This is the collation of last week’s interesting APWG mailthread on getting “Londoned”, when your GMail/Facebook/… account is compromised and all your contacts get a message like:
Hello!
I’m sorry I didn’t inform you about my traveling… am presently in London, United Kingdom on short vacation and as i write to you now.. its unbelievable am stuck here,got mugged at gun point on my way to the hotel and my money,credit cards,phone and other valuable things were taken off me at gun point, thanking Almighty God for save keeping my passport., i really need your urgent assistance quickly ? I JUST NEED SOME FEW HUNDREDS $$$ TO SORT OUT MY HOTEL BILLS AND i promise to refund it back to you once i get home cause i still have some cash in my account but i cant access any here right now ,already canceled all my cards immediately after the muggers took my things off me!!! still at the public internet library where am making use of the free internet access, i will forever be grateful if you can help me,Waiting to hear from you quickly cos my flight leaves in few hrs but need to sort the hotel bills and please save me from been embarrassed.Thanks.
<your name>
Names and places change of course.
The advice given:
1. When your email account is compromised, assume all your accounts are compromised. Most often the way to get back a lost password is through your email account.
2. Try to reset as many passwords as you can PLUS reset the password reset questions. If possible give an unlikely answer (but one you can remember). If you get the option to set up your own question, use an unlikely question.
3. Get in touch with the abuse@ teams at any accounts where you know of compromise. Facebook is familiar with these scams and can undo a lot of the messages being send around.
4. Contact your close friends and family to notify them of what happened (mere acquaintances probably won’t send money), since you’d feel foolish if one was conned.
5. If the password was weak, assume it was guessed. Make sure your new password is a lot stronger.
6. But if the password was strong then it may have been stolen from somewhere else it was used; so you will need to address that. Try to use unique passwords for different services. Your Facebook password should not be the same as your email password for example.
7. If the password was strong and uniquely used, then you need to look for a keylogger somewhere it was used. Think of every machine you logged in from: at home, at work, some pc at an internet cafe? Then reset the passwords from a secure machine! Make sure your update your anti-virus, and run a virus scan (and preferably use a couple of anti-malware scanners too).
8. Time is of the essence. The scammers will try to get as many people to pay up in as short a timeframe as possible. Often they will sell your account information to specialised organisations. And they will try to move the conversation to another email account.
Google then posted an article on how they try to detect suspicious account activity and allow you to deal with it.
A follow-up message might look like:
OMG!!! l’m so glad to hear back from you. £950 GBP will cover all my expenses including my taxi fee to the airport, I promise to refund it to you as soon as I arrive home. You can wire it to my name via a western union agent near you for security reasons cos the name written below is whats on my passport and that can be a mode of identification to pick up the cash at a western union down the road here (faster and more secured).
Here are the details you need to get it to me:
Name:<your name>
Address: 5 Irving Street, London WC2H 7AT
Country:United Kingdom.I still have my passport so I can use it as identification get back to me with transfer details and the confirmation number # to pick up the money with my passport also scan receipt you will receive from the western union canter let me know if you are leaving to WU now.
The value is usually chosen to be below floor limits where strong identification (like a passport) is needed, and as it is sent via Western Union, the address is meaningless, as the money can be picked up at any outlet in the UK.
Hope it may help anyone who fell victim.