Log in

No account? Create an account
socks and cat

Other Seattle pole school student getting fraud e-mail

My friend that runs the other pole school in Seattle has "teaser" classes that give you a sampling of pole dance classes. One of her students got the following e-mail after registering, NOT from my friend the school owner, but signed with her name:

"Hi Lindsay,

My name is Angi and I am the other woman for whom you made the teacher
training contract. Thank you.

I need verification for your order ( Teaser - Friday August 22nd 5-6pm
). I need your credit card information for verification your order. I
need ASAP.

Thank you!

Obviously they were fishing for her student's credit card number. But I'm wondering how they got her student's name, e-mail and the class the student signed up for. I just e-mailed her back after she sent this to me and asked if she was using an un-secure internet connection. Because I can't think of any other way they could get the name and e-mail and class registration of one of her students.


Several ways:

1. Does your fellow teacher keep roster lists that students fill out with email addresses? If so, maybe someone went "Dumpster Diving" and found those records in the trash.

With a list of email addresses and knowing the name of the school, such an email would be EASY to do.

2. It's *possible* that someone is monitoring the internet connections, but if she's not on a network then I'm not sure how easy that would be to do

3. Maybe she has some malware on her computer that suceeded in grabbing her email contacts list.
There are a variety of methods this could be happening - as mentioned by the other comment.

Include in those network sniffing if using a non-encrypted wireless connection, the most common "techie" method is the aforementioned Malware.

Digging through Myspace posts, Blog posts etc. can get enough information to have originated not from her end, but the clients end.

I'd suggest in all communication (print, Email etc.) even from the initial conversation - there include a disclaimer that there will never be an exchange of credit card information etc. similar to what people will see from their bank etc.