What could they gain from this kind of scam?
There used to be a scam running among my classmates several months ago. There would be a person calling us using the numbers we provided to the school’s database. They would tell us that they were a staff member of some kind of international education institute, and they were working with my college to provide us a special scholarship to study in a certain country. All they needed was our email so that they could send us more information. From the conversation I had with that person, I could tell that they knew a lot of my basic information in the school’s database. I knew it was a scam because: 1. I asked for where to look for further information and they beat around the bush, then told me to give them my email. 2. I asked for confirmation from the principle and he said the school didn’t know such thing existed. And 3. A friend of mine gave them her email and has received nothing in her inbox since.
I find it a bit strange for a scam. Our emails are also in the school’s database. If they were to steal our personal information, why didn’t they steal our emails as well? And suppose someone bought into the scam and did what they told, what would they do with the email? A lot of my classmates actually bought into the scam and we haven’t seen anything from them since. What did they do with the emails if they didn’t use them to spam us?
Observing members:
0
Composing members:
0
3 Answers
Maybe sold them to other spam sources. No other way for money to be involved, and that’s usually what scammers and spammers are about.
Yeah, my guess is they somehow didn’t have your email despite having the other info, and wanted to sell the data or possibly scam you (or hack university computers) later in some other way.
Your friends might want to consider what sites they may have signed up for, whether school-related or not, for which the “username” is frequently the email address. I’m guessing that whoever acquired the information they had on you had access only to “public” information of some kind; frequently email addresses are kept at a slight remove from the other student information, since there should generally not be a need for that unless contact is required.
So, armed with valid and current potential usernames, a hacker could use those to attempt “brute force hacking” on various sites (such as Facebook, for example, which is one site that does use email addresses as a sign-in method). With valid potential usernames, it’s easier to attempt the hack. It might even be a college-related thing, where the usernames are restricted to internal college sites.
I doubt very much whether anyone would go to so much trouble simply to “sell email addresses”. Those aren’t worth enough at a retail level to involve so much of a person’s time to acquire – I think. My understanding is that those have a value to spammers, for example, on the order of pennies per thousand valid emails, so not worth even a few minutes of a person’s time to attempt to wheedle out of an unsuspecting user one at a time as you describe.
Access to Facebook, banking information, student loan databases, etc. – that’s another thing. That kind of information could have a lot of value to a thief.
I hope the college’s security people have been notified. This sounds potentially serious.
Answer this question 
Composing members:
0
