I got a nasty unwelcome email on saturday morning

[Alistair Hosie]

It was from my son who is a Doctor in Glasgow saying he was in london and desperately in need of urgent funding to pay overdue bills he needed to pay urgently,and that he was looking for a job and he would pay us back in a week or so.My sons wife also a doctor in Glasgow "both work in different hospitals" never contacted me by phone and in the email it asked me to deal with my sons through email only not telephone .Needless to say I was suspicious I phoned my sons home number at 7.40 in the morniong even though they have a small baby and I was afraid I might wake him .As I thought it was a scam both were just getting out of bed and my son later reported he could not access his own computer as someone had blocked and changed his passwords to his hotmail ETC ETC.Some sicko's out there will rob you blind they seemed to have been reading his mail for a while as they new a reasonable amount of details about him.On top of this everyone known to Russell my son also got a begging letter I hope he was able to contact them to warn them it was a scam I warn all of you to be vigilant and if you get such an email yourself from anyone to beware and don't fall for paying into anyones account.Take care my dear friends Alistair

[Carld]

This is a big scam that is happening everywhere. I don't think the alarm has been spread well enough. I think it ought to be legal to shoot the perps when they are found. Going to trial should not even happen.

I hope none of his friends fall for the scam.

[Fasttrack]

Wow!

That's goes beyond your ordinary scam. Glad you kept your head and phoned your son to make sure, Alistair.

[Jim Shaper]

Passwords are often case sensitive. The best way to do them is using numbers and letters - including a cap or 3. This way even if someone guesses it, there's a good chance they won't know the digits, let alone which is capitalized in the word.

[ckelloug]

If you are on broadband with the computer plugged directly into the cable or DSL modem*, I say you might as well just hand over your valuables as they will be taken from you. This is in my opinion, the number one security risk on the internet today.

If your password bears any resemblance to a dictionary word, it can be broken by anybody with sufficient time. This is a problem with web based services like e-mail etc. It's probably not a problem on your own computer as long as you have a router* between your computer and the internet.

Womens names and womens names followed by numbers are the most common completely useless passwords I saw when I was charged with maintaining my college's engineering workstation lab. A few hours on computers an order of magnitude slower than today's was all it took to get them. In general, if your password is based on any fact which could be derived about you from personal records, it is a BAD password.

*For the geekier types here, I specifically mean a router doing Network Address Translation so your computer doesn't have a globally routable address. For consumer broadband connections, there usually isn't another kind. If you're a pedant with a router that isn't doing NAT, you should be posting your own security tips rather than starting a thread asking whether I know what a router is

[gnm109]

You were wise to phone your son. In such a case, it's advisable to contact the party who is thought to be in need of help for a personal consultation.

If the scammers would only work as hard at a real job, they could be completely self-sufficient without engaging in criminal acts.

[A.K. Boomer]

That's why I keep my e-mail on a POP server --- once I get it from the mailbox its in the house,
Much better than leaving it "out there" for anyone to retrieve.

[Frank Ford]

I've had three friends who've been recipients of that same scam, but perpetrated on the phone rather than by e-mail. How they got the personal info is an unanswered question, but the scammers had a high level of credibility. Fortunately, each of my pals took the time to check out the whereabouts of the person supposedly in dire need of Western Union money orders.

[HSS]

My sister had the same thing happen to her last week, except her email wasn't locked up. Too bad you can't track these scumbags down.

[kendall]

For hotmail, you don't even NEED to know the password, all you have to do is click 'forgot your password?' and you'll be forwarded to a verification form, all
you have to do is translate the captcha

http://en.wikipedia.org/wiki/CAPTCHA

Afterwards you are placed directly into your email account where you can do everything the same as if you logged in normally, even change the password.
No hacking involved at all.

I have a hotmail account, but it's only used for trash, (board signups and other spawn prone processes) not for sending emails.

Ken.