Washington State

Office of the Attorney General

Attorney General

Bob Ferguson

Protect yourself from e-mail hijackers and spoofers

When it comes to phishing scams, many consumers know not to give out their banking info online. They should also take care to protect their e-mail account password.

In the past few months, there has been an increase in e-mail accounts being hijacked. Cons then use contact information in the victim’s address book to target their friends and family. 

This recently happened to a co-worker’s relative. Scammers used his personal e-mail account to send the following message:

From: [REAL NAME OF VICTIM] <[real e-mail address of victim>
Date: 2008/9/3
Subject: Please I ned your help now...
To:  [Person in the victim’s contact list]

Hi, how are you? Am writing with deep sorrow, I will detail you upon my return. An EMERGENCY called up and I have to leave immediately for London, unfortunately I got involved in a hotel arm robbery attack this morning, I was robbed off everything I had with me on my trip. Nothing left with me I would have called earlier before now and the hotel phone was disconnected by the criminals at that incident, which they are working on.
 
Am seriously stuck here, I don't know what else to do at this time, am only being access to my email till my return next week. Please I need your help, can you assist me with £1,500BPS, will refund it back to you immediately I get back home next week. I will provide you the western union transfer information once I hear from you to send it immediately.
 
Thanks,
[Name of victim]

Luckily nobody fell for the scam as they called him to see if he was OK. 

Hijacking of your account can occur if your computer is infected with a virus that provides hackers access to your contact list. But it can also occur if you unknowingly provide scammers access to your e-mail password. That can occur if you receive a phishing e-mail that appears to come from your e-mail service provider. Your ISP won’t ask for this information by e-mail. Neither will a bank, broker, PayPal, eBay, the Better Business Bureau, etc.

Spammers sometimes use your information to “spoof” your address without having access to your password. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields found in the message header, the message appears to come from someone other than the actual sender.

S M T W T F S
 
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
31