The scammer that almost got me.

The e-mail didn’t initially look suspicious.

And that’s what almost caught me.

Yesterday I checked my e-mail, as I normally do, when I received a message from an old college acquaintance.  We dated a couple of times in college, but it never really worked out.  Mostly because she was into guys that were not named Chuck Miller, I guess.

For purposes of this story, we’ll call her Barbara.  Our paths crossed a couple of times at college reunions, but it was more of a “Hi, how are you,” and that was it.

So yesterday, I received a message from her in my e-mail.

>Hi,

How are you? i need your urgent assistance at the moment please.

Thanks,
Barbara

Okay… I looked at the e-mail.  No weird hyperlinks that would take me to some crazy malware site.  The e-mail address looked legit – there were no weird alphanumeric characters visible.

A quick note back.  “Hey, hope all is well.  What’s up?”

But something didn’t seem right.  My internal alarms were ringing like a tenement fire.

And through my e-mail client, I decided to view the message source.  Adjustments were made to the e-mail you see to protect identities.

Return-Path: <barbara@aol.com>
From: "Barbara" <barbara@aol.com>
Subject: favor
To: chuck@chuckthewriter.com
MIME-Version: 1.0
Reply-To: barbaraa@aol.com
Date: Thu, 22 Feb 2018 16:27:18 +0100
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
X-Antivirus: avast! (VPS 180221-4, 02/21/2018), Outbound message
X-Antivirus-Status: Clean
x-aol-global-disposition: S
X-SPAM-FLAG: YES
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com;
	s=20150623; t=1519313249;
	bh=nvpuxq6Jr1R1xNxQiqLzh0W9YoArdmPpZwPzaRT4Qbw=;
	h=From:To:Subject:Date:MIME-Version:Content-Type;
	b=gmRSfk3EZYB7ZfuLEPIxtdbfw2M6pbt4vVDkV0xor6Ui+2Ytw+AdqwE0c/9YS6YzF
	 xYQ4JOnHxvj+mKU1s/3X9J3Ig6To2ox8UOTvOSSeGg0e+/jmTIjdiM8Zd8vN8t52UB
	 X89vCGyWA/3hH2dAXYHAX1mrZJQa236rsvJYnDY0=
X-AOL-REROUTE: YES
x-aol-sid: 3039ac1afe6d5a8ee15f2392
X-AOL-IP: 154.120.104.84

Hi,=20

How are you? i need your urgent assistance at the moment please.


 Thanks,
 Barbara=20

You dirty son of a bitch.

You’re not Barbara.

Look at the clues.

First off, the e-mail may have come from “Barbara@aol.com,” but the return e-mail goes to “Barbaraa@aol.com.”  Yep.  One subtle change in the e-mail name, means that the response I send to one person is going to another.

Also, the coding of the e-mail content – the text I’m supposed to see – has a =20 in it.  This was created with a fill-in form and generated as a mass e-mail off of Barbara’s address list.  The scammer would harvest Barbara’s address book, spam all her contacts and have any responses forwarded back to a fake e-mail with a slightly altered signature.

I immediately sent an e-mail to “Barbara@aol.com” and let her know that her e-mail account may have been compromised.  Then I changed the password on my e-mail account, just to make sure that whatever I sent didn’t cause problems with MY address book.

A few hours later, I received a message from “Barbara.”  No, not that Barbara.  THAT Barbara.

And it was exactly as I suspected.

Glad to read back from you, please I need your urgent help. I don’t know if you’re aware that am presently in Manila, Philippines for a short vacation and my bank is having some network difficulties. unable to transfer out here and can’t access the ATM as planned. have been so stranded and confused. I’m thinking if I could get a quick loan of $2,700.00 from you or anything you can afford if not all? to enable me to complete my activities here. I promise to refund your money in few days as soon as I return, let me know if i can count on you so I can send you my details.

Waiting to hear from you.

Thanks

Yep.  It’s the old “I’m in a foreign country and I need money to get home” scam.

And trust me.  No Hamilton College graduate would write an e-mail like that.  Come on.  The grammar’s all off.  Punctuation is haphazard.  Professor O’Neill would give that e-mail an “F” and use it for decades in his classes as an example of sloppy writing.  Trust me.  Usually these events get off to an unusual start.

Plus, “Barbara” couldn’t even thank me enough to put her own name on this second e-mail?

I forwarded this one to my e-mail provider to add to their spam and scam investigations.  I’m sure they’ll be contacting “Barbara” about her need for a loan.  😀

As I’ve said before … scammers will do anything to separate you from your money.

Well, it ain’t happening this time.  You dirty scammer.  Go kick rocks.

Trust me on this.  If you see anything that even remotely looks like a message similar to the ones above … look for clues.  Check the e-mail address.  Does it look off?  Does the formatting look strange?  Did your college-educated friend suddenly get hit with a set of old Hooked on Phonics tapes?

And if you’re going to pretend to be someone trapped in the Philippines and needing money from an old college friend, you might want to make sure that the “old college friend” wasn’t one that you dumped and broke his heart forty years ago.

Just sayin’ is all…