bills. Well I really need your financially assistance..Please, let me know if you can help us out? Am freaked out at the moment!! Peter
Steve: (Having checked Google and discovered this was a fake) Yes, what can we do?
Crook: Glad you replied back to my email…All I need is just $1,750 and you can have it wired to me via Western Union. Here’s my info below
Receiver’s Name: Peter ……
Location: 1121 M.H. del Pilar Street
Ermita, Manila City, 1000, Metro Manila Philippines
As soon as it is done, kindly get back to me with the confirmation number. Let me know when if you are heading to the WU outlet now??? Peter
Steve: Peter, I will get there shortly and will let you know when. Stand by. Should be next half an hour. Steve
Crook: Ok…Kindly get back to me with the WU transfer details as soon as you have it done. Thanks. Peter
(Now I needed to buy some time while trying to contact police in Manila – this was the best I could come up with)
Steve: Sorry to do this to you, but Susan says I can only send $1000 unless you apologise for offending her sister at our place at Christmas. Steve
Crook: Ok..Keep me posted with the WU transfer details. Thanks. Peter
Steve: But are you going to apologise to Susan?
(A pause of five minutes)
Steve again: Sorry buddy, I don’t know what you did but she is fuming now. She was expecting you to write a few words in this email. Could you just share a short apology now, otherwise I’ll be writing to you with tears in my eyes. Steve
Crook: Yes..As soon as am back home. Peter
Steve: Peter, buddy, sorry to put you through that. I am going to head to the WU office now – it will take 15 minutes. But please promise me you will write a nice apology to Susan while I am on the road. I will check my phone at the WU office to see if Susan has received your reply. She is watching this email now. See you in a couple of weeks, my friend. Steve
(I had to keep my crook on the line while I bought more time, so I thought I would increase the dramatic intrigue)
Steve: Dear Peter, It is Susan here, using stephen’s email while he is going to Western Union for you. He will be calling me soon to see if you have apologised. But you know what I really want? I want you to say you love me, to say that those few moments last summer meant something to you too. Please reassure me and I will give him permission to send the money. Yours secretly, Susan
Crook: I am so sorry Susan, I love you. Thanks. Peter
Steve: Peter, Your words mean so much to me, thank you xxx I have told Stephen to send the money, plus an extra $100 from me. I hope that will be okay? There aren’t any foreign currency limits are there? Yours, Susan
(About 20 minutes later, having Googled what format Western Union transfer confirmation codes come in, and waiting for a reply from police in Manila)
Steve: Hi Peter, I have wired the money to you. I am nervous about sending the confirmation number in one email. I will send it in two steps. Please confirm you have both parts. I will also jumble the order and tell you what code pattern I used when I know you have both numbers. Here we go:
That is the first part – copy it down but don’t panic if it looks wrong – I am using a code. Please confirm you have this. Steve
Crook: I got it. Peter
Steve: Second part
Please confirm, Steve
Crook: Got it.
(A pause of 10 minutes)
Steve: Pete, are you there? I’m worried about you, mate. I need to tell you the code, Steve
At this point, we lost him. For the record, I was going to delay him by reshuffling digits and then, if no help was coming from the police, I was going to ‘discover’ the note from Susan and tell him how gutted I was and that the transfer had been cancelled.
So, while my impromptu soap opera was brought to a premature close, I look back fondly at having some awareness raising content to share with the world, having some new contacts within Filipino Police, and I had a bit of fun while hampering my crook from bothering other victims, at least for a few minutes.
Please pass this on (or at least the main part) to anyone you know who is new to the online world and any staff who manage emails for your enterprise. These crooks, bad as they are at their linguistics, know how to suck kind-hearted people in.