I had not spoken with the advisor for about a year, maybe even two. But we know each other pretty well and it was not inconceivable that he would contact me in a pinch. So, upon reading the first sentence, I thought it could be real.
Apologies for having to reach out to you like this, am so sorry never inform you about my trip to London, United Kingdom... for a seminar unfortunately i was mugged right outside the hotel where i lodged all cash,credit card, and my cellphone were all stolen from me but luckily for me i still have my passports with me.
I have been to the embassy and the Police here but they're not helping issues at all and my flight leaves in few hrs from now but I'm having problems settling the hotel bills and the hotel manager won't let me leave until i settle the bills..i want to know if i can confide in you by asking for a loan from you, i need the sum of 1,000British pounds which is equivalent to $1,500...i will appreciate any amount you can come up with if not all, I am so confused right now and thank God i wasn't injured because I complied immediately.
I'm freaked out i really need your urgent assistance.
Then, I saw it came from his Gmail address and became suspicious. Could it be "phishing," a fraudulent attempt to get me to send money?
We've all seen phishing emails from relatives of royalty temporarily short on cash, but this was the first time I received a phishing emails from someone I knew!
I called the advisor's office and when he picked up the phone, I was relieved. First, I asked him how he's been doing and he said everything was fine. So I told him that his Gmail account may have been hacked.
He told me that he used Gmail for personal email and for communicating with his staff. He was not using it for client communications, but it was his main email address.
I told him that, even though his emails may not go directly to clients, he probably wanted to archive emails telling staff what to do about client accounts. In addition to being a registered rep, he is an IA rep under a BD's corporate RIA. Pretty much all of his business-related emails should be archived--not just emails sent directly to clients, I told him.
I sent the phishing email to his Gmail account for him to review. I would have sent it to another email account, but he told me this was the only account he checks; all of his emails are sent direclty to the Gmail account or forwarded to it.
I am wary of using any free apps for client communications or that need to be archived for other reasons. That includes Gmail.
Your control is limited. A free service could be sold (see dimdim's rercent acquisition by Salesforce) or discontinued, and you could be let out in the cold. Also, with a free or minimum-cost app, you don't have much leverage in demanding service. Moreover, huge vendors like Gmail increasingly have become rich targets to hackers. I just have not seen this happen with other email systems that you pay for.
Th advisor was grateful that I took the time to contact him. I told him that all of his Gmail contacts probably had been compromised and were sent the message about his being mugged and needing cash. I suggested he send an email to all of his contacts saying he had indeed not been mugged and did not need cash, and I emailed him the phishing message to see for himself.
He tried logging into his Gmail account but he was denied access. Whoever hacked the account was in control of it now.
I referred the advisor to a tech consultant who could help him figure out what to do.
As soon as I hung up, I got a response to my emaill to him containing the original phishing message:
Thanks so much for your concern, It's not what you think it is...i mean it's not a hoax i really need your help right now, let me know if you are able to loan me this money, Although I have filed up a case at the nearest police post. and I reported to the embassy but I was told to follow some steps which will take nothing less than 2 weeks before I get any help from them and I can't be here for 2weeks, I need to get back home as soon as possible, I am left here with my passport alone, I will be glad if you can help me out as no amount is too small for my present situation, kindly get back to me as soon as possible.
The episode is a cautionary tale. I like Gmail but don't use it for business for all the reasons cited. Am I being too tough on Gmail? Or do you agree? Please let me know what you think.