Of course, you have to get up pretty early to pull the wool over Jay's eyes. It's a scam. But what's interesting was that it was a personalized scam. It didn't come from the son of the Nigerian Prime Minister, it came from one of Jay's friends.
The Bad Guys are spending a lot of time on Social Media sites (especially Facebook). They can generally get lists of friends (Facebook's privacy is pretty horrible). It's surprisingly easy to get real email addresses for people, and so you have a bona fide real sender and real recipient, who know each other.
The original email scam is called "phishing" (where the bad guys go trolling for dupes). This is called "spear phishing" (targeted phishing) and is coming to an inbox near you.
So what do you do?
1. A healthy skepticism is a virtue. Jay's B.S. detector started ringing, and yours should too. Read Jay's post, and Ambulance Driver's comment to see why Jay thought this was, err, phishy.
2. If you want to follow up with your friend to make sure they're all right, do not (repeat, do not) reply to the email. Here is an ordered list of ways to make contact, from most preferable to least preferable:
- Call them on the phone to ask them if they're in the UK and in trouble.
- Send them a SMS text message, asking them to call you if they're in trouble.
- Leave a comment on their blog: "Hey, I need to talk. Call me at the sooper sekret BatPhone number."
- Forward the email to their email address - one you know is good. The Facebook "send a message" feature is a good one here; just cut and paste the email into the Facebook message and ask if they sent this.
It's best to actually talk to the person, because you'll recognize their voice (hey, this is a friend, right? So why not gab away?).
The Web is getting personal, including the bad stuff. Let's be careful out there.