Holidays and long weekends are a popular time for email scammers to strike. Recipients of scam messages are more likely to believe urgent pleas for money or assistance from an acquaintance on vacation who says they are unreachable by phone. Meanwhile, victims are less likely to check their email on their day off to discover strange replies that might tip them off that their account has been hacked and used to send scams to their contacts.
That might help explain why this morning after Independence Day weekend, I have already heard from several people who received an email from a known contact who claims to be travelling and in urgent need of a birthday gift for a relative (warning bells!)
In this scam, the contact asks the recipient as a favor to purchase a several hundred dollars in gift cards and email them to the relative with the promise of repayment as soon as they return from their trip. Of course, many people can identify this as a scam and know that they should not purchase the gift cards (which are commonly requested by scammers in lieu of wire transfers), but a more serious concern is that the sender’s email account has very likely been compromised and used to send this scam to dozens of their personal and business contacts without their knowledge.
Is there anything you can do?
If you ever receive one of these messages from a friend or colleague, you may wish to notify them via telephone (not by email – you’ll see why in a bit) that their email password may have been stolen and their email account compromised. They should immediately change their password, and if they have reused the same password on other online systems, they should change it there as well, preferably using a unique password on every system.
Why not just reply to the email?
In many cases the attackers perpetuating these scams will also create email filter rules to automatically delete or redirect inbound emails to an external mailbox that they control. This prevents the real account owner from being alerted to the compromise and allows the attacker to monitor the email remotely for signs that they’ve been discovered. So after changing the email password, users should also check their email filtering rules for any suspicious rules that were created without their knowledge. Filter rules are a feature that most users don’t access frequently, so these links may help finding the setting for several common email providers:
How can users protect their accounts?
Everyone can follow a few basic precautions that will help avoid a compromised online account:
1. Use a password manager to generate and securely store random, unique passwords for each and every site so that one stolen password does not jeopardize multiple accounts.
2. Enable two-step verification (also known as two-factor authentication) on all accounts that offer it, but especially for email and banking accounts. This makes it much more difficult for an attacker to log in with a stolen password. Instructions depend on your provider, but most email and banking services offer this option now:
3. Never type a password into a website that was accessed via an email link. Attackers steal passwords by forging email from a well-known website with a link to a fake login form. The login page may look exactly like the real site, but the password is sent to the attacker instead. The forgery might even log into the legitimate site afterword to avoid raising suspicion.