Nigerian Scammers Break Into Your Gmail, Ask Your Friends For Money

Andy logged in to Gmail on Sunday, and his friend Jeff started to chat with him. Things seemed a bit off, but Andy really became suspicious when Jeff asked him to wire $500 to an injured friend in Nigeria. The real Jeff, of course, was off playing XBOX and has no friends in Nigeria. Like the scammers hitting up people’s friends for money via Facebook, thieves can log in to your e-mail and chat accounts, pretending to be you.

Andy wrote:

I screwed around with him a little bit, but in almost no time he had asked me to help him send money to a friend in Nigeria. Really… I thought it was a buddy of his messing around, but it really was someone trying to get me to send money.

I ended up talking to my friend Jeff on the phone a few minutes later, and he was livid. Turns out he had his Gmail window open, was playing X-box and heard the sound pings of a chat. He was pretty surprised to see there was a full conversation is going on. He has since changed his gmail password and contacted Gmail. (Is there an appropriate contact for this type of issue?)

The chat transcript follows, with the different identities of the real Jeff and the scammer Jeff marked. Both of them chatting with Andy at the same time is a bit confusing.

Scammer!Jeff: hello
Andy:: gmornin
Scammer!Jeff: good morning
Scammer!Jeff: how was ur night
Andy:: decent. we had a graduation party for maggie
Andy:: (grad school)
Scammer!Jeff: cool
Scammer!Jeff: wqhen was that
Andy:: it was yesterday (she didn’t walk, we had the party instead)
Scammer!Jeff: ok
Scammer!Jeff: where are you now
Andy:: home
Andy:: playing with Oscar
Scammer!Jeff: oh that nice
Scammer!Jeff: can you help me for just a little things right now
Andy:: ok
Scammer!Jeff: you will help me send 500$ to a friend of mine who his son has an accident in Nigeria ..
Andy:: hahaha
Scammer!Jeff: and its was so very urgent i dont mind given you back with interest
Scammer!Jeff: not funny
Andy:: what’s not funny
Scammer!Jeff: i thought you are laughning about what i said
Scammer!Jeff: will you go out and help me right now and send money to him ….. by money gramm
Scammer!Jeff: its very urgenmt
Andy:: its a line from your favorite movie. Aliens 5, remember (I was trying to test him here, not very original, but I wanted to be complete obvious, just incase my buddy Jeff was just hungover or something)
Andy:: maybe you don’t remember???
Andy:: how was your friend’s son hurt?
Scammer!Jeff: yes i dont
Scammer!Jeff: on his ways to airport . cause he study at UK
Scammer!Jeff: so he got an accident
Andy:: that’s terrible!
Andy:: how can I help? (Now I realize it truly is an interloper, and not the real Jeff being goofy, so I play along)
Scammer!Jeff: now they need money there to buy ticket so he can be transfer to Uk and he can take a proper care over there than Nigeria … so i need you help me send him 500$
Andy:: actually I have a shitload of band-aids and morphine. I could send that instead
Scammer!Jeff: you send the money through money gramm
Andy:: what about paypal
Andy:: or moneysukdikexpress.com
Andy:: that is the fastest way to send money
Andy:: once I deposit the funds, you can print it out of any color printer
Andy:: and its real mney!
Actual!Jeff: Andy? ya here? (This is where my real buddy Jeff chimes in)
Actual!Jeff: Someone is talkin as if they were me?!!!
Actual!Jeff: WTF
Actual!Jeff: this is scary man. Just yesterday someone hacked my PayPal
Actual!Jeff: now someone is talking in Gmail as ME
Andy:: yeah dude
Andy:: I can send you the transcript
Actual!Jeff: Im seeing it
Actual!Jeff: fucked up
Andy:: i had heard of this on Facebook, but not through gmail
Actual!Jeff: yeah like I saw words coming up from ME just now, but Im playing a damn game
Andy:: unless you’re pretending to be Jeff, and you still want my money
Actual!Jeff: no this is the real Jeff
Actual!Jeff: now anyways
Actual!Jeff: what should I do>
Andy:: tell me who is the 44th president of the united states
Actual!Jeff: oh jeez hell if I know. Try another toy related question
Scammer!Jeff: am not at home (This is obviously the hacker again)
Scammer!Jeff: i told you
Scammer!Jeff: DO YOU WANT TO SEND THE MONEY THOUGH PAYPAL ??
Andy:: oooh I love paypal
Scammer!Jeff: okay will is better
Scammer!Jeff: i will ask them if they can accept paypal insted of money gramm
Scammer!Jeff: that is better
Andy:: hoooray
Andy:: hooray for paypal
Andy:: hooray for your friend’s son
Andy:: may he get laid soon
Actual!Jeff: dude whoever is preytendingto be me, fuck off
Andy:: so where do I put the money? This is the first time I’ve used paypal
Andy:: do I put it in the disk drive
Scammer!Jeff: i will send you the paypal when i got it from the friend
Scammer!Jeff: so you can send the money through paypal

