A few days ago, Chintamani uncle (name changed) received an email from an old friend, a retired senior police officer. He had no reason to suspect anything was wrong. In the email, the officer, who once held the rank of inspector general of police (IG), asked him to donate money for the medical treatment of a child.
The message read: "Actually, the reason I contacted you is because I need a favor from you. There is a child (Shreya) diagnosed with congenital heart disease (CHD)... I have donated Rs30,000 but I cannot do it alone… I need 8 donors of Rs23,750 each to raise the remaining amount… If you can help, please let me know so I can tell you where to send your donation."
When Chintamani uncle replied that he could not afford the requested amount, the officer suggested sending a smaller sum to a UCO Bank account. The account-holder’s name seemed a little unusual which made Chintamani uncle pause. He then called me to share the details.
After hearing the story, I told him it sounded very much like a case of a hacked email account. This was confirmed when Chintamani uncle spoke to the officer directly on the phone — the officer knew nothing about the request. Thankfully, no money was sent.
What made this scam convincing was the way the emails were written. They were polite, articulate and sounded like the officer’s usual style — something cybercriminals can now easily achieve using artificial intelligence (AI) tools. One of the replies read:
The message came from the officer’s real email address—which had been hacked—making it appear genuine. It struck a personal tone and described a specific, heart-rending situation: a child’s life-saving medical treatment. This is a textbook example of social engineering — a trick where scammers use trust, emotion and urgency to lower the victim’s guard and push them into acting quickly.
The only real clue was that the scammer signed the emails using the officer’s full name. In informal conversations with friends, most of us would use just our first name.
Chintamani uncle wanted to file a police complaint. But since no money was lost, I requested him to check if his friend can file a complaint since he is the victim of email account hacking. It is in the process, as I understand, while writing this article today.
I also learned that the retired official’s email service, Rediffmail, does allow password resets with two-factor authentication. However, it does not offer the option to log out the account from all devices where it is currently signed in. In contrast, Gmail lets users sign out from all devices and then log in again, adding an extra layer of security.
This case is a reminder of a growing cybercrime trend — hackers breaking into email accounts to send emotional, urgent appeals for money to friends and family, hoping someone will help without double-checking the facts.
Why Such Scams Work
Trust factor – The email seemed to come from a well-known and respected person. Most people are more inclined to believe and act on messages from someone they know, without double-checking.
Emotional pull – The story involved a child’s life-threatening illness, a topic that tugs at the heart and can make people act without thinking too much.
Urgency with details – By giving exact donation amounts and a clear target, the scam felt organised and genuine, creating pressure to respond quickly.
How These Scams Are Carried Out
Breaking into the email account – Criminals first hack into the victim’s email, often by tricking them into revealing their password (phishing), using passwords leaked in other breaches, or exploiting weak login security.
Sending mass messages – Once they have control, the scammers send convincing, personalised emails to everyone in the victim’s contact list.
Collecting the money – The emails direct people to transfer funds to bank accounts, digital wallets, or even cryptocurrency wallets controlled by the fraudsters.
Hiding their tracks – To avoid being detected quickly, scammers may delete the sent messages or activity logs from the hacked account, so the real owner doesn’t notice right away.
How To Spot Fraudulent Messages
Notice unusual tone or requests – If a friend or colleague suddenly asks for money, especially for something they’ve never been involved in before, treat it with suspicion.
Double-check through another channel – Call, message, or meet the person directly to confirm if they really sent the request.
Look for odd or inconsistent details – Scammers often avoid giving information you can verify, or they may include overly precise but uncheckable facts to sound convincing.
Check the email address carefully – In some cases, the ‘reply-to’ address is different from the one you normally use for that person.
Beware of urgency and secrecy – Any message pushing you to act immediately or keep the matter private should raise a red flag.
How To Protect Yourself from Email Hacking
- Turn on multi-factor authentication (MFA) for all email accounts — this adds an extra step to verify your identity.
- Use strong, unique passwords for every online account and never reuse old ones.
- Be cautious with links and attachments — even if the email looks like it’s from someone you know, avoid clicking unless you’re sure it’s safe.
- Keep your devices and security software updated to close any security gaps.
- Check your account activity logs (in Gmail, Outlook, etc) to spot logins from unknown locations or devices.
What To Do If Your Email Gets Hacked
- Change your password right away and log out from all devices.
- Enable MFA to block further unauthorised access.
- Warn your contacts through another channel — for example, send an SMS or WhatsApp message — so they don’t fall for fake emails sent from your account.
- Report the incident at the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or to your local police cyber cell.
- Check your account recovery settings to ensure the hacker hasn’t added their own phone number or email address.
While this scam did not succeed in fooling most of the retired officer’s contacts—many quickly sensed something was wrong—it is a clear reminder that even the most careful people can have their email accounts hacked. Scammers know how to play on emotions to make you act without thinking.
Whenever you get an appeal for help, especially one involving money, stop and verify before doing anything. In today’s world of cybercrime, a few moments of caution can protect both your wallet and your peace of mind.
Stay Alert. Stay Safe!
