Friday, December 30, 2011

Happy New Year...You’ve been Hacked!

On Wednesday, at 7:00 a.m., a  phone call from my niece woke me up.  “Are you planning a trip to Scotland?” she asked. 

It took me a while to digest this question, but I soon learned that my niece—and evidently a large number of contacts from my Yahoo mail account, had received the following e-mail from “me”, sent  at 4:06 in the morning.  (I received it too. So did my doctors’ offices and my Pilates instructors.) The subject line read: “It’s Urgent, Please Respond”.

The text read:
 It's me, Joan. I really don't mean to inconvenience you right now, I made a trip to Scotland and I misplaced my passport and credit cards. I know this may sound odd, but it all happened very fast. I've been to the embassy, they're willing to help, but I'm short of funds to pay for my passport fees and other miscellaneous expenses. Please can you lend me $900? I'll pay back, as soon as I get home.

Please respond as soon as you get this message, so I can forward you my details to send funds to me. I don't have a phone to speak with you right now.

I await your response
Joan Gage

When I opened my computer, I saw that many friends and e-mail acquaintances –especially those who lived in Europe—had already e-mailed me with subject lines like: “You’ve been hacked”.  I got more phone calls and a whole lot of e-mails from U.S-situated acquaintances as the country woke up.

In the past I had received very similar e-mails when some friends were hacked—but I think it used to say that they were stranded in London and needed $900.  (Is there even a U.S. Embassy in Scotland? I wondered. )

So I, and most of my contacts, knew immediately that this was a hacker pretending to be me.  And most of my friends (and I) realized that the return address he was writing from was identical to my e-mail address except for one letter missing  (His e-mail address  read “Joan Gag” instead of “Joan Gage.”)

I immediately did what Yahoo Help advised—changed the password to my account.   I also managed to find under “Yahoo Help” a place where I could detail my problem to “Yahoo Customer Care”.  I was given an “incident number” and told that Yahoo would get back to me within 24 hours.

But it’s been over 48 hours now and I still haven’t heard from them.

Since I am, as my blog says, a Crone—over seventy last time I looked—the mind and idiosyncrasies of a computer are a foreign language to me.  Whenever I have a tech problem I look for a member of a younger generation. 

First I called a friend who had been hacked with the same message (but allegedly stranded in London, although I knew she hadn’t left Massachusetts.)

She told me she immediately changed her password, but soon realized this wasn’t enough.  Eventually she had to close down her Yahoo account completely, switching to G-Mail.

A college-age relative, who seemed very computer-savvy, told me that I’d have to immediately change every password I had and probably have to lose the Yahoo account as well.

My daughter Marina, who was visiting for the holidays, exclaimed in horror when she saw that my Yahoo account had over 8,000 stored e-mails. “Don’t you ever delete them?” she asked.

Well I do, but these e-mails—going back to 2008—allow me to contact, say, a fellow vintage-photographs collector in Europe whom I long ago communicated with –thanks to the Yahoo Search Mail function-- by simply typing “daguerreotype” into the search box.  Yahoo knows the e-mail addresses for all my friends, if I just type in their first name—so of course I’d never written all those e-mail addresses down.   While gathering biographies from my Minnesota classmates for the 50-year High School Reunion book in 2009, I relied completely on my Yahoo account’s ability to store e-mail addresses.  Now I had to say good-bye to all this information.   Would I ever get those addresses back?

My daughter and I tried to find a list of my contacts on my Yahoo account before closing it down, but Yahoo listed only 15 contacts for me.  One of my European correspondents suggested that the hacker must have  “wiped out” most of my contacts.

I wonder why my hacker went to all this trouble.  Does he ever find people naïve enough to think they must immediately send him $900 to save me from my plight in Scotland?

I suspect that the door used to get into my Yahoo  account may have been my Facebook account.  My computer teacher, artist Andy Fish, closed down his Facebook account long ago, saying that it brought him so much spam.  But I don’t want to lose my Facebook account as well as my Yahoo account—it’s the only way I can stay in touch with far-flung friends and my kids’ generation.

Another friend thinks my Linked-in account may be the vulnerable spot.

When I think of how many times I’ve given my Yahoo address as the way for a new acquaintance to reach me, I shudder.  I’ll have to get new business cards printed.  I’ll have to inform the various airlines, the credit card companies, every organization I belong to—the mind boggles.

And the same day I was hacked, I received that startling e-mail from the New York Times saying that my home-delivery subscription was being cancelled.  Like over 8 million other people, I tried to call the Times or reach them through their web site to say, “Don’t cancel my subscription!”  But when all lines were tied up and the Times site was unavailable, I began to realize it was all a huge computer glitch.  I guess Mercury was retrograde on Wednesday.

Oh well, here’s to a New Year, a new e-mail account and new ways of  being tortured by my malevolent Mac Power Book.   I think I can hear Steve Jobs, from somewhere in internet heaven, laughing.

Joan Gage --    A Rolling Crone

(P.S. --To my friends and contacts--I haven't closed my Yahoo account yet -- will let you know my G-Mail address when I do.  To tech-savvy readers--I really would appreciate your advice on what I should do next.)


V Fish said...

Oh no! That's awful!

CJ Kennedy said...

Here's to a hack free 2012 though with the "end of the world" supposed to be happening, my guess is no.

Joshua Zhang said...

Here's what happened.

1. You never stored contacts because you relied on emails. Gmail auto-stores them for you.

2. You were not hacked. The sender used a fake email, which is easily doable at a variety of sites, which:

A. Made your email show up as the sender
B. Made his email the return address

The 2nd possibility is that he used his own email, which he created, to send emails to all your contacts.

Now the issue is how he got ahold of your contacts without actually getting into your account. This is easily doable.
The problem is that you probably sent an email to everyone on your contact list or more likely, replied to a chain email and also mass emailed it to everyone on your contacts list. By doing so, if the chain email ever got to a spam bot or a spammer, they could find out all the emails of anyone who ever got the chain mail.

Summing it all up:
You either replied to a chain email and mass mailed everyone or you happened to accidentally include a spammer in your mail list, which allowed the spammer to see your emails, and then he sent mass mails to solicit money.

Now, the things to do:

If you are set to delete your account no matter what, then the only option I could think of would be to find a way to make a Microsoft Outlook account or spend some time on google and export every single email you have, and save them somewhere so you can reference them. This is actually easier than it sounds.

Another option would be to be more careful in the future, and watch out who to send stuff to, and not delete your account, as the hacker could still fake your email even if this account did not exist.

Good lucky, sorry for the really long post, I just want to make clear that you weren't hacked and this can happen to anyone!

by Joan Gage said...

Thank you for this thoughtful and very helpful comment. I WILL keep my yahoo account and be more careful who(m?) I e-mail to. But I know I never sent a mass e-mail to all my contacts because I don't know how to do that. At most sent to 15 members of a club I'm in. Also I believe I never forwarded a chain e-mail, but maybe I did. In any case, thanks, I need all the advice I can get because I'm very unsavvy about computers.


Joshua Zhang said...

Your welcome, glad I could help!

Also, your friends could have forwarded an email of yours. This is why it's a bit annoying, as your email can easily be leaked out.