I'd gladly offer them a list of all my contacts in my address book, if that is their true reason for needing my password. But my password is MINE. Nobody else's.

Amazing that a company can get away with such practices in these times...

I was considering drinking the kool-aid and joining the Facebook frenzy, but now? No way.
-Z-man.

The other day, after I logged into Facebook, they alerted me to the fact that someone in southern England logged into my account. They gave me a map and everything. I changed my password and moved on.

Nope. They detect and stop that kind of thing, so the compromise wasn't from some bad-TV kind of attack vector.

Odds are that your own computer has a virus, with a keylogger of some sort, and it's grabbed your password from you as you typed it and fired it off to it's master controller in the cloud.

Or you've used your computer in a public place and connected to a compromised wireless network that man-in-the-midded your password from you.

Before you do anything, I'd boot from a clean live DVD/disk, and then run a virus scan on your computer's drives.

$0.02

Ok - so their site seems to be easy enought to hack into I mean if someone from southern England can hack into it, then it must be an easy hack... :eek: So why then would I also give them my pwd to an email account which is likely more protected than facebook?

Crazy...
-Z

My passwords are now over 10 digits long.....use symbols, caps' lower case and numbers. Random......the passwords mean nothing.

I'm good at remembering stuff like that. I can still remember my first GFs phone number.

I WILL admit that I fell for the FB ruse once. My daughter had posted a video. I clicked on it and it looked like I got logged out. I logged back in, and went DOH!!!!!!

I went back in immediately and changed my password. I checked the link and it was spoof/mirror site. Got me.

Since then, when I am asked for a password I check the URL and will on occasion dump and load it back with a bookmark.

I just use an assumed name for everything. Solves all problems.

I've run a fairly stout anti-virus campaign on all my computers and they show clean. Actually, all this does is elevate the threshold of how much extra work it takes a perp to get into your account....also (again) changed my password and added additional characters to make it longer.

I really didn't expect much more...but here is the response I just received from the Malaysian ISP provider to this perp...once I alerted them that one of their customers was into malicious and criminal activity. Basically got a shrug back as I kinda expected. Here's the exchange for your amusement, in reverse-chronological order---->

------------------------------------

Dear Hasnan:

You can understand that I am not very happy with this response. I have paper-trail evidence of one of your customers acting in a malicious and criminal way..I have identified his ISP/IP address matched against a time-clock.....and you say you *cannot* (?) stop him from using YOUR infrastructure in a criminal way?

I am in New York State in USA...he is a registered user of your service based in Malaysia....and he is extorting money from my client list asking for money to be sent to him in London, England. Which police agency would have jurisdiction over matters like this?

I find your response totally callus, uncaring, and unacceptable on the mere basis of not even tying to help...and simply washing your hands of the matter. As the service provider to this criminal you have at least a moral obligation to do more....and perhaps even a legal or business-case to do the same.

Regards,
- Wil Ferch
---------------------------------------------------------------------------------
From: Hasnan bin Abd. Kadir <hasnan.kadir@ytlcomms.my>
To: "ferchwil@yahoo.com" <ferchwil@yahoo.com>
Sent: Tue, January 4, 2011 11:12:28 PM
Subject: General Enquiries - YTL Communications
Dear Wil,

Greetings from YTL Communications!

Thank you for your web inquiry. I would suggest you make a police report on this matter. Once our customer register his/her Yes ID, we will have no control of their usage. Just like any users of Gmail or Yahoo.

Singapore, Indonesia, and Malaysia are Hotbeds of fraud.

I own a small ecom company and we provide a fraud detection service that evaluates a ton of factors when an order is submitted to our customers sites (distance, ISP, proxies, reverse lookups, etc,.) and provides a score from 1-10 on likely fraud. These three countries, +9 on fraud every time. At last count we had 325 orders from them. TWO were legit.

The ISP's know this, they don't care.
The credit-card companies won't even accept the notification of the stolen cards being used.

The latest scam is to use a stolen US credit-card and have the merchandise shipped to one of many "freight forwarders" and "MyUSMailbox.com" type services that provide a valid US address to try and fool us. The goods are then forwarded overseas. These business ALSO realize they are dealing in stolen goods. THEY DON'T CARE.

So... I have taken to writing the local police chief every time it happens to notify them. To date, we had one chased out of town in Indiana, and another being shut down in Nevada. :) FeelsGoodMan.

