Instagrammer writes about how he was elaborately scammed out of $7500

Originally published at:


Having inserted an onion in my belt, I will now opine.

It’s a shame that so many mail clients make it less than obvious how to view a full path, and it’s worrying that people don’t know to reflexively check a path of transit when they get an almost-too-good-to-be-true offer via email.


I read about this story last summer. This is an Asia-based woman (or perhaps a man) who has a weird talent for convincingly impersonating powerful women in the American media industry over the phone and e-mail. She’ll lure a recognition-hungry U.S.-based artist or photographer or other creative type who’s come to her attention to fly over to Asia on their own dime for a spec project, where her confederates are waiting to fleece them further.

The odd thing is that the sums they extract from these victims, who are of relatively modest means, are pretty paltry as far as big complex con games go. The bulk of the losses for the victims are in airfare and hotel costs that don’t end up in the grifter’s pocket. Also, the con artist seems to have a sadistic streak and eventually starts abusing the victims in-character toward the end of the grift. It’s seriously creepy.


I don’t know how to do this and my quick attempts at Google keep getting me New Jersey transit info. Can you explain further?

Email is inherently insecure, no better than a letter in your letter box. You may get a letter which claims to be from Murdoch, but it will contain headers which will tell more of the story, and help you work out where it actually came from.

Some mail readers like Claws mail make that easy but you still have to know how to interpret what you see.

The bottom line is that there is no way for a normal person to work out if an email actually came from the person who claimed to send it.


The trouble with email is that it’s difficult to remember the maxim that if it sounds too good to be true, it is a scam.

I use the venerable Thunderbird email client, which has a ‘View headers’ function that shows the ‘received by:’ chain of transit. It’s also pretty good about flagging spammy things. And I force it to display the messages as raw ASCII text, which defeats all the tricks that depend on HTML sorcery.


I’m old and my brain doesn’t work well, so I used “path” when the word is “headers.” Try using old “don’t be evil” to search for “full email headers.”

1 Like

Well the headers do contain some information about the path taken by the email.

They can be falsified of course.


I’m worried by this “normal person” part. It seems like we’re always rounding down what normal means. But sadly you are right.

Yeah. That’s what I meant. I was thinking half about my post and half about my lesson plan for the next class. Good old multi-tasking. How could paying half-attention to internet communication go wrong?

I didn’t even finish the first paragraph when I knew exactly what this story was about. I would have figured a working photographer on Instagram might have heard about this and remembered ?


Headers can be completely bogus. They can be forged. It may pay to check the sender address and return address. If you get an email supposedly from Apple for example, and the return address is "", then that’s not obviously going to Apple. You might want to be wary. The other major thing is to ask yourself: “What is this email asking me to do?” If it is “divulge sensitive information,” “send money,” or “travel to distant place and meet someone” then that’s stuff that a scammer might well want to induce you to do. The more private the info or high-value the action, the more you have to be wary. And if it looks risky, use a non-email channel to confirm the person’s identity.


Thanks—this is all helpful. (And all stuff I do. I was mostly confused by the “path of transit” language in @supercrisp 's otherwise-helpful post.)

1 Like

Yeah. I do some contract work–translation and other stuff–and it never really happens the way things play out in these scams. You email, sure, but phone calls and/or video-conferencing happen too.

You really just have to watch out for self-deception, our mental flaw that leads us to see the world as we’d have it be rather than the way it is.


This is the most important thing that I keep repeating to my non-infosec-minded friends and family. If you get an email from your bank asking you to click a link to confirm some things, even if you’re fairly sure everything is legit, do not click the link. Go to the bank’s website. Type in the URL yourself. Then check if there are any alerts matching whatever the email said.

Likewise, if you get a phone call claiming to be from your bank, and you think it’s legit, don’t provide any info. Hang up, call the number on your card, and ask them if the stuff you were told on the incoming call was true.

It’s much harder for someone to dupe you when you initiate the communication (outgoing email, phone calls, websites you explicitly type) than when they do (incoming email, phone calls, web links from email).



That’s what helps to make it work, I think. Ludicrous sums stand out and attract attention, normal-ish sums usually don’t. It’s also a good way to get a relationship started and then slowly escalate towards the desired amounts. Although this particular scammer seems to get sadistic before that, so who knows.


Yeah, I should also have mentioned ““divulge sensitive information” means especially “log into a website” (thereby providing your credentials). So don’t do that from an email. Phishing emails typically direct you to a fake site that looks like eBay, PayPal, your bank, etc. but is not and will steal your login.

1 Like

This was one of her key tactics that we realized later. Attack us with strange things so we have to defend our position. Then ask for money while we’re in this defensive state.

Reminds me of some of the Scammer in Chief’s tactics.

Inconsistent, currency & stamp from Indonesia but that paper said Penang State in Malaysia. 2 different country, different government.

This topic was automatically closed after 5 days. New replies are no longer allowed.