Jeff knew that his new chat buddy’s poor English and mention of Nigeria were red flags, and talking about things that only his friend would know, and that couldn’t be learned from a cursory scan of his e-mail, was a wise move.

Change your e-mail and chat passwords to something difficult to guess or crack in order to protect yourself from this scam. If anyone’s going to beg your friends for money, it should be you, amirite?

(Photo: Spencer E Holtaway)

Comments

Edit Your Comment

  1. rpm773 says:

    Idiots. The scammer over-played his hand when he mentioned “Nigeria”.

    • ekthesy says:

      @rpm773:

      Seems like the scammer would have to get the money sent to Nigeria, as that’s where he’s based. To concur with your card-playing metaphor, perhaps he went all-in too early with it.

    • Cocoa Vanilla says:

      @rpm773: Yeah, the scammer’s an idiot. He can have the Western Union payment sent anywhere. No restrictions on where it can be picked up. The only potential problem is the currency but even then it’s easy enough to get it converted. Andy could have baited him some more, but seeing as Jeff’s Gmail probably had Andy’s details (name, address, phone number) it wouldn’t be a good idea.

  2. AstroPig7 says:

    His friend could have suddenly developed a brain tumour that caused severe aphasia and wanderlust. This is a serious condition that normally requires $500 to remedy!

  3. Hobz says:

    You know, a small thermal nuclear device could correct this problem…

  4. Cocoa Vanilla says:

    LOL at “do I put it in the disk drive.” Thanks, Andy, for giving me something to use on other scammers!

  5. NotChoinski says:

    If the scammer had a better command of English, or worse, was an American with basic cultural knowledge, he could do more damage.

    I had the same thing happen to me about three weeks ago, to my Hotmail account. Once in, they change not only the password but all the secondary ‘if you forget your password’ data.

    The scammer broadcast a form letter to my 10 years worth of collected email addresses. It was convincing enough to have at least six people call my house to confirm – at 7 f****ing oclock Sunday morning. Some people entered a dialogue with him, and the command of english fell off dramatically from the already suspicious letter. Some freinds were asking questions to verify (‘Where did we have dinner yesterday?’) and if the scammer wasn’t so lazy – he could have simply read the pile of emails he was sitting on to get the answer.

  6. chris_d says:

    LOL @ Andy:: or moneysukdikexpress.com

  7. Lukecadet says:

    You might want to check your computer for viruses and spyware. You mentioned issues with Paypal also. They many be getting your passwords from a key logger or other program so that even when you change them they will get the new ones.

    • kbarrett says:

      @Lukecadet: More likely he re-used a password repeatedly, and it got sold as part of a password/email pair list.

      Have three levels of passwords:

      level one: a throwaway that never changes, used for web forums and non critical stuff.

      level two: a better one, used only for email accounts.

      level three: the one you use only on your home PC … and a second one only for online banking.

  8. starzshine says:

    I don’t understand why the scammer continued to talk when the real Jeff realized what was going on. The scary thing to me is that scammers still use tactics like this, that means there has to be people out there who actually fall for that crap.

    And seriously, Nigeria? If you’re lying about everything else, pick a new country! Nothing sounds worse then “can you send money to Nigeria.” (I feel a little bad for people who are actually in Nigeria trying to do legitimate business because of this)

    • BfloAnonChick says:

      @starzshine: I call shenanigans! No one in Nigeria is trying to do legitimate business!

