Eugene's observations

Contrary to all the advice that I and others have given to keep passwords secret, there is one occasion where it can help to have a trusted friend with knowledge.  I recently received an email purporting to come from a client as follows:

 I'm writing this with tears in my eyes, I and my family presently on a short trip to Rome, Italy. Unfortunately, I was robbed in the hotel I booked, all my valuables which includes cash, mobile phones were stolen during the attack but luckily I still have my passport with me.

 I've been to the Embassy and the Police here but they are not taking the matter seriously. Please, I really need your financial assistance now because things are really getting tough on me here. Our flight leaves in few hours from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills. Please, let me know if you can help us out?

Well I've received scores of identical messages in the past so I was in no doubt that the client's email password had been aquired by a bad person.  I played along for a time by offering to help - until such time as I was instructed to make a (non-traceable) payment of £870 to a Western Union (spurious) address. 

I wanted to protect my client from further misuse of their account but I could not reach him by phone.  Clearly there was no point sending an email as they were being forwarded elsewhere.  In this case, had I known the password I could have changed it and saved my client a little distress.

Unfortunately the password was not only 'protecting' the stolen Yahoo account, but it was identical to several others including the website from wence it was hacked.  All of these had to be painstakingly changed.  You may be assured that this client now heeds the age old advice to maintain a password manager and use long, complext and unique passwords.  In fact I think he has enabled two factor authentication too. Unfortunately many of his messages and contact list were deleted and not backed up.