Hacked
 

Hacked. Hey out there be careful. Looks like I got hacked a little after 9:00 this morning. I was on PPOT at the time & haven't been on any other websites this morning except for Amazon. I changed my security code for my Hotmail acct. & hope that fixed it, but who knows.

good luck!

Sorry to hear that, Marv. I really wish there was a way for folks like me to get smarter in term a layman can understand.

I got bounced last week from a scanner.

Navy Federal called and said are these your charges...nope.

No more debit cards except for cash at specific locations.

My brother and I both had fraud/hacking incidents recently which caused me to do a lot of thinking about cyber security:

1) I recently mailed a check to an attorney for $35k. Attorney said they never got the check so I looked at my account. The check had indeed been deposited, but the scan showed the check had been fraudulently deposited in the name of someone else. Somehow they intercepted my check and either washed it or duplicated it with their own name as the recipient. The only handwriting on the check appeared to be legit was “my” signature. Everything else was different. Crazy. Thank God I used carbon checks. I still had to file a police report, rewire all of my recurring direct deposits and debits…. Serious PITA. I did get my money back but it took 2 weeks and a wasted day of my time. And my checking account of 20 years had to be shut down. The local police department is investigating, but I’m not hopeful.

Lessons learned:
- Checks are pretty old school and completely lacking in security. It’s probably best to minimize their use. Same with debit cards…
- Use credit cards wherever you can. If there’s check/debit fraud, YOU are out the money until your bank agrees it was fraudulent and gives your money back. If there’s CC fraud, your bank/retailer is out the money. Big difference.
- If you do need to write checks, use carbon checks so you have a record of what you wrote (and to whom!). Or be sure to take pictures of the checks you write — especially the big ones.
- If you are mailing a check, particularly a big one, put it in an envelope and then mail that envelope in a FedEx, UPS or other registered mail envelope. You want the security of a tracking number and fully opaque envelope. In my case, I’d wrapped the check in paper, put it in a security envelope, and then dropped in a blue mail box. Apparently that wasn’t enough.
- You’re going to want to have 2 checking accounts: primary and backup. If your primary get’s breached and shut down, you may not be able to write checks untile you get a new account setup and checks received (which takes time). In my case, I was able resend a check to my attorney using my wife’s checking account.

2) As eye opening as my experience was, my brother got a bigger scare. He often works nights, and noticed he was getting some odd messages in his primary email account (provided by Comcast). He realized he’d been hacked and that someone was trying to access his financial accounts and was resetting passwords. Compounding the issue, and this is super scary, the scammers had also hacked (social engineered) his Verizon account and somehow managed to either forward all his calls/messages or otherwise clone his phone. So with his primary email and phone, the hacker was attempting to gain access to all his financial accounts. Long story short, he spent the next 4 days playing whack-a-mole with his hacker. It was a complete nightmare. He ended up nuking his old email address and all messages, closed his old account at Verizon, and had to buy a new phone and SIM card. He fortunately lost no money nor had any fraudulent charges (to his knowledge so far).

Lessons learned:
- Do NOT use and email address provided by your cable provider or phone provider for any sensitive communications (especially financial accounts). You’re better off with Yahoo or Gmail or another account with 2-factor security (like an Authenticator app) and that doesn’t have a help desk — “help” desks can be socially engineered. In my brother’s case, the bad guys called the help desk at Comcast with “problems” related to the cable service, leveraged that into some moron giving out his MAC address, then parlaying that info into divulging his email passwords. With his email details, the hacker silently went to work on the “help” desk at Verizon.
- Make sure you have a secondary account password on your cell phone account (not just the PW you use to access your account online). This second password is needed to authenticate ALL telephonic or in-person activity. And make sure this password is unique — it’s actually really important as cell phones are the de facto 2-factor security solution for many accounts these days.
- Enable “real” 2 factor authentication on all your important accounts (email, financial, etc.). There are several authenticators, and some companies like Yahoo or Google have their own. These authenticators are essentially an app with a unique rolling code on your phone. The only way someone can get access is if they physically have your phone with the synced authenticator.
- Use different, complex passwords for all your material accounts: Email, phone, financial accounts, etc. It’s not new advice, but it’s a PITA to manage, so consider using a password manager.
- Assuming you’re not regularly opening up credit accounts. Put a freeze on your credit with all the agencies. It’s also a pain, but far less work than undoing the damage of a hacker.

Anyway, long post, but hope that helps someone. Hackers suck.


Sent from my iPad using Tapatalk

Marv, I received a hacked e-mail from you at 11AM this morning (CDT).

