E-mail hijack is new twist on Nigerian scam

PUBLISHED : Sunday, 14 October, 2007, 12:00am
UPDATED : Sunday, 14 October, 2007, 12:00am

Fraudsters target your pals' cash

Everyone in Nora Moynihan's online address book received the same e-mail. It said she had lost all her money in a Nigerian taxi and desperately needed US$3,500 to get home.

It asked each one to send cash via Western Union immediately so she could get out of the country.

But Ms Moynihan has never been to Nigeria and is not stranded in Lagos. Fraudsters used her hijacked e-mail account last week to try to con money from dozens of people in her address book, in what is becoming an increasingly common scam.

Hong Kong police were unable to supply specific local statistics on hijacked accounts. But overall technology crime is on the rise in the city, with 741 cases last year, compared to 653 in 2005 and 560 in 2004.

The FBI's internet crime division received 207,492 complaints in the US about hijacked accounts last year.

A reply to an e-mail questioning its authenticity elicited this badly written response: 'Doubting will not solve the problem that I am facing now, because the hotle [sic] management is threatening to hand me over to the cop ... I will refund you the money with an interest if needed. But help me to be out of here.'

Ms Moynihan, an Irish national living in Hong Kong, said she had fallen for a genuine-looking customer service notice from Gmail.

'It was completely different from what I was trained to look out for. It all started with an e-mail telling me someone had attempted to access my account. It looked like it came from Gmail customer service. It said my account would be deactivated unless I verified my information,' she said.

Despite initial wariness, she submitted her user name and other details, but not her password. She was contacted again with a request to give her password or the account would be deactivated. 'Foolishly enough, I replied and filled in the password. On Monday, everyone got this e-mail from me.'

Her Facebook and instant messaging system have also been compromised. More worrying is that her e-mail account contained her financial details. She has since contacted her banks to cancel credit cards and change bank account numbers.

This method is a departure from the more common Nigerian - or 419 - scams that involve individuals being contacted by a stranger claiming to have access to millions of dollars and offering a share in it.

Gmail describes attacks like that on Ms Moynihan's account as 'spoofing'. Spammers send e-mails to convince people to give out passwords and, if successful, they use the account for 'phishing' - e-mailing individuals to con money from them. Users of other free e-mail system services like Yahoo and Hotmail have also been targeted.

Gmail's help centre states that Google, which operates the free e-mail service, is currently testing a service designed to alert users to spoof e-mails.

'When the Gmail team becomes aware of such an attack, the details of these messages are used automatically to identify future suspected phishing attacks,' Gmail says on its site.

The Hong Kong police's head of crime prevention, Mark Medwecki, said hijacking of e-mail accounts was identity theft and victims should contact police and their banks and institutions.

Ms Moynihan said it appeared her friends were savvy enough to realise the e-mail was not from her and none are out of pocket. 'Mind you, no one sent any money, so I'd have been stuck if it really was me trapped in a hotel in Nigeria,' she joked.

Web of deceit

The number of technology-related crimes reported to police in the city last year: 741