Mexican bail bonds
This is priceless. No really, this is a new fraud I had never heard about (OK the principles are nothing new, but the implementation is).
According to the Guadalajara reporter, I presume a respected voice in the land of Tequila, fraudsters have come up with an innovative way to defraud Joe Public and it goes something like this.
Step 1 - Fraudster gains control of an individuals personal email account
Guess you are not surprised by this so far, it could have been Phishing, Trojan delivering key logger or guessing password reset questions.
Step 2 - Fraudster emails all personal contacts stored in the address book of taken over account
OK still nothing new...what happened next?
Step 3 - Email contains an appeal for funds as stolen account individual is in Jail and needs money for bail
So I guess you have got this by now, but to explain fully just in case, perhaps the email looks like this:
"Hi friends, I need your help. Unfortunately I am in jail (again), of course I didn't do it but try persuading the Guadalajara police that. I need your help to post bail, please send whatever you can (at least 1000 pesos) to the following bank account as soon as possible XXXX XXXX XXXX XXXX. Thanks. Jose."
You might think that you would never have friends that would ask you for contribution to help them out of jail and would dismiss it as a scam, so how can his be relevant to me?
Well let's substitute the "bail" request for something closer to home, remember, this is an email you receive from someone you know and probably receive emails from regularly:
"Hi friends, I need your help. I am running the London Marathon this year and I promised to raise £1000, so far I am only at £300 If I don't get the full £1000 there are going to be a lot more homeless children so please donate (at least £10 ) to the following bank account as soon as possible XXXX XXXX XXXX XXXX. Thanks. John."
Sounds more feasible?
How many times do you ignore spam from people you have never interacted with before? Probably always, you don't trust the sender, you don't trust the content.
How many times do you ignore an email from a trusted friend? You may be wary of a opening a file supposedly sent from a friend, but would the above call for help go equally ignored?
There is a level of trust you have established with your contacts which can be so easily abused by fraudsters, Why? Well a user name and password are so easily stolen, we need stronger authentication in the consumer space, but unfortunately it will require scams like this to occur before some businesses and consumers realise that.