      BAC

    • korybing says:

      @starzshine: I thought the same thing. Nigeria is the stereotypical “scammer” location, to the point that I can’t believe scammers are still trying to use it to dupe people. Why are there so many Nigerian email scammers? You’d think other countries would try to get in on this action by now.

      • econobiker says:

        @korybing:

        Why are there so many Nigerian email scammers? Because it is a local industry that is hugely successfull for a country that the average legal salary is about $200 per year.

        You’d think other countries would try to get in on this action by now. They try but something about laws usually catches up to them.

      • mellemelle says:

        @korybing: Nigerians do it because its the easiest thing to dupe Americans out of their money. If it wasn’t so successful, don’t you think they would stop what they’re doing? Plus they send out MASS emails and out of 100+, 3 or more people fall for it. I think the reason people aren’t realizing that it is all too easy to be scammed by people who are not American is because people in the US are ALWAYS underestimating people from other countries–the more they do that the more money they will lose.

    • catastrophegirl chooses not to fly says:

      @starzshine: i use gmail chat with my sister when we are each at our respective workplaces. sometimes her husband logs into her laptop at home and her gmail chat automatically opens. so he thinks i am talking to him and answers. i can see his answers and hers, each of them can only see their own and mine.
      so in gmail chat, the scammer was able to be logged in while the real jeff was logged in but the scammer couldn’t see that the real jeff was answering too

  9. Subliminal0182 says:

    I have my hotmail forwarded to my gmail (for access on my G1). Yesterday, I received an email from postmaster@mail.hotmail.com saying that the mass email I had sent to my contacts had bounced back (I sent no such email). Although it wasn’t Nigerian, it was to some scam website in China.

    I’ve changed my passwords and stuff, but still don’t understand how this could’ve happened!

  10. logicalnoise says:

    be happy you can even login into your gmail accounts. My account got hacked by a webcam scammer and he changed the password. luckily it was my spam bucket account and not my actual business account. Google was nice enought o let me know that they were powerless to stop teh hacker since I couldn’t recall the last 5 emails I sent with that account sicne I never use it to send any actual emails.

  11. morkus says:

    Lots of folks don’t take advantage of this, it seems, but one way to keep your PayPal account from getting hacked (as Actual!Jeff mentions in the transcript) is to enable sending a security key via SMS to your phone. You don’t need the key fob and it’s free to set up. Then, to log in, you’ll need your username, password, AND your cell phone to get a one-time single-use six-digit key from paypal, which is only good for one minute. It’s great and not inconvenient if you’ve always got your phone with you.

    • RandomZero says:

      @morkus: That sounds like wish-it-was-two-factor authentication to me. How do they know what phone to SMS the key to? Presumably, there’s an account option where you enter your phone number, yes? If they got in via anything other than brute-forcing the password, this does no good. True two-factor authentication isn’t vulnerable in this way and is decidedly worth the $5 or so it costs. I wish it were an option anywhere you’re handling money like this.

  12. goodpete says:

    Chances are the PayPal “hack” and the Gmail “hack” are related. Someone probably got hold of his Gmail password (spyware maybe) and then used that to reset his PayPal password (assuming the PayPal account uses the Gmail address for the login). It might be that the scammer was back for more information (another reset password?) when he decided to indulge his compulsive stupidity and try to scam one of this guy’s friends.

    The rate of evolution for these idiots is pretty slow (thank God). But they do seem to come up with new tricks here and there. This is pretty much the equivalent of those “Help, Grandma, I’m hurt and stuck in mother#&^$ing Canada!” scams — [consumerist.com]

  13. PSUSkier says:

    “Andy:: tell me who is the 44th president of the united states
    Actual!Jeff: oh jeez hell if I know. Try another toy related question”

    This is the best part of the article.

  14. farcast says:

    Same thing happened to my wife on Facebook chat. “Help! I was robbed and am stuck in London and need money for a return ticket!” Kind of freaky someone chatting and pretending to be her friend. Not sure why this scam’s not making the news…

    [blog.thekbuzz.com]

    • JuneCarter says:

      @farcast:

      I too was hacked on Facebook last week. Someone was sending my friends IMs saying I had been held up at gunpoint in London and needed $600. My friends didn’t fall for it, particularly because they said the “fake” me was incredibly belligerent when they didn’t respond.

