I believe that this is a new form of attack by spammers. So far I have observed this only with hotmail accounts and it has happened to two people I know.
I received an email from my neighbor the other day with the title EMERGENCY. The email is below:
-----------------------
This had to come in a hurry and it has left me in a devastating state, it's an EMERGENCY. I'm in some terrible situation and I'm really going to need your help now. Few days ago, unannounced, I went on a trip to Glassglow, Scotland (United Kingdom) and unfortunately for me I got robbed by thieves, Everything I had on me were stolen, including my phone, credit card and cash and now I'm stranded right now.My return flight leaves in few hours time but I need some money to clear some bills, I didn't bring my cell phone along since I didn't get to roam them before coming over. So all I can do now is pay cash and get out of here quickly.
I do not want to make a scene of this that is why I did not call my house, this is embarrassing enough. I was wondering if you could loan me some cash, I'll refund it to you as soon as I arrive home just need to clear my hotel bills and get the next flight home, As soon as I get home I'll def refund it immediately.
Write me if you are willing to help so I can let you know how to get the money to me here.
Angela.
-----------------------
I thought that there was something wrong with it but as a matter of courtesy I was not going to contact her family - in the case it was a legitimate email. Instead I decided to walk my dog and go over to her house to check if she was indeed in Scotland. As it turned out she was oblivious to what had happened and yes she was in the US not in Scotland.
It appears that the spammers/crooks (whatever you want to call them) hijacked her email address, changed her security question, changed her secondary email address so that the password reminder is routed to them, wiped all the contact information after they sent the email above to everyone.
She also told me that a lot of people called her phone offering to give her money to help with the situation.
A similar email was received by my boss from one of our common acquaintances. Needless to say that she did not send that email either.
Is this the new "Nigerian" scam? I don't know, but it would not hurt to employ an aggressive password changing policy.
As for your last point - solving the spam startup - yeah it would be great if we could do that, or even easier it would be to convince every company that holds a mail server to not allow any email unless the domain has SPF records. This way spoofing will cease to exist (people impersonating email identities). Once spoofing is gone, spam mail server IPs can easily be blocked.
Wow, your email experience is more fascinating. That's a more creative/elaborate spam scheme. Nice of you to go ahead and physically check, too.
I'm thinking these people may have somehow embedded spyware on the victim's computers, and monitored their password that way. This is quite an advanced attack, and even bypasses SPF records, because I checked the email headers, and they legitimately had everything A-okay and authenticated, as if the person really sent it from their own account.
I agree the attack is very elaborate. However it might not be even malware as you suggested to sniff the password. A lot of users use the same password in a lot of sites. It only takes one to be hacked and that is it.
Yeah, I agree it could just be bad password management. I've got the spam from 3 different people so far, so I thought it might be some similar and widespread attack.
I received an email from my neighbor the other day with the title EMERGENCY. The email is below:
-----------------------
This had to come in a hurry and it has left me in a devastating state, it's an EMERGENCY. I'm in some terrible situation and I'm really going to need your help now. Few days ago, unannounced, I went on a trip to Glassglow, Scotland (United Kingdom) and unfortunately for me I got robbed by thieves, Everything I had on me were stolen, including my phone, credit card and cash and now I'm stranded right now.My return flight leaves in few hours time but I need some money to clear some bills, I didn't bring my cell phone along since I didn't get to roam them before coming over. So all I can do now is pay cash and get out of here quickly.
I do not want to make a scene of this that is why I did not call my house, this is embarrassing enough. I was wondering if you could loan me some cash, I'll refund it to you as soon as I arrive home just need to clear my hotel bills and get the next flight home, As soon as I get home I'll def refund it immediately.
Write me if you are willing to help so I can let you know how to get the money to me here.
Angela.
-----------------------
I thought that there was something wrong with it but as a matter of courtesy I was not going to contact her family - in the case it was a legitimate email. Instead I decided to walk my dog and go over to her house to check if she was indeed in Scotland. As it turned out she was oblivious to what had happened and yes she was in the US not in Scotland.
It appears that the spammers/crooks (whatever you want to call them) hijacked her email address, changed her security question, changed her secondary email address so that the password reminder is routed to them, wiped all the contact information after they sent the email above to everyone.
She also told me that a lot of people called her phone offering to give her money to help with the situation.
A similar email was received by my boss from one of our common acquaintances. Needless to say that she did not send that email either.
Is this the new "Nigerian" scam? I don't know, but it would not hurt to employ an aggressive password changing policy.
As for your last point - solving the spam startup - yeah it would be great if we could do that, or even easier it would be to convince every company that holds a mail server to not allow any email unless the domain has SPF records. This way spoofing will cease to exist (people impersonating email identities). Once spoofing is gone, spam mail server IPs can easily be blocked.
/0.02 USD