[Another Scam] Email alert

Hi all anyone else get this email? Supposed to be from Lee Marshal
at new concepts. Looks suspicious to me.

Dear Orchid,

I received an email, supposedly from Lee Marshall, who is
purportedly located in the Philippines, the general outlines of which
state, ‘I have been robbed at gunpoint, etc. need money to get home,
get out of jail’, etc.

I did not OPEN it, but sent it to Perdition, so did not do the trace
back to URL or whatever. I am curious, did anyone else receive same
and has Lee’s address book been Hijacked and does he know? Or is he
really languishing in some foreign place in need of rescue?

Wondering in WA,
Eileen ‘Snow Goose’

OK people, Just another turn around the block for this form of scam
that has been going on for years, like the Nigerian one.

This is a common scam, it’s happened to me personally, and to others
I know. Just ignore it, accept for Lee Marshal, who needs to change
His/Her account settings.

That one has been going around for many years using different
peoples names and various locations. Not sure if it is a type of
virus or just a scam where the sender can make it look like someone
from your email list, but I got it this week as well from someone
who is not associated with Orchid at all.

I run a volunteer program, and we have frequently received this type
of thing, only to discover our volunteer is safe and sound at home
with no idea that this had been sent to look like it was from them.

Hoping Lee is safe and sound and not having a bad trip in


Yes He’s been hacked, yes he knows (I forwarded the hack to Brian
Meeks at Knew Concepts several days ago…). Wish people would find
better things to do with their time than hack others!

Beth Wicker
Three Cats and a Dog Design Studio

Hi Guys,

No, Lee’s not in the Philippines, he’s home in Santa Cruz,
not-so-quietly plotting the messy demise of a certain unknown
hacker. Other than that, he’s just fine.

His personal email on Yahoo got hacked. We’ve got control back, and
are working with Yahoo to clean up the mess, but one of the things
they did was dump his contacts, so we can’t just send out another
mass email to let people know it’s all a scam. As soon as we get the
contacts back, we’ll send out another mass email to update everyone.

So, yes, it’s all a scam. On the other hand, when it first happened,
(Thursday morning, our time) his phone just about melted with people
calling to make sure he was OK. Not the optimum way to get in touch
with your friends, but it is always good to know you have lots of

The account that got hacked was his email, stored on yahoo’s
servers. None of the Knew Concepts computers were involved in any
way. (In fact, most of them were turned off. We still do that.) We
don’t deal directly with credit cards, or collect on our
customers for just exactly this reason: they can’t steal what we
don’t have.

(The KC web store goes through paypal, and they secure the card
info. We never see it, and don’t ever have it.)

Thanks for all the warnings and contacts. It is always nice to know
you have friends.

Brian Meek
Knew Concepts.

Hello all,

Lee Marshall is fine, working hard in Santa Cruz! He apologizes for
the hassle, and appreciates your concern.

He is glad that he does not keep anyone’s credit card info in his
computer—he uses PayPal. So, do not worry about any of YOUR info
being compromised.

He is working to make sure this does not happen again.

Lee Marshall’s friend (Godmother of the Knew Concept Saws----see the
latest Knewsletter for the story)

Cynthia Eid
Cynthiaeid. com

We did not get this particular email, but last year received the
same message supposedly from a friend. (She was in Florida, so we
knew it was a scam.) The sender had hijacked her addresses.

Never respond! Good alert.


Scam… Ciao Jo-Ann and John Donivan

Yes I got one as well. I did give it a second look but it didn’t
read quite right so I deleted it.

Alison Flanders

I did not OPEN it, but sent it to Perdition, so did not do the
trace back to URL or whatever. I am curious, did anyone else
receive same and has Lee's address book been Hijacked and does he
know? Or is he really languishing in some foreign place in need of

Lee got hacked. He’s not in the Philippines, and the only robbery
was the one committed by the hackers trying to get you to send money
using his address book.