      Anyway, Time Mag did do a story on this recently: [www.time.com]

      • edwardso says:

        @JuneCarter: I’m suprised anyone would fall for that type of scam. If I don’t know my friend is in London they sure as hell aren’t close enough to me to get money

  15. coren says:

    It should read that Andy tested his new chat buddy, not Jeff (Jeff being impersonated and all)

  16. dangerp says:

    The same thing happened to me last year, where my “brother” started asking me for money. I immediately called him, and walked him through changing his password, and changing his gmail to https only.

    Consumerist, please advise people that password hacking is not the only way to compromise a gmail account. Cross site scripting is also effective, and the easiest way to prevent it is to go into your gmail settings and set it to use https only. I’m not sure if you would be safer using a more secure browser like chrome or firefox, rather than IE.

  17. Lee Dickey says:

    I doubt just changing his passwords will work in this case. I would not be surprised if there is a keylogger on his computer explaining how his paypal also got hacked. If it were me, I would do a format and reinstall of that computer right away.

  18. J Rob Taylor says:

    FYI, Gmail has a built-in “Last account activity:” indicator at the bottom of the screen. When you click on the “More” link, it gives you a breakdown of other active Gmail sessions under your account, as well as a history of recent sessions. In the history, it’ll give you IP address and the Date/Time of access.

    It also allows you to sign out of all other Gmail sessions from the session you’re currently using. Nifty stuff.

  19. pythonkid says:

    Why is it always Nigeria? Why cant some Somoli pirates try this?

  20. jackelmatador says:

    Also remember Gmail provides easy automated password recovery. Make sure you change your security question to something completely impossible to guess. And make sure you don’t have it forward an automated password reset to another email account, just in case that one is the one that got hacked!

  21. mgy says:

    I say we take off and nuke Nigeria from orbit. It’s the only way to be sure.

  22. Karl Kvalvik says:

    Can we cut that whole F*cking country off from our DNS servers alerady?

  23. axiomatic says:

    LOL good luck Nigerian idiots in getting a single penny from anyone I know….

  24. Winteridge2 says:

    sounds to me as if both Jeffs are scammers. Who is #44?
    Next time just put a $500 bill on your scanner and fax it to him. quick & easy!

  25. trujunglist says:

    Why are these scammers so freakin’ stupid? I mean seriously, do they honestly think that what they’re typing is fluent English or something? You know, even though I’ve taken several years of German, I don’t think I could pose as someone’s German speaking friend and be anywhere close to believable. That is the only way I can fathom how this happens. Even though the scammer sees different syntax and spelling and they probably don’t speak English very well, they assume that their English will pass.

    • AngryK9 says:

      @trujunglist: To someone who doesn’t speak English, they would have no idea that Babel Fish does not translate to perfection. :p For example, translate the phrase “This is not perfect English” to Italian, it gives “Ciò non è inglese perfetto”. I don’t speak Italian, so I have no clue if that is correct or not. Translating it back to English gives “This is not English Perfect”

  26. AngryK9 says:

    I don’t have to worry about my friends begging me for money, because they know I have no money to give! And my friends don’t have to worry about me begging for money, because they know that I know that they have no money to give!

    Seriously, I tell anyone I know that if they ever need money from me over $50.00, it will be handed over face to face. If it is physically impossible to do it face to face, then they need to call me directly from a telephone number that I can see on caller ID. Fortunately I only know one person that hits me up for money all the time and she ony nickel-and-dimes me rather than asking for hundreds at once.

  27. howie_in_az says:

    At the bottom of the GMail screen is a little line that says something like

    “This account is open in 1 other location (255.255.255.255). Last account activity: 40 minutes ago on this computer. Details”

    The ‘Details’ link will take you to a new page where you can forcibly sign out the other sessions. Change your password prior to doing this.

  28. drjayphd says:

    I’m sorry, but we all know the real money shot in that conversation was:

    Andy:: actually I have a shitload of band-aids and morphine. I could send that instead

  29. ninjatoddler says:

    The scammer forgot to mention that the “son” was actually, a “Nigerian Prince.” What a noob. Everybody knows that “Nigerian Prince” is the keyword to reel in the dough.

  30. INsano says:

    “Andy:: tell me who is the 44th president of the united states
    Actual!Jeff: oh jeez hell if I know. Try another toy related question.”

    /facepalm