I don't rely on 'free' email providors period.
I also change my passwords.
You can barely get an ISP to do anything in America (unless you're BMI, ASCAP, or Sony) I would expect much less in a third-world country.

OK then...as I expected....."reporting to authorities" is a waste of time...

The real question, if someone could help...

Prior to the perp's actions ( 1/03/2011)....my gmail account had a history of emails ( over 11000+....don't ask)....and the history it provided was immeasurable for many of my activities. I went with gmail because of their justified reputation that if THEY screwed up...they'd have an easy time recovring old email lists. Apparently this is a different story if someone hacks. Then you get a "clean" email address back ( aka "emptied" of all pre-existing emails).

1.) Would gmail staff have done this?
2.) More likely the perp did this?
3.) .....big question.....any way to get this back? I can't get any real humans to contact at google/gmail, it's all electonic/web based.

If you use Outlook you have archived messages. If you use gmail, they also have a backup unless you opt out.

Have you tried calling Google mail?

GMAIL (Google) Corporate Office Headquarters HQ
1600 Amphitheatre Parkway
Mountain View, CA 94043
Gmail (Google) Corporate Phone Number: 1-650-253-0000
GMAIL Fax Number: 1-650-253-0001

JoeBob:

Thank you kindly for your offer to help and showing me the posted phone number.

I tried it...here's what happened....

Menu driven response...somewhere embedded within all the "blah-blah" was the statement that there are no human service reps that can be contacted and you are ( again!) re-directed to the web page....FAQ's....help "hints"..all that are already posted. If your specific question is not there....you are out of luck.

Challenge....can anyone do better?....called the number and punched #5.......then #3 on the myriad of options, thinking this was the best option. Just call and see for yourself. The core question is how do you get old emails back on a ressurected account that had a hacker?. Some solution!...I could have opened a new ( and empty) account without all this BS.

Sucks........ 4 years of work gone !

Sorry to hear this. I can't offer advise on your problem. Makes me think twice about this "Cloud" computing stuff.

Sorry to hear about your troubles. I recall someone on Rennlist I think it was a few years ago going through the same issues. There's just no way to talk to a human and/or he couldn't prove he was the owner of the account.

Hmmmm, they don't answer the phone? PayPal/eBay tried that and then they got slapped by some gubmint agency.

Wonder if there is a GMAIL sucks website like the ones run by people who've been hosed by eBay and PayPal......they posted the internal phone numbers of the corporate VPs.

It would be different if this was a service you paid for.
The TOS (which is quite clear and readable BTW) pretty much says you're SOL if something doesn't work out right. YOu may be able to recover some of it, but I wouldn't expect Google to do much.

I realize posting very specific details may not be smart on this open forum. Let me say that with regard to getting my old email history back....I think I'm toast but would really welcome any help from those of us here who have a better clue.

Also....although trying legal action against the perp is almost futile...a part of me says giving up is the not the right answer either. Sends the wrong message from us unwashed "sheeple". So I'm going aggressive. Sent some strong language first to YTL Communications and they now have a change of heart. I have a good paper trail of what hi correspondnence looks like and with ONE mistake he made...we also have his ISP/IP address that can be traced. He also gives a UK address where to send the money for those people who went that far with him......will post updates later if anything happens.

Can you or have you, considered contacting the local constabulary office where this schmuck resides? English cops kick ass and take names.

ID theft is an international problem.

Bob:

Think carefully what you are saying. This guy has been pretty sophisticated so far....from the little bread crumbs of info I've seen that were left behind as I got my "scrubbed" gmail account back to me. I found an altered "Settings" deep inside how my email works....and anytime someone posts...or even now as I got my gmail back.....a message was automatically "forwarded" to him. He was alway one step ahead. I found that and went back to my normal settings. Just one example.

The listed address may be totally fake...with another layer of electronic forwarding done to actually another address. Or it's to accomplices that forward later. Whatever. The guy's ISP provider is in Malaysia....he may be there....he may be in UK. He may be anywhere.

I am going on the evidence that at some basic level he is transmitting to the world thru a ISP service that he ultimately must pay for. Depending upon the layers of protection he uses....we may be able to trace him. Nice thought though....but too simple.

On giving this some more thought..... It is probably advisable when setting up accounts like gmail to perhaps set up one (or more !) duplicate satellite accounts with a different name.....but have those duplicate accounts capture and accumulate all incoming emails that enter your main ( most-used....primary) account.

That way you stand some chance of having at least a good portion of your past history captured.... if your main account is hacked and comes back to to you clean.....but empty !