BILOXI, MS (WLOX) - It wasn't a picture-perfect day for Negrotto's Gallery Friday.
"It was just a nightmare and we still are getting phone calls and having to explain to people that Romy's safe. Romy is fine," said Andrew Breland, an employee of the gallery.
Romy Simpson is the owner of the Biloxi gallery. She has also been bombarded with phone calls from worried family and friends.
"There have been people who have been very concerned for me, that I'm stranded in Scotland," said Simpson.
Many of Negrotto's friends and customers received a shocking email early Friday morning. It stated: "I made a trip to Scotland, and I was mugged of my personal belongings, my credit card and some other vital documents."
The email went on to say: "Please, can you lend me some funds to secure the bills?"
The email showed that it came from Romy Simpson.
"And if they care a lot about me, they may have sent some money over there," said Simpson. "It's kind of surprising because we've had our account for 7 1/2 years since we bought the gallery, so we've never been phished before."
A customer of Negrotto's, who is actually from Scotland, even called the phone numbers listed in the emails. She immediately became suspicious.
"She asked for the name of the hotel and they didn't give her one," said Breland. "And it was a guy who spoke English and it was just an 800 number and she just hung up."
The woman dialed another number. "She knew that the phone number, the prefix was wrong. The prefix is actually going to the UK," said Breland.
Negrotto's has more than 2,000 email accounts. So how did anyone get access to all those addresses? The owner thinks she knows what happened.
"I think that I logged on to the wrong site," said Simpson. "But actually, it also happened to my partner and to several people in the office. And it tells you to log in again and what happens is, it gives you a fake site that you log on."
And once you log-on to the fake site, the person can steal your user name and password. They can take over your email account and even change your password so you can't log-on.
"It's a huge inconvenience and it's embarrassing because you're responsible. Ultimately it's your email account. But it's nothing that you can be blamed for because it's not your fault," said Simpson.
If you've been phished, change your password immediately or delete your account and create a new one. To protect yourself, make sure you only log-on to secure sites. Also, you can notify the FBI in Jackson at (601) 948-5000 or contact your local authorities.