Hacked

[Esel Mann]

Postal mail public service announcement......

First, there is a service the USPS is offering where you can see your mail before it's even delivered. I highly recommend people take a moment and create an account with the USPS. Why? Certain enterprising individuals have picked up on not many folks having such an account. So what do they do? Posing as you they sign up and then sign up for the informed delivery service. Walla now they can monitor your mail and get a heads up when there is any mail of *coughe* interest. However if one takes the time to create an account with the USPS (even if there is no intention of using it), it is much more difficult for the enterprising individuals to then hijack your account and set up snooping on your incoming mail.

Another nicety with an USPS account, one can automagically arrange to have mail held while out of town and then delivered upon your return. No need to go into the post office to set up or collect held mail upon return.

Second, when it comes to actually mailing something, especially anything check/payment related. Those convenient blue boxes (even the ones right outside the post office building) are toast. Being federal property doesn't deter the enterprising individual. The safest way of course to mail is to go to the counter. That however sux because the only people that go to the counter are people with problems or people looking simply for someone to tell their life story to. So your wait time may exceed your level of patience. The next best way is to take note of your post office's inside (not outside) drop box collection hours. Only mail there and only do so before last collection of the day. There is never a line/wait and being not only inside the post office but inside the actual processing area it is the least likely to be eff'd with.

[Evans, Marv]

Quote:

Originally Posted by stomachmonkey

Your email account got compromised, someone got access to your password. Could be from an old leak. People are creatures of habit and tend to reuse the same password over an over and rarely change them regularly. Even a decade old data leak can compromise you.

Here is what's happening.

They have set a rule in your online / web portal mail account, yes you have one, everyone does.

The rule moves all incoming mail into either spam or some folder other than your inbox.

They are monitoring that for emails from your contacts who are replying asking if what "you" just sent them is legit. They are replying yes to continue to spread their phising link.

They also typically will move all other mail back to your inbox so you are not aware anything odd is going on.

I've seen them run that on users for up to 2 weeks undetected.

You can scan your local machines all you want, the compromise is not there, it's in your web portal.

Somachmonkey. Are you saying I can change my security code and it won't make any difference? I changed it again erlier today. My emails are still going to my "conversation" instead of my Inbox. I tracked down the alias login. It's in Nigeria - of course. It shows the login location, operating system, browser and IP address. Anybody know what I can do with that info?

[Noah930]

Quote:

Originally Posted by Esel Mann

The next best way is to take note of your post office's inside (not outside) drop box collection hours. Only mail there and only do so before last collection of the day. There is never a line/wait and being not only inside the post office but inside the actual processing area it is the least likely to be eff'd with.

That's what I do now. Mail it in the slot INSIDE the post office. Fortunately my local post office has a lobby (with post office boxes) that's open 24 hrs/day, so I can mail stuff safely at any time.

[stomachmonkey]

Quote:

Originally Posted by Evans, Marv

Somachmonkey. Are you saying I can change my security code and it won't make any difference? I changed it again erlier today. My emails are still going to my "conversation" instead of my Inbox. I tracked down the alias login. It's in Nigeria - of course. It shows the login location, operating system, browser and IP address. Anybody know what I can do with that info?

Changing your password will cut their access.

Your problem now is the rules they set are still in place.

The rules are in place in your online mail portal, log in there and delete them.

And no, you can’t do anything with that info other than ask what you can do with it.

It’s almost certainly fake, VPN.

[Evans, Marv]

Thanks very much. I don't know how to log into my ibnline mail portal but I'll give it a try to find out. I'm still wondering how they got in.

Thanks everybody. You're all great.

[stomachmonkey]

Quote:

Originally Posted by Evans, Marv

Thanks very much. I don't know how to log into my ibnline mail portal but I'll give it a try to find out. I'm still wondering how they got in.

Thanks everybody. You're all great.

If using Office365 log into your dashboard at office.com.

If any other provider it’s generally webmail.xxxxx.com or xxxxx.com/webmail

[Evans, Marv]

Stomachmonkey. I managed to navigate to the panel where the rules were (I'm just on Outlook - no Office 365 ir anything else). I've had this account for 22 years. The "rule" on the top of the list was something about sending emails to some email address. I trashed that so hope I'm at least better off. I'm still tryiing to figure out how to retrieve my sent messages folder content. Thanks again.