He sent out an email to this effect to those he apparently has an
email address for directly. This type of scam, by the way, is a
pretty standard classic ploy seen in a number of guises for years
now. Once you’ve seen it, or worse, responded to one of these, you’ll
recognize them again. But they can be disconcerting since they are
sent apparently from someone you know. After all, when your
apparently desperate relative emails you asking for help, are you
gonna turn them down? I once got one apparently from relatives which
I got while they was traveling on a cruise that originated in Italy,
and the scam email appeared to be coming from where I already knew
she was traveling through. Plus it claimed to be a message sent from
the ship they were on, which I could not contact because, well, they
were at sea, asking for money to be waiting for them at Western Union
when they docked. That took some checking around with other
relatives, and some very careful reading of the email path headers,
to identify.

They were fine, of course, and had no idea they’d been hacked. Best
guess is the travel agent had also been hacked for the records of
their trip so the scammers knew those details in addition to having
contact email addresses. Scary stuff.


And people wonder why I use fake online! If I get a
personal email from a friend, asking me to help him or her with some
terrible tragedy, and they address me as “Paf”, I know it’s a scam!

Also, it’s very important to use word(s) for your password that are
not found in any language dictionary. Plus upper, lower case,
numbers and symbols so you don’t get hacked!

Paf Dvorak

HI again gang,

One update regarding the hacking. This is just FYI in case you ever
have to unsnarl this yourself.

First thing they did was set his email to forward to an anonymous
email on outlook. com (that they controlled). They then sent the
‘gimme money’ email to all his contacts, then dumped the whole
contact list. The next trick was to set his email so that it would
block anyone not on his contact list. Which was now empty. So it
blocks all email to the account, and forwards everything to them.

The reason this matters: next step was to go to ebay, do the ‘I
forgot my password’ thing. So it sends a reset link to ‘his’ email.
Which they control. 5 minutes later, they’re into his ebay account,
ordering a few dozen pair of Air Jordans, and a couple of laptops.
Ebay smells a rat and shuts them down automatically. (Yay ebay.
Shocking, eh?) They managed to get the block lifted, but then we got
control back a couple of hours later, and nuked the pending
transactions. They also didn’t have access to any way to actually
pay for any of this crud, so nothing got shipped. Net gain: zero.

There are two lessons here:

(A) if they hadn’t gotten greedy and sent the ‘gimme money’ email,
we wouldn’t have figured out what happened for at least a day, as
the only symptom would have been him just not getting email. Not too
uncommon with Yahoo, so he might just have chalked it up to net
troubles for at least a day. The ‘gimme money’ email caused his
phone to start ringing almost instantly, so we knew there was a
problem quite quickly. Wouldn’t have without it.

(B) Two factor authentication. Get it. That way nobody can fiddle
with your account without some sort of alternate channel ID token.
Either a passcode texted to your phone, or some other
non-email-based sort of ID. All of his (and my) accounts now are set
up that way. Makes it much harder to hack into.

We’d just come back from a show, and my suspicion is that his email
password got sniffed from a public WiFi node somewhere on the trip.
“Open” or “Free” wifi connections are unencrypted, which means that
everybody on the connection can potentially sniff all the other
traffic on the network. One way around this is to turn wifi off while
you’re on the road, and force the phone/laptop/pad to use the
cellular network, which is encrypted. (If that’s an option for

So, first thing if this happens to you, check merchant sites like
Amazon or Ebay, to see if that wasn’t the real goal. Change all
passwords, and go to two factor ID if you can. Beware Geeks bearing
the gift of free Wifi.

Hope this helps somebody down the road.


PS. > Back up your contacts to your local computer periodically. In
fact, just back everything up. Often. Do it now while you’re
thinking about it. If you want a good offsite backup service, I use
Crashplan .com. I’ve been very happy with them. About $100/yr for
unlimited space, and heavy encryption.

Yeas it is a scam. It means that the person’s email address book has
been accessed by a virus andhas sent this meaasge to everyone in it.
The thieves then collect the money sent by western union.

This is about 5 years old so an antivirus program will kill the
original malware.

Email him and tell him

Nick Royall

Realistically, this is probably spoofed, rather than an account
being compromised. Though, it doesn’t hurt, just in case.

Lee must have a lot of friends who have been robbed! I received 6 of
these from friends.