By Frederick Noronha, IANS
Panaji : Goa-based Rudolf Ludwig’s friends started getting frantic e-mail messages about the musician-turned-art gallery owner being stranded in Nigeria and badly in need of money.
His wife Yolanda fielded off telephone calls to their Goa home, explaining that nothing of this sort had happened.
When more friends started phoning in, Ludwig, who was very much in Goa, realised his e-mail account on the popular GMail network had been hacked into. His password had been changed and he couldn’t enter his own account.
Some scamster – probably based in Nigeria – was trying to get Ludwig’s friends to send in $3,500 each, ostensibly to help a “distressed” Ludwig to “return home”.
This new scam has seen bogus e-mails claiming that a common friend is attending a conference in Africa on “Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education”. Then the person – whose e-mail account has been hacked – is portrayed as being stranded in Africa after forgetting in a taxi a “little bag” that contained “money, passport, documents and other valuables”.
Friends who write back to the hijacked account are replied to and told to send the $3,500 urgently.
A mail, sent in by this correspondent, to the taken-over e-mail address draws in a pathetic reply: “I am in so much pain here, the stress is too much for me. I had been trying to find a solution to my passport issue through the embassy; that is why I am not able to reply you on time. I need your help so much and on time to help me out of this place….”
The advice that follows quickly is to transfer the money to one Abdullahi Umar at Victoria Island in Lagos State, Nigeria 23401, using the Western Union money transfer service.
Commented Rajesh Kankaria, one of the techies participating in a discussion over such issues at the India-gii mailing list that looks at Iinternet-related issues in India: “Someone approached me about her friend (a senior scientist) whose account got hacked and received an exactly similar e-mail, saying the same stuff…lost passport…don’t have money…blah blah. It happened with a Hotmail account.”
Comments Sarbajit Roy: “(The person) probably has allowed a key-logger to be installed on his PC or he was careless. India’s IT Act has international scope. It’s possible to contact the state’s IT Secretary who is the ex-officio adjudicating officer under IT Act. The AO has wide powers under IT rules.”
Mumbai-based techie-journo Vicram Crishna says: “I got an alert from (the geek tips site) Slashdot.org the other day, which advised always keeping your GMail account set to https:// (save that in your bookmarks), and never clicking links from within mail but always typing in the address with https:// (this referred to GMail/Google links and not that of other service providers, which may not support https://).
“I am not sure that this will protect you from keylogging, but secure behaviour can become a habit, once you start practising it,” says Crishna.
Keystroke logging (or keylogging) is a diagnostic tool used in software development that captures the user’s keystrokes. It can be used to check sources of errors, measure computer productivity, in law enforcement and espionage and also to obtain passwords or encryption keys and thus bypassing other security measures. Keyloggers, widely available on the net, can also be used by private parties to spy on the computer usage of others.
Some IT experts point out that “hacking” has gone beyond the definition thought of in the IT Act in this fast-moving field. Tech experts in Goa suggest “playing along” with the scamsters and trying to track their phone numbers. Nigeriapolice.org is also seen as one option for taking action in such cases.
(Frederick Noronha can be contacted at [email protected])