Variation on a theme of an email scam

It’s a good idea to be aware of this scam used by email hackers

A couple of months ago I received an email from a client (apparently) that revealed a bit of a twist on a well-known email scam.

This client had suffered an email hack about a year previously (through having a weak password). The hackers must have copied the contents of his Contacts list for future use.

Then they did nothing for nearly a year (zzzzzzzz).

As one of my client’s Contacts, I then received an email from the hackers as in Figure 1. I have, of course, changed the client’s name and email address to a fake one to protect his anonymity.

scam email - 1
Figure 1

Since you know this post is about an email scam. you may already have spotted how suspicious this looks. However, it’s not unknown for clients to send me test email messages, so I just answered it with a simple “yes”.

The scammers then replied with the message shown in Figure 2.

scam email - 2
Figure 2

The fake email address

The email address they have used quotes the client’s name in the same format as his “proper” email account. The domain (“”) is such a common one that it is very easy to just glance at the total email address and accept it as being genuine.

You will also see that the letter “i” in the client’s name is repeated in the fake email address. Presumably the email address with the correct spelling was not available to register at

I don’t know why they spoofed his real email address in the first email and then used a blatantly fake email address in the second, but that is not my main point. My main point is that they sat on my email address for almost a year before trying to scam me. Presumably, they thought that was long enough for me to have forgotten (if I had ever known) that the hack had happened.

They weren’t to know that he is an IT client of mine. Therefore, they wouldn’t know that I already knew that my email address had been exposed in his hack. They didn’t try to scam me after the original hack, so they must have been sitting on my email address for almost a year, waiting for the dust to settle.

Anyway, I strung them along for a bit with disingenuous emails. I made sure I knew what they were up to, and then let them know that I was on to them. For some reason, they didn’t reply after that.

So, the moral of this tale is that if someone hacks your email, please let the people in your Contacts list know about it so that they can be wary of odd-looking emails – even a year later!

Other hints that this was an attempted scam

  • “Let me know…..” – not a “please” in sight.
  • “…currently in the hospital” – surely this should be “…currently in hospital”.
  • Arthritis – why is this capitalised?
  • ..get it.. – horrible, ugly use of English that just looks wrong.

So, add all the above together and think of the person who is supposed to have sent this email. In this instance – no way!

How does the scam they tried on me actually work?

  • Scammer asks mug to buy an iTunes gift card for his/her niece’s birthday. Scammer says he/she is in hospital and all attempts to buy online fail. Scammer promises to reimburse mug later. I think some other gift cards work in the same way as iTunes.
  • Scammer asks mug to email him the code that is on the card.
  • Provided that no-one has already “spent” the code, retailers will accept it without the presence of the card itself.

You might think it would never work, but it’s been around for quite a while so it must still be working often enough to make it worth trying.

PS: the best way to avoid email hacks in the first place is to use strong passwords. See Create and use strong passwords – Microsoft

Image by freepik