[stomachmonkey]

Quote:

Originally Posted by Evans, Marv

Stomachmonkey. I managed to navigate to the panel where the rules were (I'm just on Outlook - no Office 365 ir anything else). I've had this account for 22 years. The "rule" on the top of the list was something about sending emails to some email address. I trashed that so hope I'm at least better off. I'm still tryiing to figure out how to retrieve my sent messages folder content. Thanks again.

Sounds like a variant of the standard breach.

They may have been deleting the sent stuff.

As long as you deleted any rules you did not set yourself you should be back to normal.

These guys are getting better and more creative every day.

Stay vigilant.

[speeder]

I got the same email from you, Marv and actually thought it was legit. I was ready to help out w the gift card but never got a reply on my follow-up email back to you. It sounds like they got all of your Pelican contacts but maybe other people got that email from you(?)

At any rate, they have my email address now.

[speeder]

Quote:

Originally Posted by Esel Mann

Postal mail public service announcement......

First, there is a service the USPS is offering where you can see your mail before it's even delivered. I highly recommend people take a moment and create an account with the USPS. Why? Certain enterprising individuals have picked up on not many folks having such an account. So what do they do? Posing as you they sign up and then sign up for the informed delivery service. Walla now they can monitor your mail and get a heads up when there is any mail of *coughe* interest. However if one takes the time to create an account with the USPS (even if there is no intention of using it), it is much more difficult for the enterprising individuals to then hijack your account and set up snooping on your incoming mail.

Another nicety with an USPS account, one can automagically arrange to have mail held while out of town and then delivered upon your return. No need to go into the post office to set up or collect held mail upon return.

Second, when it comes to actually mailing something, especially anything check/payment related. Those convenient blue boxes (even the ones right outside the post office building) are toast. Being federal property doesn't deter the enterprising individual. The safest way of course to mail is to go to the counter. That however sux because the only people that go to the counter are people with problems or people looking simply for someone to tell their life story to. So your wait time may exceed your level of patience. The next best way is to take note of your post office's inside (not outside) drop box collection hours. Only mail there and only do so before last collection of the day. There is never a line/wait and being not only inside the post office but inside the actual processing area it is the least likely to be eff'd with.

This is really good advice. Also, any paper check that I mail these days, (rare occurrence), I send Priority Mail w tracking and do it at the counter inside the PO. I put the plain envelope inside of their larger Priority envelope and pay the $8.00, or whatever it is these days. The peace of mind and security is worth it...I've never had one fail to arrive at its destination.

Check fraud as described earlier in this thread is as old as checks, nothing new fangled or high tech about it. I think that cave men were washing checks and cashing them. I once had a detective tell me that check fraud is a lot smarter crime than bank robbery, much bigger potential returns and a lot shorter prison sentence if caught. Take that FWIW.

[Evans, Marv]

Denis. Like I said, a friend of mine had a similar situation & exact type of hack maybe a month & a half ago, & I got one from him. I don't know if that's what caused me to get hacked or not. I'm always as careful as I (thiink) I can be about opening links and hope those exposed to this don't end up getting hacked. They seem to have sent out a lot of these things using my "sent folder" to people I haven't emailed in a long time. Sofar nobody has told me they've fallen for it & a lot of them were blocked. I can post the info I got on the hacker I described before if anybody wants it. I changed my security code as soon as I found out and eliminated the "rule" routing data to the hacker, thanks to Stomachmonkey's input, two days later after I figured it out.

[speeder]

Quote:

Originally Posted by stomachmonkey

Changing your password will cut their access.

Your problem now is the rules they set are still in place.

The rules are in place in your online mail portal, log in there and delete them.

And no, you can’t do anything with that info other than ask what you can do with it.

It’s almost certainly fake, VPN.

If these pirates have my email address as a result of Marv's deal, how do they proceed to access my PW? That's the part I don't understand. I know that harvesting email addresses is a big part of their game, that is why they spend so much time scamming on CL, trying to get you to bypass the CL email relay, which is great, BTW. I never fall for that one.

[Evans, Marv]

The info I got from the fake logins were: Location - Nigeria, operating system - MacOS, Browser - Chrome, IP address: 41.217.52.9. From the "rule" list, it looked like data was forwarded to - alpanits@gamil.com.