Scam spam emails from Nigerian fraudsters are something of a joke in many circles, but the joke turned serious for one family. Now, they’re trying to get back $300,000, while the scammers might be laughing all the way to the bank.
A family in Auckland, New Zealand is trying to get back $300,000 (NZD, approximately $252,450 USD) after a family member’s email account was apparently hacked by a Nigeria-based fraudster. The New Zealand Herald reports that the father is a doctor and that the money had originally been intended for use to buy property in Auckland or Britain.
The doctor intended to make an offer on a British property, and he was relying on his father as a go-between. The deal initially appeared just about done, and the doctor was getting ready to transfer money to a UK account. Soon after, though, it fell apart, and the doctor’s father emailed to say the offer on the property had been rejected.
“He told me verbally to send the money over,” the doctor told The Herald, “but later sent an email saying not to do it as the offer had been rejected.”
Less than a day later, though, another email came through with apparently brighter news.
“Twelve hours later, I got another email sounding like it was continuing on from that conversation. It said good news, the offer has been accepted so send the money through.”
The email apparently provided an account number for the transfer, and the doctor sent the money. Why would he go through with such a massive transaction using just email to confirm? The email scammer had somehow apparently gained access to his father’s account.
“I had an ongoing conversation with who I thought was my father,” the doctor said.
It was a couple of days afterward that he realized, while talking to his actual father, that he had fallen victim to an email scam. The police believe those that perpetrated the scam were Nigeria-based.
As to how the email scammer got hold of the father’s email credentials in the first place, it’s possible that the father simply fell victim to a phishing scam. The scammers might have sent his father’s email account an email asking that he “confirm” his personal details. Such an email might have asked for the father’s password or directed him to a fake password prompt. After that, it was open season on the newly-phished email account.
As anybody who’s checked their spam filter knows, the sort of phishing technique that netted the doctor’s father isn’t particular to New Zealand or even to email. It’s a pretty good rule of thumb that no service you’re a patron of will ever ask you for your account password, mostly because they can access your account by other means anyway. If someone is asking you for your password by email or directing you to a site you don’t recognize, you’re probably getting scammed and should close the window right away.
The doctor admits that he was less than careful in handling the situation, and that he definitely should not have conducted business of this size solely by email.
“My main error was that I didn’t make the telephone call to my dad for confirmation,” he said. “But I’m pretty busy, I don’t have time to speak to my parents on the phone all the time. I think I should have, though.”