Dear Mum — I’ve been mugged… help me
I got an email this morning from a friend, a world-renowned security expert, and — dare I say it — an ex-detective.
He was in trouble. In Ukraine. He’d been mugged and lost his money. His passport had been impounded by his hotel, and he was stuck. Could I help?
Well, even Google can recognise a London Scam (Dear Mum, I’ve been mugged in London — please send money); although I personally haven’t seen one for a couple of years now.
But the interesting thing here is that the scammer used the correct email address: firstname.lastname@example.org. Closer inspection showed, however, that the reply address was slightly different: email@example.com.
So what we have is a scammer who had taken the trouble to find a relationship between two people and register an email address close to one of them. We can assume that the real a.person hasn’t been hacked and lost his contact list otherwise the scammer wouldn’t have needed the separate reply-to address. So the question is, how did the scammer tie the two of us together?
Finding my email is not a problem — as a journalist I hardly keep it secret. I would expect the real a.person to be more circumspect, however. And then there’s the relationship. I guess LinkedIn and Twitter serve a few more functions than most of us realise…