Security warning: protect your email passwords!

Two days ago, I received a desperate-sounding email from a friend of mine, telling me she had gone to Africa but had lost her money, was starving and about to be kicked out of her hotel. She asked for specific amounts of money.
Copied below, word for word, is the email message.
> How are you doing today? I am sorry i didn’t inform you about my traveling to Africa for a program called “Empowering Youth to Fight Racism HIV/AIDS, Poverty and Lack of Education, the program is taking place in three major countries in Africa which is Ghana , South Africa and Nigeria . It as been a very sad and bad moment for me, the present condition that i found myself is very hard for me to explain. I am really stranded in Nigeria, because I forgot my little bag in the Taxi where my money, passport, documents and other valuable things were kept on my way to the Hotel am staying, I am facing a hard time here because i have no money on me. I am now owning a hotel bill of $ 1550 and they wanted me to pay the bill soon else they will have to seize my bag and hand me over to the Hotel Management., I need this help from you urgently to help me back home, I need you to help me with the hotel bill and i will also need $1600 to feed and help myself back home so please can you help me with a sum of $3500 to sort out my problems here? I need this help so much and on time because i am in a terrible and tight situation here, I don’t even have money to feed myself for a day which means i had been starving so please understand how urgent i needed your help. I am sending you this e-mail from the city Library and I only have 30 min, I will appreciate what so ever you can afford to send me for now and I promise to pay back your money as soon as i return home so please let me know on time so that i can forward you the details you need to transfer the money through Money Gram or Western Union.
> Regards from yours……………
It was signed off as my friend’s name but with an extra letter at the end. The hackers probably guessed her name, as her email address was exactly [hername]
Bits of the story sounded plausible. My friend has travelled to exotic places and mission trips before. However, I felt the writing style was different. Her English was better than that (though if this was written in a hurry by a starving desperate person, it could still be believable).
To be sure, I forwarded her email to two of her good friends to ask if they had also received the email. Then I sent my friend a message on Facebook, which she had been actively using lately. Other friends also tried calling her. She responded soon enough, and posted a note warning all her friends to ignore the email as someone had hacked into her Gmail account. I know my friend had travelled to the US lately, and possibly to other places as well.
I told my friend to cancel her Gmail account as soon as possible. Who knows what other things the scammers are using her email address for. My friend replied that she was having trouble getting Google to cancel her account, as contacting Google required her to log in! Fortunately, another friend called Google on her behalf and got them to cancel her Gmail account.
In short, we have to be increasingly vigilant now with our login details. We know all about scams and phishing, but it hits home when you see a plea from a good friend asking you to act quickly. As we devise more ways to block spam and identify fake messages, the scammers also re-invent themselves.

Security tips

1. Don’t make your password easy to guess. Try something alphanumeric. Take it a step further – use a mix of upper and lower case characters.
2. Don’t leave your passwords lying around for everyone to see, such as Post-It notes on your computer monitor.
3. Reset your passwords regularly. High security systems usually prompt users to change their passwords regularly. Moreover, previous passwords cannot be re-used.
4. If you’re using a public internet terminal, remember to disable cookies. Don’t click on “Remember me” when logging in. Make sure you log off properly. Clear the history and cache when you’re done.
5. Don’t let people watch you type in your password. Some people tend to hang around when you’re logging in. Ask them to turn away. Or, lean forward and use your body to block their view.
6. If you feel awkward telling people to shove off, one trick is to type wrong characters in between your password, and then delete them. If you can repeat this sequence quickly, all the better. I’ve done this on a number of occasions.
7. Be vigilant about mails asking for password resets. Google and all credible service providers often repeat that they would never ever ask for user account password for resetting purposes.
8. Keep your passwords for email accounts separate from all other social networking sites.
9. Assume that passwords stored on handphones, diaries, documents in laptops etc. will be stolen. If you must write down passwords, use codes that you can remember in place of numbers.
(Any more to add? Do contribute. Thanks to [Ivan]( for contributing points 7-9.)

More warning signs

Lately, I have received an increasing number of password-related requests, particularly from Gmail. It is usually about resetting my password. The emails are in English, Japanese or other languages. Sometimes I also receive alerts that someone’s registered for a new Yahoo! email address and is listing my Gmail address as the backup. Fortunately there is always a link I can click to tell Yahoo! that I did not set up any new Yahoo! email address, and that I wish for my Gmail address to be removed from their records.
Has this happened to you, too? Maybe the scammers are trying to make us the next scapegoats.
I’ve had more than a fair share of scam mail, myself. I’ve not only received emails but [an actual snail mail LETTER]( back in 2003. You can view a [scan of the letter]( which was sent to my office address. I suspect someone used my company name card and sold its details to the scammers. Again, there were inconsistencies in the story that can be spotted if you examine it carefully. The writer claimed he was from Nigeria, but the stamp on the envelope was from Cameroon.
I’ve written this post to warn everyone not to fall for the latest trick in the book. Please keep your passwords safe, and if you receive strange emails from friends, double-check the facts. And, do forward this message on.


Comments are closed.