Saturday, March 6, 2010

Exchange with Probable “419” Scammer

I was sitting in front of my computer on the afternoon of March 6, 2010, when I got a Facebook instant message purporting to be from “Emma” (not her real name)—who is, it will be useful to note, in her mid-sixties and relatively conservative (as well as being a native and capable speaker of English). It quickly became clear that the real Emma’s Facebook account had been hacked. Apart from changing the purported sender’s name (and my wife’s), I’ve reproduced the conversation just as it occurred.

2:50pm Emma

Hi,how are you?

2:50pm Gary

Good afternoon, Emma.

It's a pleasure to see you on FB.

2:51pm Emma


2:51pm Gary

How are you?

2:51pm Emma

but am not good at the moment..

2:51pm Gary

I wondered how APC would impact turnout at SS today. We had a relatively big group, but one composed entirely of regulars or semi-regulars.

Oh, my--what's the matter?

2:52pm Emma

am stuck in London with my family..

2:52pm Gary

London, where it's, what, 10:50 at night?

Doesn't sound fun at all.

Flight canceled?

On stand-by?

2:54pm Emma


we got mugged at gun point last night,

2:54pm Gary

So what's happened?

2:54pm Emma

they took all our cash,credit cards,and cellphones

it was so scary

2:55pm Gary

Oh, my . . . .

Any trip insurance?

2:56pm Emma

reported to the police,and canceled all cards,and bank accounts for now

all we have left are just our passports,and return tickets.

2:57pm Gary

Can your credit card companies get you substitute cards?

2:57pm Emma


that will be till I get back

but we need some money to settle the hotel bills,and then get a cab to the airport.

I need your help please!!

2:59pm Gary

OK--what can I do?

2:59pm Emma

I need you to loan me some money,

3:00pm Gary

What's the best way to handle that?

3:00pm Emma

I'll def refund you as soon as am back.

western union.

all you do is have it wired on my name,and location.

3:02pm Gary

How long have you been in London? That's just awful.

3:02pm Emma

just visited for a short vac

do you have any western union office nearby ?

3:03pm Gary

Hmmm . . . .

3:05pm Emma


3:07pm Gary

Trying to think

3:08pm Gary

Just sent you $250 to your PayPal account.

3:08pm Emma

I can't get that for now

guess it will be better with western union

I still have my passport for identification at western union.

3:10pm Gary

Where's the Western Union?

It may be near someone I know in London who could get you the money.

3:11pm Emma

you can google to find one nearby,

3:12pm Gary

No, I'm asking where the one is at which you'll be getting the money, to see if it's near where my friend lives.

3:12pm Emma

or you can have it done online with your credit card.

that is lavender hill

3:12pm Gary

Which hotel are you at? I can simply have my friend drop by with the money. That will be simplest. She can pay the hotel bill and give you some cash.

3:13pm Emma

I have limited time down here

that is why i ASKED YOU TO HAVE THE $250 wired on my name,and location via western union.

3:14pm Gary

Well, she can be there in half an hour.

3:15pm Emma

my flight might have left by then.

3:15pm Gary

Emma, because it's an emergency, I'm happy to try to help you, but after what you did I'm really kind of surprised you'd choose me to contact.

3:16pm Emma

as it seems at the moment,

3:17pm Emma

am really sorry if

am really sorry if

3:21pm Emma

are you theree?


3:24pm Gary

Are you going to keep your hands off my wife the next time you see her?

3:25pm Emma

please I promise I'll do anything you need.

3:26pm Gary

Carla is still in therapy because of what you did at that party.

3:46pm Emma

are you there?

are you still helping me out?

3:46pm Gary

Have you checked out of your hotel yet?

3:47pm Emma


need to settle the bills,before we leave.

3:47pm Gary

OK, what's the hotel?

3:48pm Emma

sunderland hotel

3:49pm Gary

But which Sunderland? I can arrange for the money to be at the desk in five to ten minutes.

3:53pm Emma

can you just help me out here?

3:53pm Gary

Yes, I can, as I said to you: I can have cold hard cash in your hands at the desk in five to ten minutes. But I first need to know which hotel you're at.

Please understand how angry Carla will be with me even for thinking of giving money to you.

If I wire money to London, she'll know.

But if I have Rowena drop it off for you, we can handle it under the table.

3:55pm Emma

how will she know?if you don't tell her?

3:55pm Gary

Because wiring it means using my credit card, and she reviews every credit card bill.

3:55pm Emma

just help me out if you can

3:55pm Gary

Look, are you at the Sunderland in Gosford Park?

3:55pm Emma


3:55pm Gary

I know that's where you stayed last time.

OK, which one?

3:56pm Emma

please enough of the questions and get me off here


3:56pm Gary

Emma, you're asking me to take a big risk with my wife, and I'm not sure why I should help someone who's behaved the way you have. Just stop being cagey and tell me which hotel you're at. Is it because you're there with Peter?

Is that why you don't want to tell me?


Mike Gogulski said...

The classic 419 is an advance fee fraud -- send lots of money to set up accounts and pay for lawyers, with a promised payoff from some African dictator's nephew's slush fund.

This is something different, and actually pretty alarming. Impersonate via account hacking, then exploit trust relationships.

If "Emma" hasn't had her account restored, you might want to warn all of your mutual Facebook friends about this. The doer will no doubt be hitting up every single one of them with a similar story...

Anonymous said...

I recall David Friedman's worry about a pure restitution system in a free market - scammers like this will sometimes get caught and refund their cash, other times won't get caught and make money. Zero plus profit = profit.

Gary Chartier said...

I've always favored restitution not only of the amount taken but also of the full costs of recovery

Disgruntled Goat said...

pretty good. ever seen this scambuster site? it's masterful.

Morey said...

Glad you caught this, and managed to have a little bit of fun with them too. I've heard of this here and there. The breach was almost certainly the result of a poor quality password, and/or a widely used password.

In one of the security journals, a good hypothetical case was made that one could collect enough personal and friend information from various public sources to build a replicant profile on some other service, and then hit up the victim's friends for emergency cash. Strong passwords won't help with such an attack. Online requests for money should be always treated with suspicion.

Ashley Jennings said...

Classic. At 18 yrs.old, in college I totally got schemed by a man trying to scalp tickets in Times Square. Somehow he convinced me to walk to a Western Union and request money from my grandma who was in Ca-who would be visiting me in NYC and had wanted to see a show. I was out $250 by the end of it. And to think that I trusted the praying hands tattoo across his chest?!? Ever since, I sort of enjoy screwing with them. It's my sick for of retribution. Probably why I thoroughly enjoyed reading your exchange.

morey said...

I neglected to mention the possibility of malware as the source of compromise, which is pretty lame on my part, given that keyloggers installed by various malware have made so much news lately.