Scammers hack gmail and try for a $1200 scam via Western Union
20100201 at 18:30 
In this case a friend of mine Mark B. had his gmail account compromised this morning and clever scammers tried to turn this into a large cash payoff. After I poked around and found the number for his business online, I got him on the phone. As it turns out, Mark was fine in Sacramento, and had taken back his gmail account and was busy taking back control of his Facebook account as well.
Meanwhile, the scammer had created a new gmail account with a very similar name and continued his desperate plea for cash.
The original appeal:
I’m writing this with tears in my eyes,I came down here to London,England for a short vacation and i was mugged at gun point last night at the park of the hotel where i lodged all cash,credit cards and cell were stolen off me.I am even owing the hotel here,and the hotel manager won’t let me leave until i settle the hotel bills now am freaked out.So i have limited access to emails for now, please i need you to lend me some money so i can make arrangements and return back I am full of panic now,the police only asked me to write a statement about the incident and directed me to the embassy,i have spoken to the embassy here but they are not responding to the matter effectively, I will return the money back to you as soon as i get home, I am so confused right now.i wasn’t injured because I complied immediately.
Some four hours later, a final appeal:
Richard, am still waiting for the MTCN number as soon you have done.
And my reply
Subject: some a**hole thinks this is a scam
Can you believe it?Don’t worry, I gave all the info to the police and to Google — so don’t worry just answer the door when they knock, ok?
What a surprise — I haven’t heard from fake Mark B. again!
It’s important to make sure people with whom you have a trust relationship are protected from such things. In this case, Mark’s Google profile allowed me to locate his business and phone number. Mark answered the phone right away when I called. Scam averted!
I called Western Union and asked for a fake MTCN number which would allow law enforcement across the pond to apprehend the criminal, with forged documents in possession. Such is not possible… “No can do… that’s a police matter.”
What a pity… common sense deterrence methods are not available to an informed citizen with a scammer on the hook. In summary, please secure the accounts that identify you and allow your “friends” access to enough contact information (more on that later) to thwart such attacks.
article | tagged crime, fraud, google contacts, google profile, trust, uk
Reader Comments (1)
Hi Richard,
Some further guidance if this happens to your readers:
- Make sure you have a backup email account to send password resets to.
- Make sure you get rid of all the other emails the hackers associate with your accounts.
- They set an SMS cell number in Nigeria to forward password resets to
- They also created a fake markbean gmail account and forwarded all incoming email to that.
- They created a filter to do the same
- They deleted a bunch of recent email conversations that contained the word password.
Bottom line - you're not safe just resetting the password. Keep your antivirus and windows patches up to date. Sign up for LifeLock immediately after.
Re-installing a computer was all it took for them to be able to grab my identity.