There’s an email scam that’s not new, but a lot of people have not heard about it and it has some elements that make it seem very legitimate. I was a target in this scam recently so I’m laying out the details here so you can avoid being taken.

This is the email that was sent to me:

The interesting thing here is that this email actually WAS sent from the email account of my friend (for the purpose of this blog post, I’ll call him Steve). Steve either inadvertently revealed his email password at some point, or (more likely) the password he used when he created his account was a simple one and easy to remember. This means it was also easy for the scammer to guess.

In this situation, I know Steve primarily from church. He also owns a local business. We definitely don’t have the type of personal relationship where he would ask me to loan him money. Because of that, and the fact that I have heard of this scam before, I knew it was not a legitimate email.

The first thing I did was to call Steve’s office and make sure he was aware of what was happening. But beyond that, I wanted to “play along” with the scammer and see how it played out. I replied to the email:

Not too long after that I get the whole scam story:

Poor Steve. His mother is dying and he is without the needed funds to pay the doctors to save her life. There are a few things about this email that are important to note:

He is specific about the name of the disease – this makes it sound more legitimate He is appealing to my sympathy – if I don’t help, his mother may actually die The loan request is not because he’s broke, but because he’s in a temporary difficulty There is a sense of urgency – I must make a quick decision The request for privacy – this makes sense because of the nature of a request to borrow money, but in reality he doesn’t want me to check around with any of our mutual friends and find out that the whole story is a fake He has not yet stated a dollar amount. This is because A. He wants me to agree to the loan first, and B. He’s judging by my communication how much money he should ask for

So I respond:

I really wanted to see if he would give me a dollar amount at this point. When I ask him directly about this, it would be difficult for him to avoid the question because obviously the hospital or doctor would have already told him how much is needed for the medical procedure. Also, I played dumb about the actual money transfer process – in almost every case it’s through Western Union since that’s worldwide and cash can be retrieved anonymously (which is why scammers love Western Union).

He replied:

As predicted, he requests that I send the money via Western Union. If you send someone money via WU, then realize later that it was a scam, there is no way you are getting that money back. It’s like walking through a crowd in Times Square and handing people $100 bills – you could never hope to get anything back, or even know who actually ended up with the money. It’s just gone. He’s asking me for 2000 pounds – roughly about $2800 in US dollars.

Usually when I’m stringing a scammer along, this is where the story ends. Obviously I’m not going to send the money and he doesn’t want to waste any more time on me since he is playing with a bunch of other targets at the same time. But I wanted to see how he would react if I told him WU was not an option. I told him I didn’t know how to use Western Union and asked if there were any other way to get the money to him. He replied:

Ah, here we go. He’s hinting that there may actually be a way possible other than Western Union. In reality, what he is suggesting is really silly though. He’s supposed to be in a foreign country, without any resources, and yet he’s saying that in this strange city he will be able to locate someone who has an offshore account and can receive the money from me, then transfer the money to Steve after deducting a commission. Pretty unlikely scenario, but at this point he probably figures he has nothing to lose since Western Union is out of the question.

So I told him yes, please set it up. Shortly after that, he emailed me with the new arrangement:

I have to admit, I was a bit surprised to see this. He has apparently given me an actual bank account number with Bank of America. This doesn’t quite make sense, since obviously a bank account can be traced back to a person. I reported the incident to Bank of America but I never heard back from them in any way (not a big surprise).

What I suspect is that the actual account holder is also being scammed. The scammer could have gotten her account number from a check or by some other means, and he is playing a scam on her such that she will be expecting $5000 to be deposited in her bank account for some type of purchase, then she needs to forward on $3000 to the scammer via Western Union.

There are a lot of different ways for this to be explained, but that’s where it ended for me. Heard nothing more from the scammer, and I guess Bank of America can’t be bothered with something so trivial as this.

Think about this from Steve’s point of view – he has no idea anything unusual is happening until he starts getting phone calls from a bunch of his friends asking about this. But what if he has 300 friends in his email contact list? They will all get that same email. And even if most of them realize it’s fake, all it takes is ONE person to fall for it and the scammer has had a very profitable day.

The keys to remember from this situation: