Rated PG: Beware of Philippine email scam

Log in to save this page.

I've known Debbie Ritschel a long time and have always found her to be pretty darn smart. At the very least I was sure she's literate.

So when I got an e-mail purporting to be from her that asked me to send her money so she could return home from a trip to the Philippines — during which she was mugged and robbed of all her cash and credit cards — it didn't take me long to figure out it was a scam.

After all, Easter was misspelled in the header and the language and grammar used throughout the email was not exactly the best. It read:

"we had a visit to Manila Philippine, unannounced some days back, Unfortunately we got mugged at gun point last two nights.

"All cash, Credit card and cellphones were stolen,It was so traumatic,Thank God we have our life and passport saved,we have been to the embassy they are not 100% helpful so i concluded that returning back home will be the best option. we also have limited means of getting out of here,as we have canceled our cards So i won't get a new card till i get back home.

"I really need your support & assistance as my flight leaves in few hours,but i have problems checking out of the Hotel,as i need to sort out some bills, Wondering if you could loan me some few bucks to sort out the hotel bills and also take a cab to the airport. Let me know what you can do..

"Awaiting to read from you soonest,"

It was signed in Debbie's name and even gave her address, which was the only thing about it that caused me the briefest pause that it may have been legitimate. But then I noticed the email address at the bottom misspelled her name; I really don't think that would have happened had it really been Debbie sending it.

She didn't answer my call, so I checked with other friends and email contacts and many had received the same e-mail. None believed she'd gone to the Philippines.

Debbie called me back Wednesday and confirmed the worst scenario in this type of situation: She'd been hacked and the scam artist(s) had seized control of her entire email contact list. For somebody like Debbie Ritschel, retired general manager of the Peoria Civic Center and well-connected Central Illinois civic leader, that would be a pretty substantial list.

"These guys are scum, whoever they are. I'd love to find out, though," said the obviously perturbed victim of email hackers. "The first giveaway to me was that Easter was misspelled and then the language. I was an English major. I don't think I'd write something that poor."

Ritschel said once she learned of the scam she tried to alert those on her contact list was found the hackers had seized it, blocking her access to it. She immediately reported the situation to Yahoo, but has learned it will take a while before she gets her list back to the way it was.

"It's not the end of the world and nobody got hurt. It was nice to find out how many people were concerned about me, even though none of them sent money," she joked. "Seriously, though, people really need to educate themselves as to how this can happen so they can avoid it."

One can find all kinds of information and advice about the scams and how to watch for and avoid becoming a victim of them on the Internet. I found some information put out a few months ago by Nightline that I thought was concise and helpful.

From Nightline:

"So how do criminals get your email password so they can get into your email account and attempt to scam your contacts? We asked Cyber security guru Dan Clements, who told us there are four key ways:

1. Trojan programs: If you click on an attachment in an unknown email, it can trigger your computer to download a "Trojan" program that then allows cyber criminals to see every key stroke you make –including your email password.

2. Password breaker program: Often called a "brute force program," this is software bad guys use to try every combination of numbers and letters until they hit on your password.

3. Email addresses used as logons: You know how many websites have you set up an account using your email address as your User ID? If you then use the same password for that account that you use for email, criminals have what they need: your email address and your password.

4. Insider theft: It's less common, but there have been instances where employees at internet companies stole customers' email addresses and passwords from internal servers.

How can you protect yourself?

Don't click on attachments in emails from strangers. Create complex passwords that are random combinations of letters, numbers and symbols and use a different password for each account you create. If a website gives you a choice of using your email address as your User ID or some other ID, choose the alternate."

Sounds like pretty solid advice to me. I'll be making some immediate changes to my own accounts. In fact, I'm going to follow some other advice I read, which is to periodically change the passwords to your accounts.

I don't want to be a victim. Do you?

About the Author
Paul Gordon is the editor of The Peorian after spending 29 years of indentured servitude at the Peoria Journal Star. He’s an award-winning writer, raconteur and song-and-dance man. He also went to a high school whose team name is the Alices (that’s Vincennes Lincoln High School in Indiana; you can look it up).