My soon-to-be-ex-employer hosts its email through Gmail. We have our own domain name, but the email is hosted on Google servers, and we use Google Chat among ourselves.
So, one of these scammers recently conducted the most transparent phishing scam ever. He didn’t even bother to set up a fake website. He just sent an email to a bunch of our employees with some ridiculous pseudo-technical explanation for why he needed their passwords, and said, “Please reply to me with your user name and password.” Three people fell for this.
So, scammer logs in to the email accounts of those who fell for the phish. It is, after all, basically just Gmail, so he can log in right from the comfort of Lagos. He starts by sending out some of the canned “Stranded in London” emails to the people in their address books. Then, a lightbulb goes off. He has access to Chat! So, he fires up chat and starts hitting up anyone who answers for cash to get back from London. One of our employees exchanged chat messages with the guy for a few minutes before realizing it was a scam. Luckily none of our employees fell for it far enough to send any money.
Here’s the thing - when the guy was using chat, the text was still the same as his canned email. Even though he was on chat, he was just copying and pasting from his canned email right into the chat box, so it looked nothing like a real chat conversation.
Wow. I hope these guys send me emails from my parents, so I can email back, saying “Wow! I heard Wales was nice, but I never realized it was the Afterlife!” (What with both of my parents being dead and all. . .
But RickJay is pretty much right; I mean, yeah, it’s stupid, but you only need a very small percentage of folks to fall for it before it becomes profitable. And what does it cost you, in time or money, to send out a few hundred emails a week?
We once wired $800 to the Czech Republic via Western Union for someone who urgently needed cash.
The difference was that it was my mom, we knew for a fact that she was there, and she actually called us to explain the situation (village inn didn’t take credit cards). It still felt funny as hell, though. Especially since we had literally just watched a Dateline episode the night before about how many scams went through Western Union.
I’ve received similar e-mails purportedly from acquaintances who supposedly had their passports and wallets stolen, or else were in a hotel fire in Spain, and wanted me to send them money. As in this case, they had had their accounts hacked.
Same thing happened to me. A friend in Spain had been mugged and needed cash. I knew it was fake because this friend A: is poor as hell 2)would never ask me for money because we’re not that close, and D} the language was very prim and proper, and if that were a real situation mucho profanity would be the order of the day! So I texted her and gave her crap about being in ‘Spain’ and told her to change her email password. Meanwhile I screwed around with the scammer for awhile, making up account numbers and saying I sent the money via Avian over IP.
They’re sending the e-mail to everybody on the contact list. Not everybody (friends, co-workers, distant relative, neighbour, brother-in-law,…) will be able to tell the writing style.
Deleting the contact list was probably done in order that the OP’s parents would be unable to warn quickly everybody, in particular people who aren’t too close to them and might be easily fooled (not knowing that they’re currently in Florida, etc…).
I’ve heard of a vaguely similar scam done over the phone - people claim they’ve kidnapped your son/daughter/loved one and ask for a ransom. These scammers are cleverer though - they somehow managed to target people whose loved ones really are traveling at the moment. My parents’ friends fell for it a few years ago.
The beauty of these scams is that the percentage of marks you need to scam is so low. It’s like the old gag about the guy selling pencils on the street. A passing businessman says “WEll, I could use a pencil. How much?” The guy says, “Thirty-five thousand dollars.” The businessman says “Holy shit… $35,000? Are you nuts? How many pencils can you sell for that price?” The guy says “I only have to sell one.”
A few years ago I was staying in a hotel at LAX for a week, doing business around LA. One morning I was getting ready to go visit a customer - it was about 7 AM so, you know, I’m shaving, getting dressed, etc. The room phone rings, and I answer:
ME: “Hello?”
GUY: “Sir, this is Paul down at the front desk. I’m really sorry, but when we took your credit card information when you checked in we seem to have made an error… we have just fifteen numbers. Can you run that card number by me again so we can fix your check in?”
ME: “Well, Paul, I’ll be right down with that card for you.”
GUY: “Um, okay.”
Of course there was no Paul. But it’s a great scam… call a business hotel around that time on a Wednesday morning, catch a bunch of business people rushing around getting ready, and you just might get one person distracted enough to cough it up. And that’s a good day’s work.
Back in the stone-age, I was using AOL, and got an IM from “SarahFromVisa” telling me that AOL had my credit card number wrong, and that she needed it or my account would be terminated. Not only was this an obvious scam, but I had subscribed to AOL using my Discover Card. I gave her a fake number. She seemed satisfied.
I also reported her to AOL.
