Don’t get scammed: friends edition

This is an urgent message for all: beware of this email scam. I’ve taken calls from multiple people this week about this.

Here’s how it plays out:

  1. Person A (a friend of yours; not you, hopefully) gets their email account hacked (possibly by clicking a link in another spam message that looks like it’s coming from Verizon support or something).
  2. Once the hacker is in their account, he can harvest all of the email contacts, or use messages in the mailboxes to mine for addresses. They may set up filters to redirect incoming mail, so Person A won’t initially notice the hack.
  3. You then get a message like this:
Hi, Hope you're good. May I ask a favor, Do you shop on Amazon. Thanks
[Person A's name]
  1. Don’t reply! It’s a scam! Call/text your friend, Person A, and let them know they’ve been hacked. For you, that’s the end of it. Delete the email. If you reply—whether you say yes or no—you may get a reply like this:
I've been trying to purchase a $300 Amazon E-Gift by email, but it says they are having issues charging my card. I contacted my bank and they told me it would take a couple of days to get it sorted. I intend to buy it for my Niece whose birthday is today. Can you purchase it from your end for me or maybe you can get it for me in any store around you, I'll refund it to you once my bank sorts the issue out. Thanks [Person A's name]
  1.  Don’t reply! It’s a scam! And now the hacker has your address, maybe on a list of people to target in the future.

Stop at step 4. Don’t get scammed!

Let me know if you have any questions.