Gone phishing …

Posted on
Apr 11, 2011

Um, no. "Phishing" not "fishing."

I like to think that I possess a healthy dose of skepticism. I never truly bought into the whole “Santa” myth as a kid, though I totally pretended to in order to bond with a friend of mine (my commitment to the Catholic church also had similar origins). I have been known to call shenanigans on people when I don’t believe them – a process that involves, quite literally, me screaming “SHENANIGANS! I CALL SHENANIGANS!” with little regard to volume or social mores.

In short, I’d like to think that I’m not a complete and utter mark (well, mostly).

And yet, and yet, and yet …

On Friday, I woke up in the wee hours of the morning, having just returned from Germany the night before. After three lonely hours on my computer, relishing in the joy of being (I assume, at least) the first person in Seattle to see today’s Groupon offers, I received a chat from a friend of mine, who I shall call L, because really, girlfriend deserves some anonymity after the last few days.

Now, L and I are not terribly close, owing to the newness of our friendship, but I get her, and I have a pretty clear feel for what she’s like and how she reacts to things. Nevertheless, at the time I received her chat, we’d hung out a whopping two times, ever, and we were scheduled to hang out again on Sunday. So even though we weren’t yet at the gmail-chat-level of friendship, it made sense that I was hearing from her to talk about our weekend plans.

She asked me how I was doing, and I told her fine, except that I had been up since 4 am. She noted that things were not going well on her front. I assumed this was a prelude to her having to cancel on Sunday, and I figured that one of her children had gotten sick or something to that effect.

Instead, she wrote that she and her husband had been robbed at gunpoint.

Now, this somewhat snapped me out of my jet-lagged state. I promptly freaked and inquired about the kids and tried to figure out how the hell that sort of thing could happen in Seattle. She didn’t follow up on the kids, but instead proceeded to tell me they were in the U.K.

Wait, what? In the fog of not-enough-hours-of-sleep, I tried to figure out why she was in the U.K. and why she had made no mention of it when we were making our weekend plans. And also, how, exactly, one gets robbed at gunpoint in London when there are no guns in Britain. But the strangest thing was that she wasn’t elaborating on whether or not the kids were okay after telling me she had been ROBBED AT GUNPOINT. I knew her well enough to peg that as being instantly out of character.

“Shenanigans,” a voice whispered quietly in the back of my head.

But no – this was clearly my friend’s account. I had heard of email scams like this, but not scams via chat.

“Do you want me to call Will?” I wrote, thinking of Rand’s London-based colleague who is always reliable in times of crisis (he recently helped a hungover Rand get on a plane after a rough night in New Orleans. Assisting sober people in his hometown should have posed little challenge).

“No,” she wrote. She explained that they lost their credit cards and cash, but still had their passports (and again, the voice in my head said, “Shenanigans,” this time a little louder). Then came the clincher: they had unpaid bills in the U.K., and they needed someone to wire them money – $1750.


My hands were shaking. I was talking to an actual, real-life con-artist. On my friend’s account. The faker proceeded to tell me how she had been hit on the head in the attack and had “brain trauma” and how her husband had hurt his arm (Really? He hurt his arm and you have brain trauma and you’re the one typing? SERIOUSLY?). I asked “her” to hold on, I would check with Rand to see how we could help, and proceeded to bolt down the hall to find him.

I told him how I had gotten a message that our friends had gotten robbed and how they were supposedly in the U.K. and now needed us to wire them money (the transformation of my husband’s face in those few seconds was remarkable – from concern to skepticism in 0.5 seconds. I wish my actor brother had been there to see it). Immediately, Rand got on the phone with the supposed victims, while I continued chatting.

“They’re fine,” Rand said to me, “But L’s account has been hacked.” Obviously.

And then he said the sort of thing every writer dreams of hearing.

“Can you keep the scammer busy for a while?”

Oh, sweet heavenly father, CAN I? Things were about to get fun.

Apparently, L had received a phone call earlier in the night from a worried friend – the scammer had also infiltrated her facebook account, and the friend thought that she been seriously hurt. L logged on, and saw the scammer chatting with her friends – she tried to type over him, explaining that it was all fake, but he kept deleting what she wrote (this, understandably, freaked her out. I’d have peed my pants, personally). They needed to lock him out of both accounts, but were having trouble.

So a distraction was in order.

I kept the scammer chatting and was able to create a rather beautiful soap-operatic tale while they locked him out of L’s accounts. My tangled web included:

  • Insisting that Fake L pray to Jesus and thank him for sparing her life in the attack.
    Me: Did you thank him? Did you thank Jesus?
    Fake L:  yeah … sure.
  • Adding superfluous details that made little to no sense. L’s husband had supposedly hurt his arm in the attack- I noted that this was particularly tragic since he had already lost fingers on that hand (I wanted to go further with this, but didn’t want them to grow suspicious. In real life, L’s husband thankfully has all his digits).
  • Confessing undying love to L, and asking if she felt the same way (the reply: “Ugh?”)

In the end, I am pleased to say that L got the scammer locked out of her accounts. They’re still cleaning up some stuff (and worried about how much information was accessed), but I’m comforted by the fact that anyone who tries to scam people through something so obvious and idiotic probably isn’t a criminal mastermind.

Of course, there’s still a lot to be concerned about. No, the person didn’t do a great job of impersonating L, but they did know her husband’s name, and had access to all her information on Facebook (so theoretically they could have). And apparently all Western Union requires for someone to pick up a wire transfer of money is a friggin name. No I.D., no other means of verification necessary. So while I’ve talked a lot about how not to get robbed while traveling and securing your home while you’re away on a trip, it’s good to remember that there are plenty of other ways you can get ripped off.

As for those of you who do get robbed while overseas, my condolences. If you need help, I strongly suggest you  visit the consulate or call someone collect. An email just won’t cut it anymore.

P.S. – Dick Move, scammers! Though it was really fun messing with you. I suspect you were psyched when you thought I was going to send you some cash.

Leave a Comment

More from The Blog

On Instagram @theeverywhereist