I got an email from a friend yesterday saying she was in Europe, had been mugged, had no money and the hotel wouldn’t let her go until she paid. It seemed an obvious scan, so I called her and left a message saying to change your email account password.
What I didn’t think to do it to notify others who might have gotten the email too. My sister did fall for it and actually send money. Happily, a geek friend of hers figured out the scam and they blocked the payment.
If you use online email like GMail, always log on using “https” not “http” This insures that the entire email session is done in an encrypted mode and that password sniffers can’t grab anything.