Robbed & Stranded in England - E-Mail Scam

So a little earlier this evening I got the following e-mail from a known friend’s account.

Hello,

How are you doing? hope all is well with you and family, I know this
might be a surprise to you but I am sorry I didn’t inform you about my
traveling to England for a Seminar.

I need a favor from you because I misplaced my wallet on my way to the
hotel where my money,and other valuable things were kept I will like
you to assist me with a loan urgently with the sum of £1,700 British
Pounds to sort-out my hotel bills and get myself back home.

I will appreciate whatever you can afford to help me with and I
promise to pay you back as soon as I return home.

Thank you so much and sorry to bother you.

Regards

insert name here

My Response
*what a strange e-mail.

something tells me this isn’t really liz?

feel free to correct me if this is legit, sounds like a weird virus or something.

insert my name here*


Thanks so much for your concern, Its me and I am really serious about
this, I was robbed on my arrival here in England and everything I have
was stolen from me including my phone and my wallet which contains
money and my bank cards, I am left alone with the cloth I am putting
on and my passport, I will be glad if you can help me out as no amount
is too small for my present situation, kindly get back to me if you
are able to help me out.

Thanks and God Bless

**My Response
**
i’d be glad to help, would you mind calling my cell using skype? my number here

I lost my PC also, and there is no way I can call you, I am accessing
my email from an internet cafe and they dont have all these software
on there computers, I will like to know if you can help me out.

Thanks

By this point I had verified beyond a shadow of a doubt it was a scam. Actually I also tried copying/pasting a random sentence from the original message into google and low and behold, it was a known scam! Still not sure on the mechanism used to get the password but we think my friend used an insecure computer while travelling (normally she has a mac)

Skipping forward a few messages (where the scammer sent me his Western Union Info, here is what I sent:

**Ok I have sent the money with Western Union. My roommate gave me an extra £500 just in case so we transferred £2200. Sorry I took so long!

I have written the western union code on my private website because I don’t trust e-mail for such things.

just click here to get the code!

Can you please call me once you’ve gotten a train ticket or when you’re ok?

we’re all very worried about you!!!

lots of love,**

The link “click here” was a quick page of html I setup connected to statcounter.com which provides IP & Geolocation data for anyone who views a given page.

So fast-forwarding a couple hours again, I got in touch with my friend and we were able to regain control of the account (though we had to fight for it b/c the African fellow who took it over was using gmail’s SMS password recovery to have the account password sent to his cellphone when it changed).

My friend has changed allll her passwords, reset google security settings, called her bank just in case, and sent out an apology letter to hundreds of her contacts. I’m posting to see if anyone has advice as to other steps she should take? She lives here in Paris so unfortunately the scammer got lucky with his London story and scared a lot of people (we think we regained control fast enough to prevent him getting any money though).

His IP address is - deleted -
His cellphone number in Johannesburg, South Africa is - deleted -
The e-mail address he was having all her gmails forwarded to is - deleted -

Is there anything we can do with this info?

Have you looked on the site 419 eater to see if they have any tips?

will do.

btw, beyond dealing with the hacker, I’d love to hear any ideas on smart precautions to take after one’s primary e-mail has been compromised.

<mod>

LP, I have deleted the IP, phone, and contact info.

Feel free to pass them on privately, but not in a public forum, please. Glad you caught on to the scam.

Thank you.

</mod>