Beware of the stranded man hoax

Did you ever get an email, presumably from a friend or someone you know, with a subject line such as “I’m writing with tears in my eyes?” The email continues with a grim tale of misfortune: Your friend is overseas in Madrid, Manila, Mumbai – or some other location. He has been clubbed and robbed of his passport and wallet. Perhaps his suitcases are being held at his hotel because he can’t pay the bill. All he wants is enough money to get home. He’s desperate. Will you please send him thousands of dollars right away? He’ll refund your money when he gets home. 

But wait a minute! Is this email legitimate? Most likely it’s an example of the common “stranded man” hoax. Probably a con artist sent the email after he hacked your friend’s email account. The con man has also sent the same plea to everybody in your friend’s email address list. Because of the hack, your friend no longer has access to his account. And if you send an email to the account, you’ll reach the con artist who will gladly give you directions on how to wire him money.

The scammer hopes you’ll act fast and send him big bucks. After all, the urgent email comes from your friend’s (hacked) email address, not from that of a random stranger. If you get such an email, first phone your friend and tell him about the email. If he’s not there, call other mutual acquaintances and discuss the email. You’ll probably learn that you were a potential victim of the stranded man con. The FBI’s Internet Crime Complaint Center has 150,000 variations of this message on file. 

Here’s the most common way scammers hack the email addresses they use for a stranded man hoax, according to the FBI: The con artist sends someone an email with an attachment. If the recipient clicks the attachment, watch out! The attachment triggers a Trojan horse program that enables the hacker to see every keystroke the victim makes, giving him access to the victim’s password and email address book. 

What should you do if you get a stranded man email? One good reaction is to simply hit the delete button. A Microsoft blogger suggests an alternative response: have fun with the scammer by writing a reply, such as “How dare you ask ME for help … after all you said about me and my mother.”

Sources: abcnews.go.com, maths.cam.ac.uk and theguardian.com