Hacked Off!

Friday morning, I was in the usual frenzy to get ready for work when my sister called. I knew it must be important; she knows better than to call me when I’m trying to get ready for work. Apparently my facebook status update reported that I was in dire need of help. She called again within a few minutes to report that her sister-in-law, one of my FB friends was chatting with “me” and “I” was telling her that I was in London, had been robbed, and needed money wired.  I knew I had been hacked, but I didn’t know the lengths these hackers would go to. As I later found out, I was  a victim of the Nigerian 419 Scam.

I’m so glad, that despite my lateness for work, I took the time to check my gmail account. I was stupid and naive enough to have the same password.  Never really thought it would be a problem. I have passwords for so many things, it’s just easier for me to remember a few variations of the same password.  I didn’t have time to check to see if the hacker was in that account too, I just wanted to change the password ASAP.

While I was in my email, I noticed the top email from my bank, stating that my account was overdrawn. Funny, I thought, I had over $1600 in there 2 days ago. So I left for work in a panic, thinking I ‘d been robbed, but not knowing how hackers could have gotten into my bank account (that definitely has a different password and extra security measures).  To my relief, the bank matter was just an incidence of terrible timing. On the phone, the bank worker confirmed that all the charges were my own. We just had extra car repair bills and several automatic payments that occurred all at once.

I got a few more calls from concerned friends, wondering if I was OK.  The hacker continued to instant message people on my friends list, asking for money (I have no idea how many and which friends were contacted).   In the meantime, I was helpless. I couldn’t get into my account to warn my friends and I don’t have the email addresses of most of my FB friends in my regular email account.   I only know what was going on with my status update because some friends showed me. When you leave a status update on FB, friends can leave comments that all your friends can see.  Of course there were comments like, “Oh my goodness, is she OK?” and “Does anyone have her phone number”.  Then there were comments from friends who knew it was a hacker warning everyone else. The hacker would delete these comments every few minutes.  A few friends and I reported the problem to FB, and I’m not sure how long the hacker was “active” on my account, all the while trying to play upon the compassion of my friends and swindle them out of money.

The situation seems to have been resolved at this point….well not completely resolved of course, as the hacker is still out there. He/she was just kicked out of my account and is off to troll for new victims.

I did a little bit of online research because I was clueless on this topic. How in the world did they get my password? From what I found out, they “phish”, or set up a page that looks just like Facebook. While you think you are logging into your FB account, you are actually giving the hackers your password on a look-alike FB page. There are other ways of course, but I think this is most likely what happened in this case.

And by the way, the hacker did get into my gmail account. (So thankful I did change that password early on). I found it odd that I didn’t get any emails throughout the day Friday. Sure enough, when I checked, the hacker had set up another email account that my mail was going to – copies were going straight to my trash box. He/she had set up an account at  tawnyamarie@37 dot com. (I just have to point out, that it’s a bit ironic, as I’m not 37 yet).

This whole experience leaves one feeling very vulnerable and angry. You just don’t know exactly what the hacker has access to. (At first I wondered if it was everything on my computer, all my keystrokes, or just FB.) You wonder if your friends are going to look at your emails with a bit of hesitancy. You hope no one fell for the scam or blames you for any extra spam they may receive.

Despite my anger and bitterness, I had to laugh at this conversation someone had with a hacker on FB: http://www.businessinsider.com/2009/1/nigerian-scammers-still-roosting-on-facebook.

And finally, a few tips from what I’ve learned. If you’re a computer savvy person and I am wrong on something, please correct me:

1. Do NOT have the same password for multiple accounts. We’ve all heard it, now I know why it’s true. You can bet I went and changed all my passwords to much longer, more complicated ones. If you haven’t done this, go do it now!

2. If you’re a FB user, when you get emails from FB, don’t click on links in the email. Visit the site directly to prevent phishing.

3. Please know that if you have a friend that gets kidnapped, he/she probably won’t….
     a) run to FB as their first mode of communication.
     b) contact people that are friends but not close ones. (For example my sister’s sister-in-law. I like you Maria, but don’t know you well enough to be asking for hundreds of dollars).
     c) change the way they talk and/ or suddenly have bad grammar. Many times the hackers aren’t from the U.S. and may use slang from other variants of English. (i.e. I probably would never say “I need money for lodging”. That’s just not common in American English.)

4. If someone does contact you, whether by phone, email, FB, you can always ask questions that only the real friend would know (things that aren’t on the FB account). Or if they’ve contacted you via the computer, just call them.

5. It’s OK to unfriend someone on FB when they get hacked; you can add them back later. While in your account, the hacker can see anything in your profile, including contact information. My sister unfriended me Friday. My feelings weren’t hurt at all – though if she refuses to take me back that’s another matter!

6. I don’t think I would list my phone number on FB. I read about cases where hackers were calling people, harassing them about sending money.

7. For gmail users: I found a very useful tool at the bottom of the page….”Last account activity” If you click on details you can see if anyone else has accessed your account. No one has since I changed the password, and it’s good to get confirmation of that.

8. Be careful of videos that “friends” send out on FB. I’ve seen messages with videos from friends that were obviously not authentic. I knew because the hacker in one case used bad language and this particular friend doesn’t talk like that.

9. Just because an email says it is from a friend, doesn’t mean it really is. An article I read explained that the return address can be made to say anything, whether authentic or not, just as someone can write a completely false return address on snail mail. (So hopefully none of you get email from “me” via the email account the hacker set up). 

Be safe out there! All of you us trusting, compassionate people have to be extra careful, as there are people just ready to prey upon those attributes.

~ by tawnyamarie on August 31, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: