BAD MOMENT........Chris Berkhout

Skip to first unread message

Chris Berkhout

Sep 19, 2011, 2:41:10 PM9/19/11

Just writing to let you know our trip to West Midlands,UK has been a
mess. We were having a great time until last night when we got mugged
and lost all our cash,credit card cell phone.It has been a scary
experience, I was hit at the back of my neck with a pistol. Anyway,I'm
still alive and that's what's important. I'm financially strapped
right now and need your help.As we speak i need $1,500 to add up and
sort my bills,don't worry i will def refund it as soon as we get
home,the fastest and safest means you can get money to me is via
western union, Here's my info:

Name:-Chris Berkhout
City:- West Midlands, CV4 9PL
United Kingdom
Amount : $1,500

As soon as it is done, kindly get back to me with the confirmation
number. As soon as it is done, kindly get back to me with the
confirmation number. Let me know if you are heading to the WU outlet

I await your positive response.

Thanks and Regards
Chris ...........

Chris Berkhout

Sep 19, 2011, 2:47:52 PM9/19/11

Tal Rotbart

Sep 19, 2011, 5:02:31 PM9/19/11
Hey guys,

To those unaware, this is most likely a scam, I believe Chris is
actually in Beijing and not in the UK. His account was likely hacked
and used to send these messages to his contacts.


> --
> You received this message because you are subscribed to the Google Groups "mxug" group.
> To post to this group, send an email to
> To unsubscribe from this group, send email to
> For more options, visit this group at

Chris Berkhout

Sep 20, 2011, 10:10:24 PM9/20/11
Thanks Tal.

Yep, my accounts got hacked.

They got gmail and Facebook, and set up email forwarding and a
different reply-to address. Also, they sent followup messages to
friends who replied. On Facebook there were chat messages to online
friends. Apparently they spoke good German, okay English and fluent
Russian. Some uncooperative friends were blocked.

I was able to log in, close other sessions (one from Nigeria), change
my password and put back normal forwarding and reply-to settings. So
that should be it.

I suspect they got my passwords from some PC I used in the past.
Particularly because on Mac I use Little Snitch to allow or deny
Internet connections.


Tal Rotbart

Sep 23, 2011, 9:16:49 PM9/23/11
The fact that they did not change your passwords indicates that they
used a cookie hijacking technique to access your accounts.

Usually this is done by listening on the traffic of an free wifi
network that doesn't have client separation enabled.

As most sites don't use SSL for user sessions, your cookies travel in
plain text for all devices on the same network to see.

With only your cookies in their possession, they couldn't change your
passwords as that operation usually requires reauthentication.


Reply all
Reply to author
0 new messages