The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Email addresses were compromised.... Need help fast!

urahonkyurahonky Cynical Old ManRegistered User regular
edited March 2011 in Help / Advice Forum
Hi. So all of my email addresses were hacked, and all my passwords changed. I finally got back into my yahoo to find this little gem:
Hello there dear family.. we all livin in yellow sub marine ;)
I would ilke to ask you for some help me over here...
please transfer to my Libery Reserve account some money like 300USD
and I will give back alll acounts of <name> to him... well he can suspend them as well but... I don't know if he want this...
I will wait 4 days and after that I will start do stupid things like using his Credit cards amazon accounts etc...
YOUR familiy Hacker - the bad mother fucker ;)
PS:
My Liberty Reserve account is U5533525
U5533525
U5533525
U5533525
U5533525

Also
Hello bro... I will give you time till 4th to send me 200LR USD as you alread earned on mint.com 700USD so you are rich... I don't have got anything to eat over here so if you will not send me this money to my Liberty Reserve U4415154 account than i will start do things which you would not like me to do..
have a good day bro

Please help me. I don't know what to do! I've deleted all my credit cards off of amazon, and deleted my mint account.

urahonky on
«13

Posts

  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    I'm going to be formatting my computer in a few... I'm currently in Linux running through all the sites I can think of to change their passwords.

    urahonky on
  • Disco11Disco11 Registered User regular
    edited March 2011
    set up a new e-mail address from another computer and transfer the accounts there.

    Disco11 on
    PSN: Canadian_llama
  • MushroomStickMushroomStick Registered User regular
    edited March 2011
    You also might want to call your bank and credit card companies and explain the situation.

    MushroomStick on
  • Farout FoolioFarout Foolio Registered User regular
    edited March 2011
    I'd go a step farther and actually report the numbers as stolen.

    Farout Foolio on
    2tyFzTC.png

  • WillethWilleth Registered User regular
    edited March 2011
    All of the above. Call your bank and credit card companies and tell them that your accounts are compromised.

    Willeth on
    @vgreminders - Don't miss out on timed events in gaming!
    @gamefacts - Totally and utterly true gaming facts on the regular!
  • harry.timbershaftharry.timbershaft Registered User regular
    edited March 2011
    Assuming you're in the US... report this to your local FBI office.

    Yes, seriously.

    There's a lot going on here.

    harry.timbershaft on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    I've formatted my machine. Changed all my passwords and got all my email accounts back. I've contacted the police here and they took a statement with all the emails he sent to me. I am going to cancel my credit cards tomorrow, and call the credit bureau and put a fraud alert on it.

    urahonky on
  • WillethWilleth Registered User regular
    edited March 2011
    Check if your CCs have a 24-hour phone line. If they do, call now.

    Willeth on
    @vgreminders - Don't miss out on timed events in gaming!
    @gamefacts - Totally and utterly true gaming facts on the regular!
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    We just tried calling one and Bank of America said that Ohio residents cannot log in right now for some reason.

    urahonky on
  • matt has a problemmatt has a problem Points to 'off' Points to 'on'Registered User regular
    edited March 2011
    B of A has been having problems for two days now, lots of intermittent outages due to an update they installed over the weekend.

    matt has a problem on
    nibXTE7.png
  • HevachHevach Registered User regular
    edited March 2011
    Assuming you're in the US... report this to your local FBI office.

    Yes, seriously.

    There's a lot going on here.

    You mention police, did you call the local police? Depending on how big the department is there, they'll range from unhelpful to helpless. Call the FBI. They have a fairly extensive force dedicated to fraud and extortion. You're in Ohio sounds like? Here you go. Check if you're in the Cincinnati or Cleveland jurisdictions, then click the bold links to that section's site for contact info.

    Hevach on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Thank you so much Hevach... I'll call them tomorrow when I wake up and see what they say.

    urahonky on
  • ceresceres When the last moon is cast over the last star of morning And the future has past without even a last desperate warningRegistered User, Moderator Mod Emeritus
    edited March 2011
    Creepy as hell. I cannot emphasize enough the importance of changing every password you can think of right now, not just ones things that are directly finance-related. Battle.net if you have one, Xbox live, any subscriptions you might have... anything. It sounds like you're already on that.

    Before you did the format, did you run a virus scan or anything to see if it could have been something on your computer? Logs from a program like Hijack This! might be useful.

    ceres on
    And it seems like all is dying, and would leave the world to mourn
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Thanks I didn't think of battle.net... He stole my email for hotmail, which was my xbox live, but I'm in the process of getting that back.

