If it Can Happen to Me
So, it was a Sunday morning, April 14 .
I had just finished taking Bella for a walk. I noticed my phone battery was already a good
deal used and my phone was hot….to the touch that is. Though it is a pretty cool phone too. It was also pretty slow to respond, so I reset it
(turned it off and back on. It did not
come on. All I got was a black screen. I
tried for a little while and finally it came back on, but quickly got hot
again. So I decided I would just leave
it alone for a while.
At this point I logged in my computer and was about to do my
normal Sunday morning ritual, coffee and …..Disclose.TV! Yea! UFOs, conspiracies, Bigfoot…all the good
stuff. It comes out once a week and I am
addicted. Good entertainment….or is it? Anyway, immediately I noticed I could NOT log
on to my Gmail. This was troubling. I did all the normal stuff like reboot my
computer etc. and still…nope. Let me
point out to you at this point that I am in the IT industry for 20 + years now.
And at one time a bit of a hacker. These days not so much. At lot more difficult (though not impossible)
for what it is worth….seriously. You
have no idea. I have a life you know.
After trying several more times unsuccessfully it hit me, I’d
been hacked!!! How in the world?!? I mean,
I am pretty darn careful and I am in IT damn it! I quickly googled (pretty ironic huh?) the problem
and looked up what to do. I called
googled and as long as you have the answers to your “secret questions”. They can
send you a password reset link. At first the rep was going to email it so I
gave him my Outlook.com address but that was hacked too- I’ll get to this
later. He ended up just giving me the
link upon my answering my two very secret questions. Good thing I remembered the answers. It had
been 4 freaking years.
I reset my password but by the time I had been done talking
the google rep my phone gave out. Was
out of battery again already! And I had
not even used it. Once again it was hot
to the touch…real hot.
I was pissed. I
had already had a phone replacement from AT&T. Instead of calling them I had to get online
and use the online chat offering. (Hate those).
They were nice enough to send me another phone overnight. Of course, this couldn’t actually be sent
until Monday and I received it Tuesday. The
next day from work I began to get control of my outlook.com account. I should also mention that my phone, the old
one, would not even turn on anymore regardless of how long I attempted to
charge it. Again…very hot even though it
would not boot any longer.
I spoke with Microsoft rep (in India?!?!) and guess what?
They were able to tell me quite a bit.
Apparently their logs did not show any hacking but they did show a lot
of activity from China, Romania and California? No hacking I said? No was the reply. They showed me changing my password late ….REAL
late Saturday night. The hell I did I
told him. Long story short they were
able to look at their records and show all the activity that took place AFTER
the password was change as well as the origin.
Yep, you guessed it, China and Romania? both bouncing off a server in LA. Without
getting too technical and from what I had been keeping up on I began piecing this together.
What this hack job was doing was collecting addresses to
spam. Yep, no longer is searching for financial
information the top priority. Most people
are too smart for that these days.
Apparently there is more money in the literally thousands of addresses
they collect from your contacts. But wait!
That’s not all! If you are like
most people (and this guy) you have multiple email accounts. I have Gmail, and Outlook.com. In
addition I have my work account at the college I work for. Now most users, that’s
right, most have the same exact password for most if not all of their accounts!
I know I did, for years with the exception of my work email. So now, once a hacker gets in, and I can
explain how later, they see correspondence of your other accounts. How?
When you set up other accounts you have to give a “secondary recovery
email address”. These hackers are well aware that most and I really mean most
(this guy included again) use the SAME password and more importantly the SAME security
questions and/or phone number….I mean who has two cell phones on them at all times?
And who can remember the answers to four or five DIFFERENT security questions? (NOT this guy)
Needless to say they reset my Outlook.com account. My new
phone came in. And then it all hit me. My
girlfriends Yahoo account was recently hacked. Yahoo has had over 450,000
accounts hacked this year alone, however they are not the only targets! Take a look at the links below. So how does that concern me? Well, take a look at this:
The email above came from my girlfriends Yahoo account. Some of the addresses are blocked out for
their privacy. Notice the link? This
exact email was sent to all three of my accounts as well as the others
listed. I believe I first received it AND
clicked on it from my Gmail account. Nothing
happened. Nothing opened. That was a bit odd but I did not think much
of it at the time. And look at all the other addresses it was sent to. By the time I received the third email at my
work address my girlfriend had informed me that her Yahoo account had been
hacked. I thought big surprise. Just so
you all know, Yahoo is the absolute worst.
User accounts on Yahoos services have been hacked more than all the
other services all combined! See the
links below for the info on this.
