PORTLAND – Shortly before 7 a.m. on Sept. 22, Parker Laite Sr. received an email from Elizabeth McLellan.

McLellan, the founder of Partners for World Health in Scarborough, had been mugged in Madrid.

“I’m sorry for this emergency,” the email read. “But I just have to let you know my present predicament. Everything was fine until I was attacked on my way back to the hotel. I wasn’t hurt but I lost my money, bank cards, mobile phone and my bag in the course of this attack.”

The email said she had filed a police report and was physically OK, but needed money via Western Union.

“I don’t yet have a local phone (still gathering my bearings and such), so email is probably the best form of contact for now,” it said. “I will expect your response soon.” The email contained her typical digital signature.

Laite, a longtime family friend, pondered the email. He found it slightly “off.”

Why did she send out a mass email, instead of emailing him directly? She’d know he would help. And why wasn’t she traveling with a group, as she normally does?

“But I decided to be safe,” he said. “I contacted a friend in Madrid, someone of influence, who could help her.”

It turned out that McLellan didn’t need help. A few hours earlier, hackers from Nigeria had gained access to her email account, according to a Google security spokesman.

The hackers used her address book to send out more than 8,000 emails. Some recipients immediately recognized it as a scam, but others didn’t.

As president of Partners for World Health, McLellan travels the world providing supplies and medical training to people in need. For those who know her as a world traveler, the email seemed plausible.

At Maine Medical Center in Portland, where McLellan works as a nurse, calls inquiring about McLellan’s safety flooded the shift supervisor’s phone.

People from Cambodia, Tanzania and Libya, where McLellan has traveled and established relationships, scrambled to contact her.

Others sent money to her via Western Union — totaling thousands of dollars — as the email requested. Someone collected the money in Madrid later that day, according to a Western Union spokesman, but neither the company nor the authorities have tracked down the culprit.

“It’s a shame,” said McLellan, who has contacted the FBI and the U.S. Department of State to notify them of the scam.

“For young people who grew up with email, they can recognize these things quickly,” she said. “But for older people who have less exposure with email, they wanted to help me out of the goodness of their hearts. Some of these people are older and retired and have money, and these scams try to take advantage of that.”

McLellan learned of the scam shortly after it occurred, when a secretary from Maine Medical Center contacted her to notify her of the email.

The hackers had changed McLellan’s password and deleted her contacts, so she couldn’t access her account. That meant she couldn’t send out a second email warning people about the scam.

Twenty-four hours later, Google confirmed the security breach and she regained access, but the damage had been done.

McLellan and others said they have since learned ways to help people avoid such scams:

• First, always try to contact the victim or their friends and family by phone to make sure the threat of danger is real.

• Second, look at the email address closely. In McLellan’s case, when people who received the scam email hit “respond,” it sent their responses to “ymail.com” instead of “gmail.com.”

• Third, if you’re suspicious, make the emailer prove they are who they claim to be.

When Laite emailed McLellan’s contact information to his friend in Madrid, the friend asked, “How will I know it’s Beth when I speak to her?” Laite gave his friend two questions that only McLellan could answer.

“I hope, by speaking out, people will be better equipped to recognize something like this in the future,” McLellan said. “It’s unfortunate that it happened, but the most important thing is preventing it from happening again.”

Staff Writer Jason Singer can be contacted at 791-6437 or at: [email protected]