The Investigators: Hacked! - WMC Action News 5 - Memphis, Tennessee

Reported by Andy Wise

The Investigators: Hacked!

A breathless, desperate e-mail from the boss -- or maybe from your buddy at the club -- is actually from a hacker in the Eastern Hemisphere.

The Better Business Bureau says virtually untraceable, organized crime rings in foreign countries have compromised the e-mail accounts of leaders in large American organizations, including service clubs, churches/faith-based groups and the military.

"(They're targeting) people who a) carry authority and b) have a large database," says Nancy Crawford, communications director for the Better Business Bureau of the Mid-South.  "If they're the head of an organization, they're going to have a lot of people in their address book."

The Action News 5 Investigators have learned in most cases, the hackers absorb the leader's entire e-mail account.  They send out an e-mail to every person on the contact list, posing as the leader.  The message says the person is overseas, in dire straits, and in need of a money wire transfer.

"Supposedly, I was in London, stranded, lost my wallet," says Pastor Chuck Moscato of Ridgeway Assembly of God in East Memphis.  He's describing an e-mail that went out to everyone on his contact list, including most of his congregation.

"Thankfully, they recognized that this was bogus," he says.

The same thing happened to Vijay Surpuriya, a Germantown pharmacist and active leader in the Germantown Rotary Club.  Someone absorbed his account, then sent the "stranded in London" message to every member of the Germantown and Memphis Downtown Rotary clubs.  The message included a Western Union address to wire the money.

"Nobody gave any money," says Surpuriya.  "(The hackers) transferred the files, and they locked me out of my own account."

Neither the Action News 5 Investigators nor law enforcement have been able to determine how the hackers accessed the men's accounts.  But in both cases, the hackers left glaring errors in the messages that tipped off the recipients it was a scam.

In Surpuriya's case, the return e-mail address was not recognized by those in his contact list.  The Rotary motto used in the salutation was also incorrect.

The hacker posing as Pastor Moscato signed the e-mail as "Chuck."

"He never signs his e-mails as 'Chuck,'" says Mark Farmer, Ridgeway Assembly of God's director of multi-media.

"My contacts all know that the wordage of the e-mail was not familiar to my style," adds Moscato.

Crawford says one way hackers are getting through e-mail accounts is through Facebook and MySpace pages, although it's unclear how hackers are obtaining password access in order to hijack the accounts.  Do not post your e-mail address, password hints or account information on Facebook or MySpace.

Always verify the sender of any e-mail.  If you don't recognize the sender, do not open the e-mail or any attachments.  If you do recognize the sender, and the message is requesting money or unlocking an attachment, reach the sender by phone to verify the source.

Powered by Frankly