fb-pixel Skip to main content
Sean P. Murphy | The Fine Print

A plea from a friend, via a hacked e-mail account, is a cautionary tale about scams

It’s too late for Judy Murphy, caught in a gift-cards scam, to get her money back, but she hopes new tech will spare others.Suzanne Kreiter/Globe staff

The first plea for help popped up in Judy Murphy’s e-mail inbox on Oct. 10. And by all appearances, it came from Mary, a friend of more than 50 years.

“How are you?” it said. “I need a favor from you.”

For decades, Murphy had repeatedly asked Mary to volunteer for fund-raising and event planning on behalf of the small college they attended together. Mary (whose last name I agreed to omit for privacy reasons) always came through.

And in all that time, Mary had never asked Murphy for a thing. So, in a way, Mary’s first-time request for a favor delighted Murphy, 72, a semi-retired project manager from Boston.


“It gave me an opportunity to show her how much I respected her,” Murphy said when we met at a coffee shop. “I felt honored to help a friend who had always been there for me.”

“Just ask,” Murphy shot back in an e-mail. “Hoping I can help.”

Here’s the next e-mail from “Mary,” verbatim:

“I need to get a google play gift candy next for my niece, Its her birthday but i can’t do this now because I’m currently traveling. Can you get it from any Store around you? I’ll pay back as soon as i am back. Kindly let me know if you can handle this. Thank.”

Not perfect grammar, true, but Murphy, so eager to help, hardly noticed. Nor did she notice a key difference in the two e-mails she had received: The first came from “verizon.net,” the second from “hotmail.com.”

Still, the names on the e-mails were identical: Mary’s full name, with a dot separating her first and last names, a familiar sight to Murphy.

Confused about exactly what to do, Murphy asked for clarification, and “Mary” replied:

“Total amount she need to get is $400 (4 each $100.00 cards) from any store around you. Scratch the back of the card to reveal the pin and send the picture of the google play gift card with the pin showing clearly at the back and email it to me. I will surely pay back as soon as am back. Thanks.”


Google Play gift cards are a lot like cash. All you need do is scratch off the label on the back of the card to reveal a 16-character code (or “pin,” as “Mary” put it). Anyone with a Google account (which can be easily created for a nefarious purpose) can type in the code to purchase apps, games, music, movies, TV shows, books, and magazines.

With her task clarified, Murphy scooted out to a nearby 7-Eleven for $400 in gift cards. She scratched off the labels, took pictures, and e-mailed them to “Mary.”

What Murphy got in reply was a new request from “Mary”:

“Thanks so much. I sent the cards to my niece and she made me understand that I promised her $800 worth of google play gift card and I got her $400. Please can you help me purchase the remaining google play gift cards. $400 (4 each $100.00 cards). I will be paying back $800 as soon as am back home on Saturday Morning. You are to send it the same way you sent the previous one. Thanks.”

Many of us would find such a request highly suspicious, and Murphy told me it made her a bit nervous.


But Murphy did as instructed, even commenting in the process: “Aren’t you the best Aunt!!”

Finally, the next day, came this request from “Mary”:

“I forward the remaining cards and my other niece was angry at me that she needs a good play gift card as well they are just my little one. Please am sorry to inconvenient you in any way. Can you get me another $400 google gift card for my other niece. I will be paying back $1200 as soon as am back home. Let me know if you got my message.”

“My other niece”?

At that point, Murphy called Mary, who said her Verizon account had been hacked and that she had received calls from other distressed friends. The cards had been sent to the Hotmail account, Murphy realized.

“I hope you didn’t fall for it,” Mary said.

But of course she had. (Mary offered to reimburse her for her loss, but Murphy firmly declined.)

As we sat over coffee, poring over the obviously suspicious scam e-mails, Murphy looked hurt.

“Yes, as I stare at it now, I should have known,” she said. “But with ‘autocorrect’ and everything else these days . . . ” Her words tailed off.

“I don’t feel I am a naive person, and it’s not age-related,” she said. “People may say, ‘Oh, God, that’s what they do, prey on old people.’ But I’m a capable person.”

Yes, she is, borne out by a resume that includes long tenures working for major corporations and nonprofits.


After realizing she had been scammed, Murphy contacted Google and asked the tech giant if it could help unmask the perpetrators by “tracing the codes.”

“There’s nothing we can do,” a Google customer service representative said, according to Murphy.

I tried to engage Google in a discussion about how to avoid such scams. But, after acknowledging my initial detailed request, Google ghosted me.

“We need new technology to help fix this,” Murphy said. “Who’s going to step up?”

Murphy filed reports with the Boston police (“the officer listened empathetically but said there was nothing he could do,” she said) and the Federal Trade Commission, which is charged with protecting consumers. (“You file online, but get no feedback,” she said.)

She also tried to get her credit card company to cover her $800 loss, but it refused, saying she alone was responsible for the ill-fated purchases she made.

Consider yourself warned.

Case closed

Judi Meirowitz Tischler of Newton received a check for $1,799.99 from Samsung on Nov. 25.

“Case closed,” she wrote to me, with a thumbs up emoji.

Tischler’s Samsung refrigerator conked out while under warranty but the giant producer of consumer electronics and appliances failed to honor it, despite months of persistent efforts by Tischler.

After I contacted the company for a column, Samsung coughed up the check, which paid for her replacement fridge.

Good job, Samsung. But too bad it took a call from me to make it happen.

Sean P. Murphy can be reached at smurphy@globe.com. Follow him on Twitter @spmurphyboston.