My former employer got hacked some years ago. Hackers got the personal info on tens of thousands of us. It took me years to clean that sheet up. :mad:

My personal take...don't relax just yet. Check your stuff frequently. A little paranoia is OK right now.

Here it is:

Guess I lucked out...my 'puter security service says I am clean..

What did you change it to?

SmileWavy

Pet's name + "1234" ?

SmileWavy

Throw us a bone ! Anything !

Were you using free Wifi ? Are you in a foreign country ?

Hi everbody. I changed my email account security code as soon as I found out. I have an alternate email account & when I change the code, they send an email to that account for me to enter a new code. This exact same scam happened to a friend of mine a month & a half ago. I'm trying to answer all the emails I'm getting asking about it. The crappy thing is it wiped out all the emails in my "sent" folder and my arriving emails now are going into a different folder than my inbox, which is now operating like my inbox. They started around 9:00 this morning, and I wasn't on any websites except PPOT and Amazon. I trust links on PPOT, but I vaguely remember opening a link I didn't think went with the subject of the thread. Maybe or maybe not. I haven't opened links from questionable sites - that I know of. I have no idea how I got zapped.
James - I think the last time I emailed you was a few years ago. Shows how thorough it was I guess.

Wow, how did it get your email credentials ? I wonder if your machine is still compromised. I would run a scan on it.
Best to use a clean machine for setting up the new email etc.

Is your browser set to autorun downloaded files ?

If you can, post more details than just "hacked"
(only because the term describes a wide range of nefarious activity)

Sorry to hear you were hacked Marv. It happened to me a few months ago. I have run scans and everything is good. I called my credit card co. and got a new credit card. You might want to do the latter in case you used your credit card.

Cheers, Guy

There is a very interesting video by the 'Catch Me If You Can' guy on YouTube.

It is quite long and I thought I would watch a few minutes, then move on, instead I watched the entire hour. I found it fascinating.

In the end he says 'Never EVER use a debit card'. The banks are responsible for credit card theft, but a compromised debit card is your problem.

https://youtu.be/vsMydMDi3rI

John. I'm not a tech guru, & described about as much as I noticed & can think of in my post above.

I never used a credit card for anything and only use a debit card a couple of times a year - mostly at the post office. I changed my email security code as soon as I found out, & I've checked my security for McAfee, Windows, updates, fire walls, etc. and everything is enabled & updated as it should be. Like I said, I'm pissed about the changes it left in my email, which I described above.

Like I said, be careful out there. I'm not the most informed, but I try to be careful as I can and got zapped anyway.

I had a similar thing happen to me several years ago. I think the perpetrators stuffed a bag inside a USPS mailbox, and then were able to retrieve it somehow. I dropped it off in the mailbox (outside a post office) on a Saturday evening, and by Monday morning they had cashed the checks in their names.

I'm surprised your local PD is investigating. LAPD didn't care. Told me to take it up with the post office. Post office didn't care and told me to file a complaint with the post master online. I did and even checked off the box that I wanted a reply, but never heard back from anyone. Fortunately my bank (B of A) stood behind me and replaced my money with just a simple, one-page form to fill out.

I'm not against using checks, but I'm a lot more careful with where I mail them now. Always inside the post office.

Your email account got compromised, someone got access to your password. Could be from an old leak. People are creatures of habit and tend to reuse the same password over an over and rarely change them regularly. Even a decade old data leak can compromise you.

Here is what's happening.

They have set a rule in your online / web portal mail account, yes you have one, everyone does.

The rule moves all incoming mail into either spam or some folder other than your inbox.

They are monitoring that for emails from your contacts who are replying asking if what "you" just sent them is legit. They are replying yes to continue to spread their phising link.

They also typically will move all other mail back to your inbox so you are not aware anything odd is going on.

I've seen them run that on users for up to 2 weeks undetected.

You can scan your local machines all you want, the compromise is not there, it's in your web portal.

I strongly advise all of you to open a LastPass or Bitwarden account. If Bitwarden write your Master Pass somewhere as it's a zero knowledge service, meaning if you lose your pass there is no recovering it, ever.

Once set up go to all the sites you have accounts with and let LP or BW generate a unique password for that site.

The logic there is obviously if one account does get compromised you don't have to run around like a chicken without a head trying to remember where you reused it and changing them all.

Enable 2FA / MFA on every site that supports it especially any financial accounts.

Getting "hacked" is a misnomer, no one gets hacked these days, we get compromised because we are creatures of habit, lazy, and value convenience over security.

Postal mail public service announcement......

