Phished!

It was five in the afternoon yesterday and I was waiting for quitting time when I received an instant message from AH, a friend here in Melbourne. I was quite distracted so when she asked what time it was, I answered with the time then asked why she’s asking. I thought she has gone overseas, thus the question with the time. I asked her where she was and she replied that she’s at home and that the clock in her PC seemed wrong. I just read her blog and her last entry was of her having health problems so I rationalized that she might be resting at home and might just have woken up from a nap so she might not know the time of day. She then gave me a link saying it’s a link to her Flickr/Yahoo photo album. I tried the link and was asked to login. I tried to but couldn’t get through. I told AH and she said “sayang” (shame) and when I asked her how she was, she replied that she might have to go off-line soon because she’s talking to someone on the phone.

I was a bit suspicious at this time and noticed that the link she sent me re-directed to Geocities. I was about to change the password to my Yahoo account when a work colleague talked to me. By the time our conversation was over, I have forgotten about changing the password to my Yahoo account and went home. It wasn’t until hubby told me during lunch today that he got a text message from AH that I remembered about the incident. Apparently, someone has hacked into her AH’s account and has scammed her niece to buy pre-paid mobile reload cards and had her niece email the codes.

Most Filipinos abroad retain a Philippine pre-paid SIM card and use this to send text messages back to friends and family in the Philippines. It may not be the easiest but it certainly is the cheapest way to keep in contact with people back home. As the credits in the pre-paid account runs low, the Filipino expat would ask someone back home to buy a reload card in the Philippines and send the code back to them so that expat could use that to add credits to the Philippine mobile account. Thus, it is not unusual request for someone overseas to ask someone in the Philippines to buy them a mobile recharge card and have the code sent. This scammer seems to know this practice and targets OFWs (Overseas Filipino Workers) and their family and friends.

I know it was dumb of me to fall for this kind of scam, I really should have known better. In my defense, I was distracted and this scammer conversed with me in Tagalog/Filipino, so it seemed like it was really AH that I was conversing with. I believe now that this scammer asked me for the time of day to determine my location. If I answered with the current time in the Philippines, I believe he/she would have asked me to buy him/her a pre-paid card. However, since I answered with a different time, he/she would have discovered that I’m located elsewhere and that the best thing to do is to get my Yahoo username and password and then log off as soon as possible.

A couple of hours ago, we received a forwarded email from a friend stating that another Filipino friend, WG, got victimised by the same scam. It looks like this scammer is having a field day with his victim’s friends list and address book and is milking this con as much as he/she can.

As for my Yahoo account, the scammer got to it and I have already requested Yahoo to disable it. I also had to change my email subscriptions and changed my passwords for other sites like banks and other financial institutions, particularly those that send email to that account. My only consolation is the phished account was an old one that I only use for correspondence from when I was still in the Philippines and that the scammer would have limited knowledge of my affairs through what has been contained therein.

As a warning to others, please be vigilant and beware when clicking on a link, even if it looked like it came from a friend. I told another friend today that if I asked her to answer a random question before clicking on a link she sent me that she should just humour me and answer my question. I have been burned and could be a bit paranoid now.

UPDATE: Please see my next post for more information on this incident.

Advertisements
Published in: on October 11, 2007 at 10:30 pm  Comments (2)  

2 CommentsLeave a comment

  1. @alma: That’s okay, I should have known better not to have clicked and logged on anyway. Hope you didn’t keep important personal information in your hacked account.

    Were you able to get your hacked account back? I think you still could if you remember the details you used when you originally signed up for the account. Unfortunately for me, it has been so long ago that I can’t remember those details anymore. I suppose my hacked account is a goner.

  2. Sorry to hear it was my yahoo id that was used to phish you. i my ex-colleague in Manila fell for it and actually spent PhP5k worth of prepaid cards and sent the codes to the scammer.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: