HHaammooddiiaa MMaaggaazz iinnee Ju l y 28 , 201014

HHaammooddiiaa MMaaggaazz iinnee 17 Av 5770 15

I realized that something was amisswhen I received a phone call from anacquaintance of mine who lives in

New York. “Oh, Debbie!” she began.“I’m so relieved that you managed to gethome to Yerushalayim. I was reallyworried about you.”

I had no idea what she was talkingabout. I hadn’t gone anywhere, exceptshopping at the local grocery store. Sowhy was she so concerned about mywelfare?

“I got your e-mail, but I wasn’t able tohelp you. I’m sure glad someone

did,” she continued. “What ahorrible experience to go

through! You must betraumatized.”

The conversation wasgetting “curiouser and

curiouser.” It didn’t take long,

however, for me to figureout what had happened.

Someone had hijacked an e-mail account that I rarely

use and had sent thefollowing letter to my entire

list of contacts:

I’m sorry for this odd requestbecause it might get to you too

urgent [sic] but it’s because of thesituation of things right now. I’m

stuck in London, U.K., with familyright now. We came here on vacation.

We were robbed, the situation seemsworse as our bags, cash, credit cards

and cell phones were stolen atGUNPOINT. It’s such a crazy

experience for us. We need help flyingback home, the authorities are not being

100% supportive but the good thing is thatwe still have our passports, although wedon’t have enough money to get our flightticket back home. Please, I need you to loanme some money (1,000 British pounds) butI will appreciate any amount you can helpwith. B”H I will reimburse you as soon asI’m back home, I promise.

Debbie

After reassuring my friend for theumpteenth time that I really was fine, Iturned on my computer to check my e-mail. I wasn’t terribly concerned. Afterall, over the past few months I hadreceived several letters similar to thisone, and each time I had recognized it asa fraud.

Opening my current account, I foundseveral e-mails from friends informingme that someone must have hijacked anold e-mail address of mine, one that Irarely use, because they had received theabove letter originating from thataddress. In addition, I received half adozen e-mails from concerned friends,asking if I had arrived home safely.

CYBER CRIME Thanks to today’s technology, it’s

easy for hackers to get a list of e-mailaddresses, use a software program tobreak the password and look for suchpersonal information as where theirvictims went to school, their children’snames and the names of the schools theyattend, their spouses’ names andpersonal information, and their medicalproblems. The list is endless.

Armed with that knowledge, they areable to worm their way into the victim’sonline social circle and con him or hisfriends into doing anything fromdonating money to bogus charities totaking out nonexistent mortgages (andpaying a large retainer fee to do so) “tostay afloat in today’s precariousfinancial climate.”

This type of fraud is called “phishing”because the criminal randomly searchesfor information and uses it to lure whathe hopes will be a “big fish” to take thebait. The word was coined by thecriminals themselves when, in 1996, they“phished” the World Wide Web forpersonal information and used it tosupposedly “secure” but actually hijackAmerica Online accounts.

Although e-mail fraud is a fairlyrecent phenomenon, most instances arenothing more than sophisticated

By Debbie Shapiro

HHaammooddiiaa MMaaggaazz iinnee Ju l y 28 , 201016

versions of the same schemes that havebeen around for years. Most internetscams are similar to the ones promotedby direct mail and classified ads, too-good-to-be-true schemes such as low-interest loans (“Just send $30 to secureyour credit”), easy work-at-home offers(“Make hundreds of dollars a daystuffing envelopes; send $45 to learnhow”) and nonexistent lotteries (“Sendus $700 handling fees to receive yourwinnings”). But since all it takes is aclick of the mouse for an e-mail to reachhundreds of thousands of people, evenif most are savvy enough to stay awayfrom the bait, the small percentage whodo bite add up to large numbers.

The criminals are amazingly creative.One florist engaged in lengthy e-mailexchanges with a client who appeared tobe ordering flowers for her wedding.“She was very particular that everythingbe perfect. She loved lavender and wasexcited about the wedding; she seemedlike the typical bride,” said the florist.About a week before the wedding, she“accidentally” overpaid the florist andasked him to return the extra money toher by wire, which he did. But the checkhe had received was from a nonexistentbank, and the “customer” disappearedinto the fog of cyberspace.

In what can only be described asincredible chutzpah, one widespreadscam involves official-looking lettersthat appear to have been sent from theFBI’s online site, informing the recipientthat he will face prosecution unless herepays an illegally gained sum ofmoney. Criminals stealthily enterpeople’s e-mail accounts anduse their address to send e-mails containing a link to abogus site.

I recently received threesuch letters, all from people Iknow and trust, each onepurportedly containing a linkto the sender’s personal photoalbum. Had I clicked on thelink, the computer would havedownloaded a malicious spywareprogram that would have given the

criminal access to all the information onmy hard drive.

Once a criminal has access to avictim’s personal computer system, hecan use that information to rob thevictim of his identity, empty his bankaccounts, max out his credit cards, andapply for loans and mortgages in hisname.

THE NIGHTMARE BEGINS When I tried to log into my second

account, from which the fraudulentletters had originated, I discovered thatthe hacker had changed my password. Ittook me several e-mails and anothertwenty-four hours before I was able toobtain a new password and gain accessto the account.

The first thing I did was check myinbox. No one had responded to thehijacker’s bait. But then I tried to send ane-mail warning everyone that the letterthey had received was a fraud anddiscovered that my entire contact listhad been erased.

Something didn’t seem right. Thecriminal had sent letters to my entirecontact list; some should have bouncedback. I searched my account anddiscovered that he had arranged for allmy incoming mail to be forwarded to hisaccount and automatically deleted frommine. Luckily for me, my e-mailprogram saves all deleted mail in aspecial trash box for one week beforeerasing them. That trash box was packedwith dozens of deleted letters.

I started reading the deleted mail.Five people had responded to the

hacker. Two apologized for not beingable to help; three offered to sendmoney.

I spent the next twenty minutesreading through dozens of e-mails,many of them sent within seconds ofeach other, and contacting the threewonderful, caring Jews who barelyknew me but honestly believed I hadbeen traumatized and were willing tostretch themselves financially to come tomy assistance.

As the editor of an outreach site, I hadhelped Reuven* on his path toYiddishkeit. Now, to help “a chashuvaRebbetzin,” as he put it, he dipped intohis savings and sent “me” $1,800, whichhe was never able to retrieve. Yaakov,*with whom I had been in contact as partof my editorial duties, wired me $500.Baruch Hashem, he was able to cancel thetransfer before the thief claimed themoney at the Western Union Office.Dovid,* a fellow writer, was also readyto empty his bank account for me in mytime of need. Fortunately, he noticedsomething suspicious and sent me an e-mail asking that I verify my request witha phone call.

DEALING WITH THE LAWI spent the rest of the night

responding to phone calls from worriedfriends, speaking to the three peoplewho had responded to the hijacker’sletter, and trying to contact the police inLondon, the FBI in America, and thefraud unit in Israel. But because thecrime spanned several countries (I wasin Israel, the people who responded to

the criminal lived in threedifferent American states,the money was wired toEngland and, as we laterlearned, the e-mail was sentfrom Nigeria), it came under

no one’s jurisdiction. In the end, I filed a

complaint with thefraud department of the

Authentic-looking checksreceived by Reb Meir fromthe scammers.

HHaammooddiiaa MMaaggaazz iinnee 17 Av 5770 17

Israeli Police, but even as the detectivetaking my complaint forwarded theinformation to Interpol, the world’slargest international police force, hewarned me that the chances of catchingthe criminal were almost nil.

Reuven, who had sent the hijacker$1,800, filed a complaint with his localpolice department. Their initial reactionwas to suspect that I was the scammer.Later, the Baltimore branch of Shomrimput him in contact with cyber detectiveSergeant L. Gary Yamin, whodetermined that the e-mails hadoriginated in Nigeria.

“But the police department will onlyinvestigate fraud involving a loss ofover $10,000,” Yaminexplained. Although all ofSergeant Yamin’s e-mailsconcluded with the words “It’sall fun and games, until the copsshow up,” we were quicklylearning that the fraudsters wouldhave lots of fun and games sincethe cops would nevershow up.

TO BE A JEWWhat really confused

my friends was thehacker’s ability to speak like a Yid,although, as Dovid later explained, “itdidn’t seem completely natural.”Following are a few examples:

“I think I can get the rest [of themoney] from an old friend I met inthe Chabad House.”

“I have prayed thatHashem will reward you inmany ways.”

“Baruch Hashem, I willreimburse you as soon as I’mback home” (it should have said “b’ezrasHashem”).

On the other hand, as I perused thechain of e-mails, I was humbled by thecompassion and sincerity I encountered.After sending the hijacker money,Reuven wrote, “I don’t want you to feelpressured to give it all back by Friday.Baruch Hashem, G-d gave me enough topay you [he meant to lend me money

until I could repay it]; however, I knowthe stuff doesn’t grow on trees, so I don’twant you to 1) be embarrassed to keep incontact with me. I hate lenders who usethis to manipulate people! And 2)[don’t] feel pressured to pay it all backto me. You need to feed your family andtake care of your needs first!”

Less than half an hour afterdiscovering that the e-mails were a hoaxand before he realized that he would beable to recover his money, Yaakov sentme the following e-mail: “I do want to

say thatI am proud to be a

Yid. You see people who trulywould be moser nefesh for others. Ifnothing other than that, dayeinu.”

Ashreinu.

I’VE BEEN SCAMMED!I later learned that most people who

get involved with scammers end uplosing tens, sometimes hundreds, ofthousands of dollars. One of them, RebMeir Lev,* a Chassidic Yid who works ina well-known publishing house, lost

over $10,000 when he “won” a bogusraffle.

When Reb Meir found an official-looking letter in his mailbox stating thathe had won $167,000 in a raffle, hethought his financial problems wereover. “It looked genuine, with ahandwritten signature and an officialseal. Even the sum — $167,000 and notan even $200,000 — added to itsauthenticity.”

The letter, which came from the UnitedKingdom, explained that several monthsago, Reb Meir had visited a site that had

automatically entered him in thecompany’s raffle and he was now the

lucky winner. To access the money,the letter continued, he would need

to send them an e-mail with hisreference code and some tidbitsof personal information “for their

records.” The letter added that toreceive the money he would have to payapproximately $11,000 in taxes, but that asa show of good faith, upon receiving theemail with his personal information and

reference code, theywould immediatelysend him a checkfor $5000, with the

understanding thatupon receiving the check,

he would reciprocate with a$5000 payment toward thetax bill.

“I figured that I didn’thave anything to lose, so I

fell for their ploy. I received thecheck and exchanged it for money at alocal gemach, and wired the money tothe criminals. They sent me a secondcheck. Again, I exchanged the check forcash and wired the money to thecriminals. Meanwhile, the checksexchanged hands several times, untilfinally someone went to cash it. It wasfrom a nonexistent bank!”

The FBI told Reb Meir that althoughthere are thousands of criminals aroundthe world preying on innocent people,there is very little anyone can do to stopthem because it takes place incyberspace. They advised him never to

HHaammooddiiaa MMaaggaazz iinnee Ju l y 28 , 201018

respond to any suspicious-looking e-mails and to delete them.

PROTECTIONHamodia asked cyber detective

Sergeant L. Gary Yamin for some tips onhow its readers can protect themselvesfrom online scams.

“First of all,” Yamin responded, “besmart. Don’t give out personalinformation in your e-mails. If a siteasks for your personal information, do abit of research to verify that the site isgenuine. And don’t forget — if an offersounds too good to be real, it’s probablynot real! People ‘win’ huge sums ofmoney in lotteries, but to claim theirmoney they must first pay a tax, which,of course, goes directly to the crook,who disappears the moment he’s got hismoney. Others are offered a great loan— but to claim the money they mustfirst pay a hefty processing fee. Theypay the fee but never see the promisedmoney.

“Since it’s relatively easy forcriminals to break e-mail passwords,choose one that’s strong, one that they’llhave difficulty cracking. The passwordshould be at least eight characters longand include lower-case and upper-casecharacters, as well as numbers orsymbols. Never use words that appearin the dictionary or names of familymembers. I strongly recommendchanging the password every threemonths or so.”

Chazal warn us, “Kabdeihuv’chashdeihu” — respect others butsuspect them. As frum, ehrlicher Yidden,we tend to emphasize the respect whileoverlooking the suspicion. Yes, it wouldbe wonderful to live in a world whereeveryone is honest, but we don’t. AsReb Elyah Chaim Rosen, zt”l, the lateRosh Yeshivah of Breslov inYerushalayim, so succinctly put it,“Temimus u’peshitus —innocence andsimplicity, but count your change!”

It’s our responsibility to takeprecautions and do whatever we can toprevent criminals from worming theirway into the privacy of our lives. ❚M

HOW TO PROTECT YOURSELF• Change your password often and keep it in a safe place.

• Don’t share the password with anyone.

• Don’t open any attachments from anyone unless they are run through an anti-

virus program.

• Log off when done.

• Don’t reply to spam, harassing, or offensive e-mail, and don’t forward chain

e-mails.

• Delete all e-mails, unread, from people you don’t know.

• Don’t be caught by scammers’ favorite trick — “Remember me?”

• Do not reply to any e-mail asking to verify your personal data. Legitimate

vendors and merchants do not send such requests via e-mail. If you do

receive such an email, contact your merchant for clarification.

• Never divulge information, such as passwords and credit-card, Social

Security, and bank account numbers, to anyone making contact with you.

Only give such information when you initiate a service call, and only do so

with trusted sources and where appropriate. Never send this information in

an e-mail.

• Use anti-virus software and/or firewalls on each computer you own or use.

• Keep your eyes open! Check your credit reports. Look for telltale signs such

as an address change you didn’t make.

• Monitor your bank account statements frequently for suspicious activity.

• Shred or tear up unwanted documents that contain personal information.

• Remember that if something looks too good to be true, it probably is.

• Be skeptical!

• If you have a question about a company, contact the Better Business Bureau.

• Rational people can make irrational decisions under stress. If you are in

financial trouble, recognize your vulnerability and think twice before you get

involved in a suspicious venture.