Having several friends whose money was stolen related to Internet and communication tricks, I would like to share details of two such events, hoping that this information will help others not to become victims of similar fraud.
The “hotel attacked” trick
A friend of mine in Phnom Penh, who travels from time to time internationally, lost US$4,000 – well, first his friends lost this, bacause they wanted to help him; now they have to see how to share the damage. I am on his Internet mailing address list. – Many people know about his general work pattern, and so I was not surprised to receive mail from him, saying that he was in France. But I was surprised about the content of the mail, saying that he stays in a hotel which was violently robbed, the phone lines were also broken (so that I could not call back), the hotel had taken possession of his passport as he had no money to pay the hotel bill, and the Credit Card and airline ticket was stolen. Could I please help him to get out of this mess by sending a certain amount to a bank accounted, and he would refund it when back in Phnom Penh again.
This story sounded too strange, so I tried to call my friend in Phnom Penh. Yes, he was at home, but he was wondering why he had not been able to use this e-mail account since two or three days.
We met quickly – we used my e-mail connection to contact the Custoner Support of my friend’s provider, and after clearing some security procedures, we were informed that the password had been changed some days ago, and yes, the account is being actively used the person who holds the present password. This person has, of course, also access to all e-mail stored with this account.
After somebody had gotten access to the password, they changed the password so that the original owner could no longer use this account, and then they had access to all e-mails and addresses. So they were able to invent a story of international travel which sounded credible, and then send an appeal for financial assistance to many addresses in the address book. As I was also on that address list I got to know of the “violent hotel robbery.” A friend in the USA sent immediately US$2,000. The friendly friend got immediately a very nice personal Thank-You letter supposedly from the original account holder, with some additional information composed from the e-mails stored, to make it credible that the mail came from the original owner of the account – and a request to send some more money (as we learned much later), because it was claimed the stolen airline ticket could not be restored, and a new ticket would cost more… So another US$2,000 was sent by another friendly friend, and before anything else could be done, US$4,000 had already been taken out of the bank to which it was sent. There was no way to recover this money.
Other friends were suffering from similar attacks: one Cambodia of considerable social standing was supposed to be traveling in Africa, and a citizen of Sri Lanka was supposedly attacked in a hotel in London. When I got their “Help me!” e-mails, I immediately phoned them, and we found out that it was a scam. Fortunately, one of them had a full copy of his e-mail address book on his computer, so I could use these addresses, from my computer, to warn all persons on his list not to send any money.
The “hospital” trick
Now I learned about another victim in Cambodia, who lost almost Euro 5,000 – about US$7,000 at present rates. – Information had been received that a Cambodian relative had to have an operation in a hospital in Germany, and now needed urgently financial assistance. Arrangements were made quickly at a bank in Phnom Penh, the money was paid in – but then another message came saying that the money had not yet arrived, could they please send more money, using a different transfer procedure. – Fortunately, a second effort to transfer money was not made, but the first Euro 5,000 were gone – having been taken out – at the “recipient’s” side? or already in Phnom Penh? – in several small installments.
What happened, and how could it have been avoided?
The hotel attacked trick makes us ask, of course, how could somebody get access to the password? Only after some friendly discussions I was told by the victim, that he had received e-mail “from his e-mail company” saying that I should send in his address and password, as this was necessary for some upkeep at their server. He did not respond to this, but after they repeated the same request for three days, finally saying his account would be erased if he would not send it immediately, he sent in the password. – Never send your password to anybody!
The hospital trick is even meaner. Who would not want to help a relative who is in a medical emergency? In this case, no e-mail password was stolen, but just an urgent appeal for help was conveyed. Without confirming by telephone with other friends more details, help was initiated – and the money was lost.
How were these criminal activities initiated?
Beyond the considerations how these thefts could have been avoided, there is another, more important and quite difficult question to be faced: How did these problems start? There are millions of e-mail addresses, but how did the criminals select this address which was quite convenient, as the owner was known by friends to travel internationally from time to time. Maybe, probably, somebody close by, who knows about the victim’s situation, took advantage of this knowledge and initiated the fraud. Terrible.
The hospital fraud could not have been initiated, if there would not have been somebody in Cambodia who knows – however vaguely – about a Cambodian relative abroad, in order to make up a credible story about hospitalization and the need for immediate fund transfers. And this informant has also the necessary knowledge and connections to collect the funds as they become available – in Germany, or even before they leave the country, depending on the baking arrangements set up.
In the hotel case, the criminals had some information, but the fundamental error was made by the account owner who gave away his password (in response to fraudulent mail).
In the hospital case, what is more deeply disturbing is that somebody who is close enough to some family members to have – even vague – information, who succeeded to gain the confidence of the victim or his family, so that he could make up a somewhat credible story and get the money. In the case of a violent robbery, the attacker and the victim are not close to each other. In the case of fraud using intelligent tricks, the victim does nor suspect the criminal at all who may be pretending to be friendly and trusted. In addition, in this case, it seems that the victim had also been advised to keep the story confidential.
Fraud happens anywhere, but Cambodia is a very vulnerable country in this strange world, a strange world were Cambodian society is encountering foreign presence more than ever before – with all the facination that can appear. Money can ceate confidence, and money can solve problems. There are foreigners who repeatedly overstay their visa terms, and who can repeatedly buy their way into extensions, just to overstay again – and those who authorize these permits repeatedly, probably have their own personal – financial? – reasons to cooperate. And while small Cambodian local NGOs in rural areas have to fear for their existence because of their weak economic basis while the government plans to introduce more oversight “to prevent terrorists to disguise as NGOs,” foreign nationals can get into the country without employment, paying some fees to set up their presence, buying a house (though this is not legal for foreigners to do, but it happens a lot with the assistance of friendly Camodian citizens acting as go-between), with the money they bring in from whatever origin.
This is the extremely difficult context also of the fraud under discussion here.
There are no easy ways out – surely not just by strengthening a rigid legal environment, but by engaging in the much more difficult exercise to learn how to handle social and human relations in a rapidly changing international environment.
I cannot avoid remembering here also a friend in another country in Southeast Asia, who sits in prison for having misused US$ 150,000, because a “trusted personnel friend” had persuaded him to temporarily help out with funds, to receive later some benefits. He knew this was not completely according to the law, but as it was only a temporary measure – never mind. Now he is in prison for years. He had no bad intentions, he thought he was helping somebody, but actually it was the other way round.
There is no way to simply make sure what is reliable, and what – contrary to all assumptions – is not.
– – – –
Please consider sharing this with many of your friends.