And then it gets even more interesting. At work I receive this notice. Why? Because apparently users at my work have also
been victims. The good news about that is the hardware firewall we have at work
keeps it at bay. Unfortunately it cannot
prevent it from its intended objective which is to harvest email address and
contacts. Normally, you will not even
know you have been hacked. They will
continue to harvest your email addresses and those of your contacts and any
other information they can get. In some
reported cases like my own, you will know it and you will not be able to get
one or all of your accounts. The lesson
is this. Don’t be like me. DO NOT have the same simple password for all
your accounts because once they are one account they see another account of
yours that you have emailed between accounts with. It does not take a rocket scientist to figure
out that you have used the same password.
So for them, more email addresses to spam. Also many of us idiots, myself included have
same password for their “other” accounts.
Bank accounts, utilities, eBay etc.
Now THERE is a jackpot of financial information as well.
This brings me back to my phone. The one that fried and I had to have
replaced? I will give you one hint as to
why now. Apparently whomever was “harvesting”
my accounts for the information they contained also got to my cell phone
account. They had been literally burning
up the location services on my phone using the built in location services like latitude
and my windows phone find feature. That
feature on my phone was not working anyway but apparently it was still able to
literally burn up my cell by making it so hot it shut off. This was a flaw in
my phone. This is not normal and in all likelihood
happen to you.
In closing. What you
should do if you feel you have been compromised. To begin with…..DO NOT click
on ANY link you do not recognize even if it is from someone you know. Look at the link above. It is not from YouTube or any other easily
recognizable service. When in doubt
contact the person that sent it and ask.
Opening the email does not get you into trouble at this point but
clicking the link will. You will not
even know it. Change ALL your accounts
passwords. Not just your email accounts,
but for utilities and especially your banking. Do NOT use the same passwords
(like this idiot did).
SCAN YOUR PC! Use Malwarebytes or another AND a good virus scanner like Microsoft Security Essentials. Do not just rely on one!
SCAN YOUR PC! Use Malwarebytes or another AND a good virus scanner like Microsoft Security Essentials. Do not just rely on one!
Now….to tell the girlfriend(ex?) It's not as easy as you think. She could be and most likely is comprimised. Worse yet, she could think it's me. I have found out long ago hacking isn’t
sexy. Not to mention that I don't have the skills to pull off what I used to 4 or 5 years ago. However she is partial to Chinese people.
UPDATE:
This Sunday (today for me) I got a call from one of my credit cards with a few charges for services that they thought were suspicious. They were correct. Five charges in all; $1.99, $1.95, $9.95 etc. all under $10 a piece but none were of my doing. Final advice: CHANGE YOUR CREDIT CARDS & BANK CARDS! What a pain in the ass..... This only seemed to affect one of my 3 credit card but it also affected my debit card. You see, if you purchase anything while infected, then they have access to your payment information. Scan your computer! If you purchased anything where you had to put your card information in, meaning it was not already stored on the sitess' service, then consider changing your cards. I had to scrape for change to get my coffee this morning.
I am seriously giving thought to getting a guaranteed prepaid credit card I can just refill to use online and around town.
ANOTHER UPDATE:
Today I find that my paypal was overdrawn but almost $360! And you know where this money is drawn from? Yep, you guessed it, my bank account! So, now my bank account is overdrawn and this time by a credible source, Paypal. They are getting it sorted with Paypal but that means I am effectively out that money until they do, which could take up to 30 days! .......#@&^&!#
UPDATE:
This Sunday (today for me) I got a call from one of my credit cards with a few charges for services that they thought were suspicious. They were correct. Five charges in all; $1.99, $1.95, $9.95 etc. all under $10 a piece but none were of my doing. Final advice: CHANGE YOUR CREDIT CARDS & BANK CARDS! What a pain in the ass..... This only seemed to affect one of my 3 credit card but it also affected my debit card. You see, if you purchase anything while infected, then they have access to your payment information. Scan your computer! If you purchased anything where you had to put your card information in, meaning it was not already stored on the sitess' service, then consider changing your cards. I had to scrape for change to get my coffee this morning.
I am seriously giving thought to getting a guaranteed prepaid credit card I can just refill to use online and around town.
ANOTHER UPDATE:
Today I find that my paypal was overdrawn but almost $360! And you know where this money is drawn from? Yep, you guessed it, my bank account! So, now my bank account is overdrawn and this time by a credible source, Paypal. They are getting it sorted with Paypal but that means I am effectively out that money until they do, which could take up to 30 days! .......#@&^&!#