    I wish I had remembered to run hijack this but I was pretty scared that anything I was doing on that computer was being watched so I purged it real quick. Now I'm installing Microsoft Security Essentials.

    urahonky on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Looks like my steam may have also been compromised as well..

    urahonky on
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2011
    urahonky wrote: »
    Looks like my steam may have also been compromised as well..

    If you get it back, validate your email address (File -> Settings somewhere). That way a hijacker can't change the email for the Steam account if they get access to your Steam login credentials.

    ...not that this actually helps if the actual email account is compromised, but it's extra security for the Steam account.

    I keep saying that my email account is my life, and this pretty much proves that point.

    The way I have it set up is that I have my main email account with my web host with a very secure password that I can't even remember (got it in my encrypted password wallet though). I've set that up to forward to my Gmail account, which is what I use for actual reading/mailing.

    Echo on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Contacted the FBI and filed a report (I gave them the IP address that was used to log into my facebook account in New Jersey). They also instructed me to file a report with the Internet Crimes website (www.ic3.gov) and I did. My wife will be canceling our credit cards today and getting new ones. I've printed all of the emails he sent me and filed them for safe keeping.

    I really don't think it's worth the trouble for 100USD... Especially since he could be going to Federal Prison.

    urahonky on
  • ArbitraryDescriptorArbitraryDescriptor Registered User regular
    edited March 2011
    urahonky wrote: »
    I really don't think it's worth the trouble for 100USD... Especially since he could be going to Federal Prison.

    Two possibilities spring to mind:

    - It's a kid (teenager), kids are more capable than they are wise; and a few hundred bucks is a lot of money to a person with no income (or expenses).

    - You're one of a large set of people to receive those messages (the NJ IP could be a proxy masking someone operating outside of the country).

    ArbitraryDescriptor on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    That's very true. I just have a hard time assuming if it's a kid, or if it's someone out of country. At first I immediately assumed that it was the out of country, but when I saw the NJ I thought about the school system there. :P

    I'm still waiting on my hotmail account recovery thing to go through (ugh, damn you Microsoft) but as soon as it does I'll be changing the password for it, and the security question, and adding any additional security to it. I'm still a little nervous about the whole thing. I had a hard time sleeping last night.

    urahonky on
  • bowenbowen Sup? Registered User regular
    edited March 2011
    Make sure to tell all your contacts to ignore emails from you that are asking for money or gifts.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • rizriz Registered User regular
    edited March 2011
    Ugh, good luck.

    I'm curious, you said ALL of your email addresses were hacked. Were you using the same username and password for everything? Did you find that your computer itself was compromised?

    riz on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Same name for 3 of them, one was different. Password was same for 3, but not the other. No idea how he did it, unless he hacked into my computer and was able to retrieve saved passwords or something.

    Which I'm not doing anymore. Also running Microsoft Security Essentials, turned the Firewall on, and am clearing the cache each time I close the browser.

    urahonky on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    bowen wrote: »
    Make sure to tell all your contacts to ignore emails from you that are asking for money or gifts.

    Ironically that one email he sent that sounded like he wanted to send to my contacts was sent back to the original address, and no one else. I asked my parents to look at their email and they said they hadn't received an email from me.

    urahonky on
  • bowenbowen Sup? Registered User regular
    edited March 2011
    urahonky wrote: »
    Same name for 3 of them, one was different. Password was same for 3, but not the other. No idea how he did it, unless he hacked into my computer and was able to retrieve saved passwords or something.

    Which I'm not doing anymore. Also running Microsoft Security Essentials, turned the Firewall on, and am clearing the cache each time I close the browser.

    Probably just a MITM attack of some sort, or a trojan keylogging. Like if you typed http://mail.google.com, chances are the next two sets of words you typed would be your username/password.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    Huh. Should I be using bookmarks instead? I'm normally pretty good about looking at my task manager for unknown objects to keep an eye on things.

    urahonky on
  • bowenbowen Sup? Registered User regular
    edited March 2011
    It probably wouldn't matter, obviously the best methods are safe browsing/email habits and virus scans. You don't use hot spots do you? Or even Wifi in general? It could be anything really.

    Someone could just be snooping on your wifi at home if it were unprotected, or listened to network traffic at a hotspot.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • LykouraghLykouragh Registered User regular
    edited March 2011
    So I work for Yahoo!, and you should also report this to us too by going through the account security forms at help.yahoo.com.

    Possibilities for how it happened are keylogger and Firesheep, if you use unsecured wireless access points.

    Also though, this does not sound like the typical Nigerian scam that hits most compromised accounts. They usually email all your contacts pretending that you were mugged in London and need to be wired money. This sounds more like a script kiddie.

