Recently, a co-worker took a vacation with his girlfriend to Paris. The vacation had two interesting outcomes: the first was that during the trip, the girlfriend’s title officially switched to fiancé. The seconds, was far less pleasant: a hacker got into his Facebook account and managed to send desperate requests for help to those in his email contacts list.
The email was nearly convincing. In it, my “co-worker” claimed to have been mugged and left with no cash to pay for his hotel. But despite fact that the security breach occurred in France, the email claimed that the mugging took place in London. It also had just enough grammatical errors to suggest that something might be amiss:
I’m writing this with tears in my eyes,my family and I came down here to England for a short vacation and we were mugged at gun point last night at the park of the hotel where we lodged,all cash and credit card [sic] were stolen off us but luckily for us we still have our passports with us…We’ve been to the Embassy and the Police here,but they’re not helping issues at all they asked us to wait for 3weeks but we can’t wait till then and our flight leaves in few hours from now but we’re having problems settling the hotel bills and the hotel manager won’t let us leave until we settle the hotel bills,we are freaked out at the moment…Well I really need your financially [sic] assistance…Please let me know if you can help us out,Write me back so i can tell you how to get it to me..
So far, my friend says that only one person ended up leaving him a message that she was sending money right away, but he hasn’t been able to contact her to determine whether she actually did so.
He believes it happened at the hotel, which offered customers free wifi. This wifi did not require password, and he thinks that a hacker was able to watch him log on to his Facebook account. The hacker then set up a Yahoo account with my friend’s first and last name. Using that Yahoo account, the hacker sent out emails to everyone in my friend’s Facebook friends list.
He’s urging everyone to avoid using non-secure free wifi at all costs, so I thought I’d pass along the same message.