The stranded traveler scam is fairly new and we’ve just heard of a clever little twist.
The stranded traveler scam is a way to profit from hacking into someone’s webmail account. Understanding how it works will help prevent you and your friends from being a victim.
It works like this. You get an email from a friend saying they are stranded away from home, wallet and passport stolen. He/She asks you to send a money transfer urgently. A real, recent scam message is below this article.
If you think it’s real you might send the money quickly without thinking it’s a trick. When the scammer has the transfer details (Western Union etc) they can go to any office to collect the funds, even if it’s a totally different location.
The scammer is hoping the victims will act quickly, without calling the person or checking with other friends first. Unlike the ‘Nigerian’ or ‘419’ scam which targets greedy people, this trick relies on good natured people willing to help a friend.
What really happened
The persons webmail account (Hotmail, Gmail, Yahoo etc) has been hacked. Maybe the person has a simple password or they have left their details on a phishing site.
The scammer logs into the webmail account and then:
- Changes the webmail password so the real user can’t login.
- Grabs a copy of all the contacts either from the contacts list or individual messages. Scammers seem to filter out non-personal messages to target friends/acquaintances only.
- Send the ‘stranded traveler’ message out to the contacts and hope for replies with money transfer details.
Meantime the real owner of the webmail account is probably unaware there’s a problem until they try to login to their email. Even then, they probably think they’ve forgotten the password rather than being hacked. It’s only when a friend contacts them directly that the scam is revealed – usually far too late.
The webmail account can be usually be recovered because there’s a secondary access system available on most systems. This lets you resent the password via a prearranged second email address or mobile phone number.
The ‘Reply To’ trick
The new wrinkle in the scam lets the criminal continue to get emails from the friends / acquaintances even after the webmail account is restored to the real user and the scammer locked out.
Before sending the trick emails, the scammer creates a new webmail account with the same system/domain name but slightly different from the real account name.
The scam emails are sent from the real email address but a ‘Reply-To’ line is added to the message header using the similar address controlled by the scammer. ‘Reply-To:’ is part of the email messaging standard which causes any reply to go to a different email address than the sender.
For example the message headers will have these lines (among many):
From: Fred Dagg
Reply-To: Fred Dagg
The receiver sees the person’s name and correct email address, but probably won’t notice that the reply goes to the different address.
There are various things you can do to prevent being a victim of this scam, either having your webmail hacked or receiving scam emails.
Firstly, have a complex, hard to guess password. Dictionary words aren’t enough. Preferably a mix of upper and lower case letters plus digits and other characters like ([email protected]#$%^&*)
Don’t reveal the password to anyone and be careful of email messages that pretend to come from the webmail provider. Phishing messages are the most common way that people giveaway their passwords.
Outlook has anti-phishing measures but they aren’t perfect, see Avoiding the ‘Google’ mail hack for advice on how to avoid phishing scams.
If you get an urgent email from a friend, especially one asking for money, check with them using other means. Try to call them or check with mutual acquaintances to see if the story is true beyond what you’ve learnt in the email. At worst, you could reply and ask for some information only the real sender would know (keep in mind that the scammer can read/search the hacked webmail account).
For your own webmail accounts, make sure the secondary contact details are setup so you can override a password change and regain your email access via a password reset. Of course, the scammer might remove the secondary address however that should trigger a notification email.
If you believe your account has been hacked, the major webmail services have online forms to notify them.
Scam the scammer
The guy who sent us this little scam realized it was a trick as soon as he called his friend, discovered she was OK and nowhere near Barcelona.
So he strung along the scammer by replying and saying he’d send the money right away. Later he sent sincere looking details of a Western Union transaction (he had a legitimate transfer to base it upon). The scammer was frustrated when the money didn’t arrive and asked for the details again.
A small retribution, but oh so satisfying.
Another option is to reply pretending you’re an enemy and outraged that you’d even consider helping out:
“How dare you ask ME for help … after all you said about me and my mother”
“The blood test came back positive, you escape to Barcelona and now you want my money too? No way”
I’m sure you can come up with many variations, probably using more colorful language.
Here’s an example ‘stranded traveller’ scam email, the names and details have been removed. The poor spelling and grammar could be put down to the writer being stressed and rushed:
Hope you get this on time, Am sorry I didn’t inform you about my trip to Spain for a program,am having some difficulties here because i misplaced my wallet on my way to the hotel where my money and other valuable things were kept.I want you to assist me with a loan of (2,750 Euros = 3,905 dollars) to sort-out my hotel bills and to get myself back home.
I have spoken to the embassy here but they are not responding to the matter effectively,I will appreciate whatever you can afford to assist me with,I’ll refund the money back to you as soon as i return,let me know if you can be of any help.I don’t have a phone where i can be reached.
Please let me know immediately if you can be of help to my situation.
Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.