    Lykouragh on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    My wifi is 64bit encryption. I don't use hotspots, but I do log in occasionally at my university's computer labs. Do you think they could be on there?

    I'll head to help.yahoo.com and I'll fill out the forms, thanks Lykouragh.

    urahonky on
  • ArbitraryDescriptorArbitraryDescriptor Registered User regular
    edited March 2011
    urahonky wrote: »
    I do log in occasionally at my university's computer labs. Do you think they could be on there?

    Depending on how tight a ship your school's IT staff runs: Yes, it's possible.

    Public computers always make me nervous; they're a double threat. People do dumb shit on them so the probability of an accidental infection is higher, and they're also an excellent target for intentional infection, because you're going to catch more people for less work.

    ArbitraryDescriptor on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    That's true. But I always boot the machine up and it looks like it's running one of those state machines, where after a reboot it returns to its original state. I guess it's possible that it could have infected the original partition...

    urahonky on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    The worst part of this is now I'm very, very paranoid when I log into my email accounts. Ugh. I hate this!

    urahonky on
  • LykouraghLykouragh Registered User regular
    edited March 2011
    Firesheep basically only works if you're on a totally unsecured public wifi and log in to your accounts. Keylogger, I guess. Probably on your home machine. :(

    Lykouragh on
  • ArbitraryDescriptorArbitraryDescriptor Registered User regular
    edited March 2011
    I googled around for RSA enabled webmail services and got nothing. That would be ideal for easing your anxiety. Even if they got your password, it would only be valid for, at most, 60 seconds; and I don't imagine that people watch a realtime feed from their keyloggers.

    ArbitraryDescriptor on
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    I feel slightly better that I've taken proper protocols to cover my ass, but still... Every time I look at that Yahoo! mail login screen my pulse jumps.

    I wish hotmail would freaking let me have my account back!!! It's still in limbo.

    urahonky on
  • EchoEcho ski-bap ba-dapModerator, Administrator admin
    edited March 2011
    urahonky wrote: »
    My wifi is 64bit encryption.

    That's sounds like WEP, and that's bad. It's cracked in about five minutes. Switch to WPA2.

    Echo on
  • THEPAIN73THEPAIN73 Shiny. Real shiny.Registered User regular
    edited March 2011
    How do we know this is the real urahonky?!

    Joking aside, this sucks, but it sounds like you have taken every precaution you can to cover your financial bases.

    You did the right thing not giving money the first time, because stupid ass hackers like that know that if they get someone to give them money the first time then they can do it over and over again.

    THEPAIN73 on
    Facebook | Amazon | Twitter | Youtube | PSN: ThePain73 | Steam: ThePain73
    3DS FC: 5343-7720-0490
  • urahonkyurahonky Cynical Old Man Registered User regular
    edited March 2011
    I think I'm going to go ahead and do the WPA encryption today when I get home from classes.

    I think the guy was bluffing anyway... If he had the opportunity to use my CCs and stuff why didn't he just buy a bunch of shit and be done with it?

    urahonky on
  • THEPAIN73THEPAIN73 Shiny. Real shiny.Registered User regular
    edited March 2011
    You still did the best thing which is to secure everything and report the idiot.

    Hopefully it turns out a-ok.

    THEPAIN73 on
    Facebook | Amazon | Twitter | Youtube | PSN: ThePain73 | Steam: ThePain73
    3DS FC: 5343-7720-0490
  • seasleepyseasleepy Registered User regular
    edited March 2011
    I googled around for RSA enabled webmail services and got nothing. That would be ideal for easing your anxiety. Even if they got your password, it would only be valid for, at most, 60 seconds; and I don't imagine that people watch a realtime feed from their keyloggers.

    Google has actually recently set up an optional 2-stage verification system. If you've got a cell (preferably a smartphone) around every time you log in to google, it's something people should look into.

    seasleepy on
    Steam | Nintendo: seasleepy | PSN: seasleepy1
  • UncleSporkyUncleSporky Registered User regular
    edited March 2011
    I don't have much help to offer aside from what's already been said, just wanted to say that sucks urahonky and I hope everything turns out ok for you.

    The first thing you should do when something like this happens is completely disconnect the computer from the internet, download updates to scanning software like MalwareBytes and HijackThis on a different computer, and try to boot into safe mode and run them via flash drive. Your computer will probably still need to be formatted and redone from scratch, but you might be able to gather some important clues as to how it happened. (You also might want to use a flash drive without important data on it and format it too afterward.)

    UncleSporky on
    Switch Friend Code: SW - 5443 - 2358 - 9118 || 3DS Friend Code: 0989 - 1731 - 9504 || NNID: unclesporky
Sign In or Register to comment.