This one nearly fooled me. (How embarrassing!). And it sailed through Google’s excellent spam filters.
A client emailed:
” I need to get an Ebay gift card for my friend who is diagnosed with Stage 3 metastasized breast cancer, she had lost both parents to the disease COVID-19. It’s her birthday, but I can’t do this now because am currently out of town and tried purchasing it online proved abortive. I was wondering if you could help me get it from any grocery store around you ? and I’ll reimburse you when I get back.”
The language was grammatically correct, the tone was right, email address looked right: her name@ outlook.com. And it’s a clever twist, because she’s not claiming SHE’S sick, she’s doing a kindness for a sick friend.
Only after I’d warned her that these buy-a-gift-card things are a scam, did I notice that it was NOT HER EMAIL ADDRESS (she’s a yahoo user). What does this mean? The scammer has likely accessed her email contacts, created a fake email account that looks right, and is reaching out to everyone she knows.
I’ve said this before, but please: never, ever, buy gift cards on request like this; there’s no way to recoup the money if you give them the card numbers (which is of course why they do it this way). The AARP, of all places, has a good page on this here.
If this happens to you (sent “from you”), the horse is out of the barn to some extent, you can’t un-reveal your contact list: but you CAN:
- warn your friends
- make sure you have two-factor authentication enabled on your email account
- if you didn’t, change your email password