ICFE eNEWS #14-10 - Jun 10th 2014
I've Been Hacked! What Now?
By Jim Garnett, a/k/a Ask Mr.G, a member of the ICFE's Board of Educational Advisors
Last week it happened to me big time - I got hacked AGAIN! My email
account, "email@example.com," was hacked, and a letter asking for funds
with my name signed at the bottom was sent to all my contacts.
Here's the email:
I really don't want to disturb you about this but I had no one else to turn to. I'm in Instabul (sic), Turkey to see my cousin who's here undergoing treatments. she's critically ill and needs family support. She is diagnosed with (Acute Lymphoblastic Leukemia) - a type of Blood Cancer in 2011 and she had been undergoing treatment since. The chemotherapy treatment was going fine until last week when the doctor noticed that the disease has relapsed and the only way she can survive is by undergoing a BMT (Bone Marrow Transplantation). My sister whose marrow matched she has agreed to be the donor and she will be undergoing the transplant soon. I have already spent a lot towards her treatment since i arrived here. Since the amount is huge, I request you to lend out a helping hand and support me with a loan of $3000 Since I don't know your financial status at the moment, any kind of help whatsoever will be deeply appreciated. Your help and support will give her a chance to live a normal life once again. There is nothing called a small help when the heart giving it is big. Any amount will be accepted with gratitude and paid back after the surgery. Please let me know how much you can loan me so that i can provide you with the details to get the money to me and, I will pay back as soon as I return.
The email contained misspelled words, "strained" English phrases like "my sister she" and "when the heart giving it is big," and the return email address was one letter different than mine - "firstname.lastname@example.org." The other two times this account was hacked, I sent an explanation email to all my contacts, but this time my contacts had disappeared, so, there was no way to notify anyone of what had occurred. Two days later I found all my contacts in the "Deleted" box and "Restored" them.
I immediately started receiving emails and phone calls from friends and family who knew it was a hoax. Here's a couple of interesting ones: "I just saw you 2 hours ago, so I know you are not in Turkey!"...."If this hacker only needs $3000 for this surgery, he must have better health insurance than I do!"...."You taught me not to send money overseas through the Internet - so I know it's not you." I jokingly told some of these people to just send any donations to my home address in Ankeny!
But I also received responses from people who, out of compassion for me, were taking this email request much more seriously. They attributed the "strained" English to me being under duress, and they saw that it had my name at the bottom. Their compassionate response of wanting to help me was very much appreciated but a reason for great concern. I do not want someone to lose money because my email account was hacked.
I have read that Yahoo and Gmail are equally secure, but my Yahoo accounts have all been hacked, some once, some three times. while the Gmail accounts have never been hacked. This is not to say they could not be hacked tomorrow, so time will tell if this was a good move. So, instead of following the "what to do after you are hacked" advice again, I left my Yahoo accounts open, but made them less attractive and less effective to hackers. How did I do that? I transferred my contacts (the people who get the hacker's emails) from the accounts.
These are the steps I took:
1. I "Exported" my Yahoo contacts to a .csv (comma separated values) file.
2. I then "Imported" these contacts into a corresponding Gmail account. That way, I still have all the emails but they are kept in a Gmail, not Yahoo, email account.
3. I then "deleted" the contacts in the Yahoo account. Since there are now no contacts in Yahoo account, there is no one to whom emails can be sent.
4. I changed all the passwords and used upper case, lower case, numbers, and symbols like before. Did you know that in 2013, the password "123456" replaced the word "password" as the most often used password on the Internet? I think we could be more creative than that! There is an abundance of information about selecting passwords just waiting to be "Googled."
Why didn't I just did not close the Yahoo accounts, and go with only Gmail accounts? Because I have a lot of publicity "out there" that uses the "email@example.com" in the contact information.
I also pursued the matter with an investigator in the Consumer Protection Division of the Iowa Attorneys' General Office. He said these overseas hackers are impossible to catch and there is no reason to try.
Did I learn anything from being hacked this time? Only that the reason hackers hack is because there is some level of success in their efforts. If only one person sent money for "my cousin's surgery," it was worth the time spent hacking.
If you were a recipient of one of my hacked emails from "firstname.lastname@example.org" please forgive me for any inconvenience it may have caused you. I've taken steps to keep it from happening again, but these hackers are extremely bright people! It's too bad they can't do something more constructive with their "brightness."
© Jim Garnett. The information on this site should be understood to be a general discussion of the subject matter and DOES NOT constitute a legal opinion about the situation. For further information please consult a qualified attorney.
President - Executive Director
Institute of Consumer Financial Education (ICFE)
ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401