Greetings from XXXXX – Alive and Well in Singapore
Posted by: “XXXXX”
Sat Apr 9, 2011 12:01 am (PDT)
HI Guys, Saturday, April 9th, 2011.
Greetings from Singapore.
I understand that on March 22nd an “Emergency Help!!!” SCAM e-mail was sent in my name to the Manhattan Prep 1964 Yahoo Group.
My apologies if it created any alarm.
However, I am sure that any Prepster who received this e-mail would have realized that the exaggerated emotional tone and piss poor grammar gave it away as a scam…
Here is the background on the scam…
On the evening of March 22nd, someone hacked into my Yahoo/Prodigy Account, hijacked my address book, which contained about 1,400 addresses and then proceeded to send out an “Emergency Help” E-mail asking for money. The hacker even changed my password and set up a forwarding address edward1.coll@yahoo.com to which all my incoming e-mails went so he could try and continue to perpetrate this scam.
Within a few minutes of the scam e-mail being sent, I started receiving phone calls and e-mails from all over the world from people on my contact list enquiring if I was O.K. and whether they should send money to me via a Western Union Office in London .
I told them that this was a big SCAM and to just ignore the e-mail and not even reply as the hacker had arranged to have all the replies forwarded to him. What an operator !!!
It was really frustrating as this hacker also changed my password so I could not initially access my account to see what was going on
I was finally able to get in touch with Yahoo’s Customer Service Department and spent about two hours on the phone with them to get my password reset so I could access the account and cancel out all the forwarding addresses that the hacker had set up.
The worst thing was that he erased my Yahoo Address book and the 1,400 names it contained. Fortunately, I had backed up the address book so I was able to re-import the contacts to my yahoo account.
I hope this matter is settled now. and that no one was duped into sending this hacker any money.
My e-mail address, {Privacy Invoked} should be secure now.
Best regards,
# – # – #
I’m glad you’re OK. It’s not that we have any fellow alum to spare.
On a technical note, were you able to determine, how the hack was accomplished? I’m interested from an InfoSec pov. The default assumption was that someone kept “knocking on the door” with passwords until it opened. It’s not hard to imagine a bot (software robot) doing that. But, it’s also possible that it was malware on your computer or malware on a site you visited with an old browser.
Interesting?
May I suggest that you, or anyone, have your own domain? The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “reinke.cc”. (I like saying “sea sea me at reinke.cc”! me@reinke.cc will actually work!)
I can send you some links to stuff that I’ve posted on my blog “Reinke Faces Life” about how to “do” email to avoid such unpleasantries. It’s neither hard not expensive.
Unfortunately, having a yahoo, gmail, or hotmail account makes you are target for the black hats. Eventually they find everyone who has one of those “free accounts”.
At the very least, one can hide by using a very long random string password. I use twenty characters. Of course, I use tools like roboform, last pass, and even the infamous yellow stickie to remember them.
But I doubt anyone has as many unique ids and passwords as I do. I’m a little nuts about it.
I’m now off to change my Yahoo password to something longer. I’m sure someone is listening.
:-)
# – # – # – # – #
Reinke Faces Life 