About a month ago, an old friend of mine had her Yahoo mail account hacked. It was most unfortunate, because not three months before, I alerted her to my book about Computer Security and sent her a free copy. I say unfortunately, because she didn’t take the time to read it, and because of that, she also didn’t follow my advice about having a strong password for her mail account. I have no idea what her password was, but that isn’t really important. Here is what happened after a hacker got control of her account:

First (and this was how we learned she had been hacked), myself and everyone else in her contact list received one of those very common scam emails from her account, but not sent by her, that indicated she was in Dubai with her family, had been mugged, and was in need of cash since (supposedly) she had her passport and credit cards stolen. Many of her friends responded by phone call, or by reply to the email. Since I am more aware of these scams than most people, I immediately saw that this was  a fake and upon closer examination, I saw that the scammer had created a throw away email account on Yahoo that differed from her correct email by one character. The letter “o” in her email had been replaced by the number “0”. As a result, everyone but me replied to the scammer directly, whereas I wrote to her correct email account and also contacted her by phone to advise her to have her account password changed.

She contacted Yahoo (difficult enough) and was able to get that (password reset) done so that her account was once again secure. Once she was able to get into her account, she realized that all of her mail folders had been deleted and her contact list purged. This was only the beginning of troubles, of course. Yahoo was unable (or unwilling) to restore the information that had been deleted, so she was left with an account without any historical information. Like many people today, she had been doing her email on-line (as webmail) rather than using an email client such as Outlook or Thunderbird. As a result, she had no local copy on her computer of all her emails and contact list. It has taken her lots of time to recreate her contact information and it still is incomplete. She has also had to respond to everyone she could to inform them of the mishap.

Some weeks passed, and then more things started to happen. The hacker, who now was in possession of her entire contact list, either began using the list for other purposes, or more likely, sold the list to someone else. This is common too, and there is a thriving underground where such information is bought and sold on a daily basis. In any case, new scam emails began to arrive in peoples inboxes. This time, the hacker using her contact list no longer needed access to her Yahoo account, but instead sent out emails spoofing her return address. This is so easy to do that anyone can look up how to do it using Google.

The new scam emails sent out suggested that everyone check out a link that purported to be a news article about best job opportunities. The link inside the note was made to appear like it is msnbc.msn.com. Had she read my book, she would have learned how to read a URL. I received the email and it was very obvious to me that the link was bogus. The actual link used (don’t click on it!) was  http://msnbc.msn.com-career8.us/jobz/   – and the domain you would visit by clicking on the link would be com-career8.us. Since I have implemented many protective measures on my computer, I felt safe in visiting the site to see what it looked like.  As suspected, the page was a mockup to make you think you are looking at an article on the real msnbc.msn.com.  The article listed several “new” job opportunities that were supposedly helping many people find employment. The top one on the list was a work from home job that required limited computer skills and involved posting links on the web for big companies like Google, Amazon, etc. The journalist who supposedly wrote the article was telling the story of a woman in Texas who had bought a “kit” for $10 that helped her get into this new job and had immediately been earning over $5,000.00 per month in her spare time. Of course, any fool would recognized this “easy money” claim as a scam, but there are many fools among us. The article of course provided a link to another site where anyone could obtain this kit and begin earning money themselves.

After receiving this email myself, I examined the header of the email to verify that my friends email account had been spoofed (the sender address, that is), and indeed discovered that the email had originated from an Android smart phone from an IP address in the Ukraine. I then had to advise my friend how her contact list was being misused and what email recipients might expect:

One or two things could happen. Anyone who visited the bogus webpage might fall for the scam and pay money for the offered get rich quick “kit.”  It could be worse though. It was also possible that the page contained a malicious script that would attempt to run and install what is known as a “drive-by download.” The purpose of such a download would be to attempt to infect their computer system by attacking the OS, or a common application like Java, Adobe Reader, etc. If successful, the users system would be compromised and who knows what the hacker would then be able to do.

I advised my friend that she should notify all her contacts of what is going on, and the possible outcomes of clicking on the link in the latest email. I also told her that she should alert them that it is possible their computers have been infected and that they should run anti-virus and rootkit scans. Finally, I suggested she get a new email account on another service like gmail and to inform her contacts of the change and in the future disregard any emails from her old address, since those were now likely to be sent from scammers.

As you can see from this story, having your email hacked can cause you, your familiy, and you friends a good deal of grief for some time to come. Don’t put yourself and everyone you care about through this trouble.  To learn how to protect yourself, I of course recommend my book. But if you buy it, you must read it and implement the measures suggested within. If like my friend, you don’t bother with taking the time to do what is necessary, you will someday take even more time cleaning up after you have been hacked.