First, there is a service the USPS is offering where you can see your mail before it's even delivered. I highly recommend people take a moment and create an account with the USPS. Why? Certain enterprising individuals have picked up on not many folks having such an account. So what do they do? Posing as you they sign up and then sign up for the informed delivery service. Walla now they can monitor your mail and get a heads up when there is any mail of *coughe* interest. However if one takes the time to create an account with the USPS (even if there is no intention of using it), it is much more difficult for the enterprising individuals to then hijack your account and set up snooping on your incoming mail.

Another nicety with an USPS account, one can automagically arrange to have mail held while out of town and then delivered upon your return. No need to go into the post office to set up or collect held mail upon return.

Second, when it comes to actually mailing something, especially anything check/payment related. Those convenient blue boxes (even the ones right outside the post office building) are toast. Being federal property doesn't deter the enterprising individual. The safest way of course to mail is to go to the counter. That however sux because the only people that go to the counter are people with problems or people looking simply for someone to tell their life story to. So your wait time may exceed your level of patience. The next best way is to take note of your post office's inside (not outside) drop box collection hours. Only mail there and only do so before last collection of the day. There is never a line/wait and being not only inside the post office but inside the actual processing area it is the least likely to be eff'd with.

Somachmonkey. Are you saying I can change my security code and it won't make any difference? I changed it again erlier today. My emails are still going to my "conversation" instead of my Inbox. I tracked down the alias login. It's in Nigeria - of course. It shows the login location, operating system, browser and IP address. Anybody know what I can do with that info?

That's what I do now. Mail it in the slot INSIDE the post office. Fortunately my local post office has a lobby (with post office boxes) that's open 24 hrs/day, so I can mail stuff safely at any time.

Changing your password will cut their access.

Your problem now is the rules they set are still in place.

The rules are in place in your online mail portal, log in there and delete them.

And no, you can’t do anything with that info other than ask what you can do with it.

It’s almost certainly fake, VPN.

Thanks very much. I don't know how to log into my ibnline mail portal but I'll give it a try to find out. I'm still wondering how they got in.

Thanks everybody. You're all great.

If using Office365 log into your dashboard at office.com.

If any other provider it’s generally webmail.xxxxx.com or xxxxx.com/webmail

Stomachmonkey. I managed to navigate to the panel where the rules were (I'm just on Outlook - no Office 365 ir anything else). I've had this account for 22 years. The "rule" on the top of the list was something about sending emails to some email address. I trashed that so hope I'm at least better off. I'm still tryiing to figure out how to retrieve my sent messages folder content. Thanks again.

Sounds like a variant of the standard breach.

They may have been deleting the sent stuff.

As long as you deleted any rules you did not set yourself you should be back to normal.

These guys are getting better and more creative every day.

Stay vigilant.

I got the same email from you, Marv and actually thought it was legit. I was ready to help out w the gift card but never got a reply on my follow-up email back to you. It sounds like they got all of your Pelican contacts but maybe other people got that email from you(?)

At any rate, they have my email address now.

This is really good advice. Also, any paper check that I mail these days, (rare occurrence), I send Priority Mail w tracking and do it at the counter inside the PO. I put the plain envelope inside of their larger Priority envelope and pay the $8.00, or whatever it is these days. The peace of mind and security is worth it...I've never had one fail to arrive at its destination.

Check fraud as described earlier in this thread is as old as checks, nothing new fangled or high tech about it. I think that cave men were washing checks and cashing them. I once had a detective tell me that check fraud is a lot smarter crime than bank robbery, much bigger potential returns and a lot shorter prison sentence if caught. Take that FWIW.

Denis. Like I said, a friend of mine had a similar situation & exact type of hack maybe a month & a half ago, & I got one from him. I don't know if that's what caused me to get hacked or not. I'm always as careful as I (thiink) I can be about opening links and hope those exposed to this don't end up getting hacked. They seem to have sent out a lot of these things using my "sent folder" to people I haven't emailed in a long time. Sofar nobody has told me they've fallen for it & a lot of them were blocked. I can post the info I got on the hacker I described before if anybody wants it. I changed my security code as soon as I found out and eliminated the "rule" routing data to the hacker, thanks to Stomachmonkey's input, two days later after I figured it out.

If these pirates have my email address as a result of Marv's deal, how do they proceed to access my PW? That's the part I don't understand. I know that harvesting email addresses is a big part of their game, that is why they spend so much time scamming on CL, trying to get you to bypass the CL email relay, which is great, BTW. I never fall for that one.

The info I got from the fake logins were: Location - Nigeria, operating system - MacOS, Browser - Chrome, IP address: 41.217.52.9. From the "rule" list, it looked like data was forwarded to - alpanits@gamil.com.