“Friend in need” spam campaign

Occasionally, you might receive an email like this one:

Sure, there is a possibility that a friend does require your help, but it is a really small one.

One of CA’s security researchers writes about how he was almost taken in by this scam. Luck would have it that the friend from whose email account the letter was sent does a lot of traveling, so the story of her getting stranded in the UK without money seemed believable.

Luckily for the researcher, he knows that one should be careful when it comes to emails. Taking a good look at this one, he noticed a few things: first, that the “To” line in the email is empty, giving rise to the suspicion that the email was sent in bulk. Secondly, there is no personal touch in the letter, no personal reference or acknowledgement. Thirdly, he was not regularly in touch with his friend – if she was to contact someone with the request, it is likely she would turn to someone closer to her.

One of the usual spam tip-offs – bad grammar and spelling – could be excused since a person in such a distressing situation and writing the email “with tears in her eyes” is likely to make such mistakes.

But, a simple copy-paste of the first few lines of the email into a search engine revealed to him that this was definitely a scam.

Later, when he contacted the friend by phone, she said that she could not access her email because the credentials were no longer working. Her credentials obviously got stolen – probably through a keylogger on a compromised computer – and her email was now used by a scammer.

To summarize: it pays to be a skeptic when it comes to emails and to check things by phone if you’re not sure (friends, banks, delivery services, etc.).