You are probably right - I believe the way it works is that when a scammer spoofs an email address, they can also specify the reply-to address that will be used. Can anyone confirm this? Have you looked at the address your reply is going to when you just hit the reply button?
But in any event, what good could come from replying to a scammer?
There’s always the possibility of messing with them if you’re so inclined.
Same address (or made to appear like it, anyway) as the address she used 3 years ago when we were in contact.
Responding to the scammer is unnecessary, you’re right. I wrote back when I still was thinking there was a .0001% chance the email was real. After seeing the exact same text word-for-word on a scam alert site, the very last shadow of a doubt is removed.
The scammer may have gotten access to her email account. Many email systems have web access to the inbox. If the scammer can access that, all emails will be accessible to the scammer.
A common way the scammer gets access to the email system is from stolen passwords from other sites. Many people use the same password everywhere. This means if the scammer steals the user database from “knitting-world.com”, they can try to log into the email systems of all those users with the passwords in the stolen database. The scammer will also try to log into banking websites with the same password, Amazon, etc. This is one reason why it’s important to use unique passwords on important sites. If a scammer gets access to the password from one site, you don’t want them to be able to use that password on other sites.
Unless your neighbor IS the scammer. The one you’d least suspect.
Just to add, I googled “my effort purchasing it online proved abortive” and got two complaints about scams from February. It was such a weird sentence.
You shouldn’t feel stupid at all. That’s how these things work – send out enough emails to enough people and you’ll catch someone in a hurry or distracted and where enough “facts” match to sound plausible. Plus, as you started with, $15 isn’t a huge ask so someone is more likely to auto-pilot it versus being asked for $1,000.
You got something plausible, had the presence of mind of question it and come out unscammed. Go pour yourself a drink this evening to celebrate.
It’s always the innocent-looking little old ladies!
Yep. Before getting to all the replies, I just stopped at that sentence and was going to ask “does your neighbor have a habit of talking this way?” There’s also random capitalizations, but some people are just weird about that. However, the Venn diagram of people who randomly capitalize words and use vocabulary like “abortive” casually is most likely two distinct circles.
That said, I have nearly missed a wedding client because I got an email from the bride that was written by what I swore was a typical scammer (wedding vendors get scam emails regularly). The language sounded off and weird and I was about to chuck it in the trash, but I decided to send one email to check. And it did turn out to be real. They hired me. They seemed like a nice, young and intelligent couple. Her email style was just odd. So nothing wrong with checking for a second opinion.
Except it’s not casual. It’s someone who’s English is very limited and they’re trying to shoehorn a word in where it doesn’t belong.
This is much less likely (just based on the time and effort involved) than just spoofing the address that email appears to come from.
I don’t completely understand the technical details of what happens when you reply, but the scammer can also specify where a reply will go if you hit the reply button.
What Is Email Spoofing? Definition & Examples | Proofpoint US
Another component often used in phishing is the Reply-To field. This field is also configurable from the sender and can be used in a phishing attack. The Reply-To address tells the client email software where to send a reply, which can be different from the sender’s address. Again, email servers and the SMTP protocol do not validate whether this email is legitimate or forged. It’s up to the user to realize that the reply is going to the wrong recipient.
I thought that if you hit the reply button the address that you are replying to would at least be transparent (unlike the apparent sender’s spoofed address) - i.e. you can easily see where your reply is going by just looking at the displayed field. I thought this part just depends on whether you are paying attention. Anyone know for sure? OP says that her reply did seem to be going to her friend’s genuine address, which seems to contradict that, so maybe I’m wrong about this.
Well, yes. It leaps out as not casual. That said, I do have friends who would use that word in a casual sentence . Like my friend Kyle, he could write an email like that to me and I would not blink an eye, except for the fact that random words are capitalized, and he would be more specific about the liver cancer. And he would properly append the “s” on “effort.” The scammer in the OP is not using the word casually, as you note. They are clearly looking in a translation dictionary or something of that nature.
Perhaps phrasing it as the mismatch of consistency of tone (higher diction) and accepted style (proper capitalization, spelling, etc) that are separate. Usually if you’re good at #1 you’re good at #2. If your usual manner of speaking includes words like “abortive”,you’re not going to have random capitalizations in your prose.
Rule of thumb: no one legitimate asks you to buy gift cards to send money.
Or that.
Careful with that.
You might get a stern e-mail saying you’re guilty of filing a frivolous police report, and that the fine is $500.
Payable in gift cards.
My wife got an email from our next door neighbor a couple of days ago mentioning that she had a fall and broke her leg. We’re friendly, but not like best buds, so it seemed to me that she meant it to go to someone else, especially since the email was light on detail and context like names. However, Mrs. Cheesesteak, being a good soul, writes back and says, hey is there anything you need, we’re happy to help.
The reply came back that she needs us to buy her a gift card. 
How does this scam work? To me, it sounds like the email asked CC to physically travel to a brick and mortar store, and plunk down $15 for a physical gift card. That’s why I said I didn’t understand how it would work. If CC went out and bought a card, how would she be able to get it to the intended recipient in time for her birthday today?
Or is the fact that it is an “Apple Gift Card” indicate that it would necessarily be an on-line transaction?
If the quoted section had said anything about conducting a transaction on-line, I would have clearly and immediately concluded scam.
The gift card has a number on the back once you scrape off the lottery-card stuff material – just use that number. That’s how you get gift cards onto your iTunes account, back when that was a thing.
They don’t care how you obtain the gift card. They just want the card number, which is effectively untraceable cash at the relevant store.
Me, too - see this post which has a link to a complaint about a scam using that sentence from last year