As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
Email addresses were compromised.... Need help fast!
urahonky
Resident FF7R haterRegistered User regular
Resident FF7R haterRegistered User regular
Hi. So all of my email addresses were hacked, and all my passwords changed. I finally got back into my yahoo to find this little gem:
Also
Please help me. I don't know what to do! I've deleted all my credit cards off of amazon, and deleted my mint account.
Hello there dear family.. we all livin in yellow sub marine
I would ilke to ask you for some help me over here...
please transfer to my Libery Reserve account some money like 300USD
and I will give back alll acounts of <name> to him... well he can suspend them as well but... I don't know if he want this...
I will wait 4 days and after that I will start do stupid things like using his Credit cards amazon accounts etc...
YOUR familiy Hacker - the bad mother fucker
PS:
My Liberty Reserve account is U5533525
U5533525
U5533525
U5533525
U5533525
Also
Hello bro... I will give you time till 4th to send me 200LR USD as you alread earned on mint.com 700USD so you are rich... I don't have got anything to eat over here so if you will not send me this money to my Liberty Reserve U4415154 account than i will start do things which you would not like me to do..
have a good day bro
Please help me. I don't know what to do! I've deleted all my credit cards off of amazon, and deleted my mint account.
urahonky on
0
Posts
@gamefacts - Totally and utterly true gaming facts on the regular!
Yes, seriously.
There's a lot going on here.
@gamefacts - Totally and utterly true gaming facts on the regular!
You mention police, did you call the local police? Depending on how big the department is there, they'll range from unhelpful to helpless. Call the FBI. They have a fairly extensive force dedicated to fraud and extortion. You're in Ohio sounds like? Here you go. Check if you're in the Cincinnati or Cleveland jurisdictions, then click the bold links to that section's site for contact info.
Before you did the format, did you run a virus scan or anything to see if it could have been something on your computer? Logs from a program like Hijack This! might be useful.
I wish I had remembered to run hijack this but I was pretty scared that anything I was doing on that computer was being watched so I purged it real quick. Now I'm installing Microsoft Security Essentials.
If you get it back, validate your email address (File -> Settings somewhere). That way a hijacker can't change the email for the Steam account if they get access to your Steam login credentials.
...not that this actually helps if the actual email account is compromised, but it's extra security for the Steam account.
I keep saying that my email account is my life, and this pretty much proves that point.
The way I have it set up is that I have my main email account with my web host with a very secure password that I can't even remember (got it in my encrypted password wallet though). I've set that up to forward to my Gmail account, which is what I use for actual reading/mailing.
I really don't think it's worth the trouble for 100USD... Especially since he could be going to Federal Prison.
Two possibilities spring to mind:
- It's a kid (teenager), kids are more capable than they are wise; and a few hundred bucks is a lot of money to a person with no income (or expenses).
- You're one of a large set of people to receive those messages (the NJ IP could be a proxy masking someone operating outside of the country).
I'm still waiting on my hotmail account recovery thing to go through (ugh, damn you Microsoft) but as soon as it does I'll be changing the password for it, and the security question, and adding any additional security to it. I'm still a little nervous about the whole thing. I had a hard time sleeping last night.
I'm curious, you said ALL of your email addresses were hacked. Were you using the same username and password for everything? Did you find that your computer itself was compromised?
Which I'm not doing anymore. Also running Microsoft Security Essentials, turned the Firewall on, and am clearing the cache each time I close the browser.
Ironically that one email he sent that sounded like he wanted to send to my contacts was sent back to the original address, and no one else. I asked my parents to look at their email and they said they hadn't received an email from me.
Probably just a MITM attack of some sort, or a trojan keylogging. Like if you typed http://mail.google.com, chances are the next two sets of words you typed would be your username/password.
Someone could just be snooping on your wifi at home if it were unprotected, or listened to network traffic at a hotspot.
Possibilities for how it happened are keylogger and Firesheep, if you use unsecured wireless access points.
Also though, this does not sound like the typical Nigerian scam that hits most compromised accounts. They usually email all your contacts pretending that you were mugged in London and need to be wired money. This sounds more like a script kiddie.
I'll head to help.yahoo.com and I'll fill out the forms, thanks Lykouragh.
Depending on how tight a ship your school's IT staff runs: Yes, it's possible.
Public computers always make me nervous; they're a double threat. People do dumb shit on them so the probability of an accidental infection is higher, and they're also an excellent target for intentional infection, because you're going to catch more people for less work.
I wish hotmail would freaking let me have my account back!!! It's still in limbo.
That's sounds like WEP, and that's bad. It's cracked in about five minutes. Switch to WPA2.
Joking aside, this sucks, but it sounds like you have taken every precaution you can to cover your financial bases.
You did the right thing not giving money the first time, because stupid ass hackers like that know that if they get someone to give them money the first time then they can do it over and over again.
3DS FC: 5343-7720-0490
I think the guy was bluffing anyway... If he had the opportunity to use my CCs and stuff why didn't he just buy a bunch of shit and be done with it?
Hopefully it turns out a-ok.
3DS FC: 5343-7720-0490
Google has actually recently set up an optional 2-stage verification system. If you've got a cell (preferably a smartphone) around every time you log in to google, it's something people should look into.
The first thing you should do when something like this happens is completely disconnect the computer from the internet, download updates to scanning software like MalwareBytes and HijackThis on a different computer, and try to boot into safe mode and run them via flash drive. Your computer will probably still need to be formatted and redone from scratch, but you might be able to gather some important clues as to how it happened. (You also might want to use a flash drive without important data on it and format it too afterward.)