Hackers hit the Yahoo! email account of Iowa State Senator Bob Dvorsky earlier this month and used it to send phishing emails to everyone on his contact list. The emails were titled “Emergency Please” and claimed the Senator was stranded in Scotland because he had been mugged and needed money to pay his hotel bill and get home. Presumably in an effort to cover all bases, the hackers made sure the emails also mentioned that he had contacted the U.S. Embassy and had gotten no help.

Anyone who believed the message and replied would have received instructions to wire 10,000 pounds (roughly $15,000 US) overseas. In reality however, Dvorsky was safe at home and in no need of any financial assistance. He found out about the scam emails from his friends. He admits that the hackers probably had his password because he gave it to them. Dvorksy said that earlier this year he got an email claiming to be from Yahoo! and asking for his password. He complied with the request.

This scam is nothing new. Last year a member of Britain’s parliament was hacked and just last week I got a scam mail from a friend which was nearly identical to the one described here. The hackers use this trick figuring that a person’s friends will trust that the sob story is true and send the money.

Unfortunately, if people don’t check sources when they get an email asking for their password, phishing scams will remain alive and well.