There is currently a scammer taking over email accounts belonging to radio amateurs and asking for you to buy gift vouchers on their behalf.

If you get an email from someone who rarely writes to you or from someone you often talk with but the style is strange - BEWARE.

The story is the common one - for some reason, they are incapacitated and need to send a present to a family member and need your help as they cant do it themselves.

These emails are usually the result of ID theft either directly or from a website where the person who is “supposedly” sending the email has an account.

Often the scammer will use the same “signature block” so it appears to be coming from who he/she says it is.

If you have a way to contact the person via phone (OR RADIO) to tell them please do so, so that they know what is going on and can see if they can cancel their email account (or Twitter, or Facebook, or WhatsApp or or or …) to stop the fraud.

If in doubt, on no account give any money in any form in response to these emails.

73 Ed


I live in Yorkshire. That’s not a problem Ed :wink:


Hi Ed,

I received an email earlier today from a well know SOTA Activator/Chaser just asking me to confirm receipt of the email and wanted a favour. The callsign was at the end of the email, so I ended up assuming it was the right person so wanted and asked what the favour was. When I found out it was to buy an Amazon Card for a niece’s Birthday, I started to think that this was dodgy so I private messaged this SOTA activator/chaser via this Reflector to state that I suspect the email account had been hacked.

Jimmy M0HGY


I believe the Good Times Virus is prevalent again.

Ah and now I’m included on a follow up so I know who was “hacked” and the follow up happens to include a spectacular cc/bcc fail. :slight_smile:

1 Like

The scammer doesn’t need to “hack” the email account. They can set the From: field to anything they like so it’s a very easy scam to do.

It might make a welcome change from the endless and entirely unwanted political email that clogs my box daily.

I thought that after the November US elections it would cease.

Dream on Paul…

1 Like

Indeed they can. But these scams work on the social engineering aspect that you are receiving an email from someone you know. Or at least you are meant to think your are receiving from someone you know. In that case you need access to the mark’s address book for it to work and so you can send it to people more likely to respond.

One of the hacks used is to commandeer an apparently inactive profile on a popular website for providing info about ham radio ops. So it’s worth keeping an eye on your own profile on any and all websites you can think of, periodically updating the password. I am not specifying the site but most hams with internet know it.
Andrew vk1da


I frequently have emails arrive that are made to look like they have come from other Hams, with random links and all sorts of stuff, as it happens my email provider is getting better at filtering them and most of them end up in the Spam folder.

Some even appear to use the real email address of the person they are supposed to be from, but most just have a Name and/or callsign and a fake email address.


Congratulations Andrew on getting your photo operating VK1WIA in BERU in your car in the July RSGB RadCom, nice one!

I remember seeing those Toyota 4X4 motors when I was in VK2 a few years ago. This model isn’t available in UK.
73 Phil


Thanks Phil,
Yes the FJ cruisers have been discontinued now (in Australia at least) and are becoming somewhat of a rare item.
I had forwarded photos of the station as requested to whoever was coordinating things at the UK end of that contest. The antenna mast is of course my SOTA mast and the antenna was my old linked dipole.

The caption stating the station was operating outside Canberra was slightly incorrect, as I was located on Red Hill about 2km south of Parliament House. It’s a Hump, as it doesn’t have the prominence to be a SOTA summit. It has a WWFF number for the nature reserve. I set up once on Saturday night for the first 3 hours of the contest (local time 9pm to midnight) then again on Sunday afternoon in light rain, for another stint of about 3 hours.

Conditions on 40m on Sunday afternoon were quite staggering, s9 signals from G stations and immediate responses to my replies in most cases. Very enjoyable and I even improved my 22wpm sending with the portable paddle and the keyer in the 706. No memory keyer in that rig, sadly.

73 Andrew VK1DA/VK2UH


jimmy would that be [redacted] as i had an email aswell

(I’ve removed name and call. Ask Jimmy in a PM rather than in public.)

I just thought that I’d best make you all aware I have now had 2 recent scam emails from the same well known SOTA activator/chaser that I had back in July. I have sent another private message via this Reflector to this well known SOTA activator/chaser about this which will hopefully get seen as I never had a response to the private message I sent back in July so unsure as to whether or not that was seen. I will not be disclosing the identity of this well known SOTA activator/chaser on this public Reflector, but I will advise that if you come across any suspicious looking emails in your inbox or junk mail folders from any SOTA activators/chaser so you don’t make the same mistake that I did back in July by responding to that email.

Jimmy M0HGY

1 Like

The problem might be out of control for the respective person. If the email adress was leaked to those scam criminals then it might pop up again and again. It is part of databases that get traded on the darknet. Not much that can be done afterwards.
The email adress is burned “forever” and the only chance is to move to a new one and take care.

73 Joe


I can confirm that it DOES repeat. I use gmail for my email and it is now effectively flagging these as spam emails, but sometime, you start to wonder when you read them …

I had them (apparently) from a SOTA activator/chaser and from non-radio friends as well. If you look at the source code in the message and then do a “Whois” on the IP address, the latest batch of these appear to be coming out of Ghana and other African countries over “Afrinet”.

73 Ed.


What this means is that somewhere an acoount owned by the activator was hacked to obtain some details. Next a new account is set up using the activators email name but on a server where user checks are lax. That new email address with new domain is then used to pretend that assistance or help is needed. That may take several forms but commonly they request vouchers or payment cards, but may include request for remote financial assistance. I explored this in depth recently but unfortunately I have deleted all the data.

1 Like