HACKED!

Earlier today we found out that my sister's g-mail account had been hacked into.  A bunch of us received an e-mail that went something like this:

"Hello, I'm sorry for this odd request because it might get to you too urgent but it's because of the situation of things right now, I'm stuck in London with family right now, i came down here on vacation , i was robbed, worse of it is that bags, cash and cards and my cell phone was stolen at GUN POINT, it's such a crazy experience for me, i need help flying back home, the authorities are not being 100% supportive but the good thing is i still have my passport but don't have enough money to get my flight ticket back home and l need to clear the hotel bills here , please i need you to loan me some money, will refund you as soon as I'm back home, i promise.Get back to me ASAP let me know what to do next."

Creepy, right? 

Not thinking, I immediately replied saying, "You better change your password because it seems like you're e-mail was hacked into."  Little did I know that the hacker had already changed her password and my sister no longer had access to her e-mail at all.  I got a phone call from her shortly thereafter, asking what she should do. 

I didn't really have any good suggestions.  Once your e-mail has been taken over, it's hard to get it back.  The hacker had changed the "secondary" e-mail address and the cell phone number that google uses in the even that you forget your password.  It's way to easy to make that change - you just go into a setting and change it.  Anyone could do it.  So it's a no-brainer that the hacker had already done that.

But what was even creepier that this particular hacker was very agressively trying to trick people and he/she (for some reason I think it's a he) spent a lot of time yesterday sending individualized e-mails to people who happened to respond to the e-mail or who were on g-chat.   Here is the response that I received:

"It's me.. this is for real, I'm doing everything i can to work my way out of here peacefully.. i have checked with the consulate but there is nothing really working out, most important is i don't have enough money on please, please i need you to loan me some, i can pay you back in couple of days."

I knew that this was a hoax because I had just spoken to my sister on her home phone the evening before, and knew without a doubt that she wasn't in London.  But others weren't so sure, especially since my sister and her husband travel a LOT (at least in my book they do.)  So it wasn't totally crazy to think that something like that had really happened.  My brother-in-law (BIL) - who had just returned to the country from Bolivia - was contacted via a g-chat session that the hacker initiated with him.  The hacker was casual enough that it took BIL a few minutes to realize that there was definitely something shady going on.  At which point he contacted me.

A few hours later we found out that her Facebook account had been taken over as well.  The hacker was trying to initiate chats with Facebook contacts, trying to convince people that "my sister" had had her cell phone stolen and then Facebook was the only way she could get in touch with anyone.  This hacker chatted with multiple people and had convinced my cousin enough that she actually called her mom to see if she knew anything because she was so concerned. 

Multiple other people had received responses from the hacker as well.  It seems like later on in the day, he became more aggressive, outrightly asking for $1500 to be wired through Western Union (in the e-mails that I received, money wasn't initially asked for - he was trying to garner up some sympathy first.)  I decided to see if I could learn anything from this hacker and responded (near the end of the day) to the second e-mail that I had received - "What are you doing in London? I didn't know you were going anywhere."  But that point, he must have known that I wasn't going to be tricked - I never received a response. 

So, this is my warning to everyone to CHANGE YOUR PASSWORDS, NOW!  Make sure that it's not an obvious guess - avoid your birthday, address, pet's name, children's names.. anything that could easily be guessed and that is somewhat public information.  Use variations of capital and lowercase letters, use numbers, and random characters that don't have anything to do with a word.  Just make it hard..

I got my g-mail account back in mid-2004.  I have YEARS of e-mails, documents, photographs and memories in that account.   I also use Google Reader and would lose all of my blog links.  My Picasa albums would be gone.  And my Blogger account?  Gone as well.... It's easy to not realize how much I rely on google and their products each and every day - most mornings I check my e-mail on my phone right after I get out of the shower... If it was gone, I would be devastated, and would probably lose most of the contacts in my life.  All of those personal conversations - I would feel completely violated and sick with disgust, especially if I hadn't done everything that I could.

So, in addition to changing your password to something hard, I have one final tip.  Google offers a secure site that you can use that will encrypt your data before sending/submitting if you're using a public network or non-secured wireless connection.  Simply go to https://mail.google.com (notice the S in https?? That's the secure server) instead of your regular g-mail login location and you should be able to connect via their secure server. 

Google is NOT helpful once your account has been compromised.  From what I can tell, they offer no assistance at all, unless your secondary e-mail address or cell phone number are still intact and they can send a new password there.  But if your hacker is smarter than a second grader, they'll probably know to change this.  Which means that your account is gone.  Forever.....

Don't let this happen to you.

3 comments:

Laura said...

Ooooh! That IS crazy! I hope it never happens to me.

Melissa said...

That sucks! I pray it never happens to me! I do not understand people that do stuff like this! I am like you, have had my gmail account for 4 years! & i have lots of stuff saved! Thanks for your suggestions.

Ms2Mrs..back to Ms said...

Wow. That is super creepy. I hope things work out ok for your sister. Keep us posted.

Post a Comment