My friend has started all the appropriate actions to get her money back, including reporting it to the local authorities and all the involved services. She also called me in to assist with forensics. Unfortunately, as I told my friend, the chances of recovering her money are beyond slim. In my 20-plus years of computer security, I have never heard of anyone recovering their money in scams like these. It's gone!
I'm heartbroken that my friend fell for the scam -- just months after recovering from a life-threatening accident, no less. When I read the e-mail exchanges between her and the seller, it was readily apparent to me that it was a scam. But then, if you don't know, you don't know. After seeing so many people ripped off over the years, I understand that these scam artists successfully prey on everyone, including Ph.Ds and Nobel Prize winners. Intelligence has nothing to do with it.
I performed an Internet search of a few of the keywords from their exchange ("escrow," "wiring," and "bad account number") to show my friend how common these scams are. Millions of hits and thousands of stories immediately came up -- so many, it gave me an idea.
If the Internet search engines can readily reveal a scam with a few keywords, why can't the Web e-mail providers? Both Yahoo Mail and Gmail scan users' e-mail messages for keywords, which they use to display advertising on a side column. For instance, my friend's e-mails between her and the seller generated many targeted ads trying to sell her related cars. Why can't those same e-mail scans be used to warn people that they're possibly about to be duped into a scam?
After all, as long as the Webmail services are reading everyone's e-mail contents anyway, why not provide an extra service that might warn of something potentially malicious? It would take a simple extension of the anti-spam services they are already implementing.
For instance, when my friend was writing and receiving messages from the escrow scam artist, why couldn't a noticeable link appear in the side column ads saying something like "Click here for information on scams"? The link wouldn't even have to say why it was placed where it was (because it spotted suspicious keywords) -- just a chance to put out a little knowledge to possibly help someone avoid losing lots of money to miscreants.
I proposed this idea to a bunch of security-minded friends, and immediately, many of them said that a false-positive identification would put the Webmail service at risk of a lawsuit if it made a potential buyer forgo a legitimate sale. I guess that's true.
Ad Choices