Saturday, March 6, 2010

HACKED! A True Story

Image Credit:

The past few days have not been very good ones. Someone out there - more than likely a total stranger - tried to wreak as much havoc on me as he possibly could. He hacked into my computer and took over my personal email accounts as well as my Facebook account and pretended to be me online. As a result, I've decided to post about it to help others avoid this from happening to them or to fall for such a scam. I had no idea what to do initially since my online security had never been compromised before. But I quickly figured out what I needed to do, even though finding the information about how to go about it wasn't really that easy.

I actually had made it easy for The Hacker to do his dirty deeds - I went the lazy and careless route and hadn't changed my passwords for quite a while and actually used the same password for many of my accounts, just to make it easier for myself - which actually made it a lot easier for The Hacker. So recommendation #1 is change your passwords frequently and don't use the same password for your accounts. And don't make it something easy that a Hacker can figure out from any personal information you have posted online. Also the longer the password, the better, and mix it up with numbers and letters. And for heavens sake, don't store any of your passwords on your computer!

Image Credit: Hacker sent out bogus emails to everyone on my contact list, making up an absurd hifalootin' story about how I was stranded in London, had been robbed at GUNPOINT, and needed money to get back home. Lucky for me, I have smart friends who didn't buy into this ridiculous tale; and if they had a thought that it might in any way be true, they asked The Hacker questions to verify my identity. Questions like: Where or when did we meet? What is my father's middle name? At what company did we used to work together? These are questions that only I would have known and that isn't information that I had put out there online somewhere. If you are contacted like this, protect yourself by verifying the identity of the person who has contacted you to ensure that it is the person you think it is. A true friend would only appreciate this and not at all be insulted by being asked questions to confirm their identity. Once I regained control of my accounts, I removed a lot of the personal information I had stored online, like my children's names, my phone numbers, etc. I have ensured that my security questions are up to date and that the questions are something that only I would know and that there is only one possible answer for, in case - heaven forbid - one day I really am in a tough situation and I am upset and can't really think straight.

Now think about this for a moment: think about all the private information you have in saved emails or out there on Facebook that a stranger could use to pretend to be you if he had the chance! I am trying to go through old emails now that I really don't need anymore and delete them, and at the same time, I am trying to regain my email address book, one by one because The Hacker deleted all my email contacts! Once I regained control of my account, I realized that The Hacker was also having any new emails forwarded to another email address - I didn't even know I could do that! He also tried to delete all email messages between himself and the people on my list that he contacted, so I couldn't see what he had done. Another thing he did on Facebook was to change my birthday - I don't know why, but he did.

Image Credit: you receive an email like this from someone on your email list, just stop and think to yourself... If this story were true, would this person really be contacting me, of all people, like this? In truth, I would have turned to my family personally and not in a generic sounding email. I think most of us would. Honestly, there are some people on my email list that I have never actually even met in person - I have many cyber-friends that I have befriended online - and I wouldn't approach them about sending me money if I were in a situation like this. So an important thing to remember is to use your common sense and don't immediately think a story is true just because it appears to have come from a friend.

Image Credit: tip-off that someone is trying to rip you off is in the grammar and spelling of the emails or chats that you receive. When I read through some of the chats and emails that The Hacker had written, it was obvious to anyone who knows me that it was not me just by the way he wrote. I am a native speaker of English and The Hacker obviously isn't. Sure I make mistakes here and there when I am typing fast, but a typo is far different from bad grammar and improper sentence formation. Would I sign off an email to my mother with "Regards - Susie"? And wouldn't my relatives and friends know ahead of time if I were taking a trip to London? The Hacker also stupidly told people to send the money to "me" via Western Union and to send it using my "exact name" on my passport. He provided my name but he assumed incorrectly that this is how my name appears on my passport, and anyone who really knows me would have known that this was wrong. Again, using your common sense is key.

Current anti-virus software is a must, although it didn't help me this time. Run virus scans frequently. I was online myself when I got hacked and was immediately called on the phone by a friend - Thanks, Veeds! - who had just received this strange email from me. So I found out about it pretty quickly. But in all honesty, previously I often would carelessly leave my computer unattended and online for extended periods. Now I make sure that I disconnect my computer from the internet when I am not using it, so there is no chance of penetration by a Hacker. I am also limiting my online time.

Image Credit: I'm sorry I had to write this post at all. I hate the thought that the rest of us have to share this beautiful world of ours with scumbags like Hackers. But in today's world, it is reality, and if this post will help anyone from falling victim to an online scam or getting hacked, then I will be happy. If any of you have any more good advice on how to protect yourself online, please feel free to add it in comments.

For more information about protecting yourself online, here are a few good websites I found with some sound advice:

Top Ten Passwords You Should Never Use

UNC Information Technology Services

How To Protect Yourself Against Hackers


  1. I was hacked too.
    Mashable is a social media web site. They make a list of news daily what's happening in social media. They also inform about hackers!


  2. Susie, what a horrible experience. So glad you were able to "take over" again! Thanks for the information too!

  3. This was a real wake up call for all of us. Thanks!

  4. Susie, I mentioned what happened to you to my boss and she said she got a similar message last June, the person said they were in Italy.

    This thief had stolen her cousin's info.

    Thanks for sharing these tips, I am even negligent at work in some of tghese areas, I will be more careful for sure.

    I'm sorry you had to write the post as well.

  5. As one of the people who have to clean up when someone hacks something, I know how much this can hurt!

    The key things are:
    > use a strong password! 8 or longer characters, NOTHING from the dictionary, nothing guessable about you (not your birthdate etc)
    Preferably, include numbers, capital letters, and symbols like " and *

    > use a different password for every account
    > change your passwords once a year or so (not urgent to do this)
    > don't open files you're not expecting. Emails, IM, nothing.
    > Don't click on links you aren't expecting.
    > Don't use FTP, only SFTP (if you upload files to webspace)

  6. it's scary experience, specially when so many personal information out there. I am glad you got your email back and thank you for the advices and the links :)

  7. what an awful experience! you truly have my sympathy. I have never been hacked, and I hope I never will be. Good luck and best wishes to you, Susie!

  8. I kinda had a sneakin' suspicion you weren't in London desperately needing money from must know I have none!! LOL!! Another hint I got was to not put your birth year on places like facebook. The month and day are okay just not the year. I guess it makes it a lot easier for the creeps out there. good post Susie, sorry it had to be from experience!

  9. AA- Susie,

    So sorry to hear about your horrible experience. I'm wondering how you got back control of your accounts? This happened to a friend and I recall him telling me how useless customer support was for Hotmail.

    One quick hint on keeping passwords different for all the various websites: choose one standard keyword (ie. pet dog or jeddah or whatever) and then truncate the name of the website you're accessing.

    So for Yahoo, it would be jeddahyahoo and for paypal it would be jeddahpaypal and so on.

    Of course the more complicated the keyword, the better! (ie. instead of jeddah, use jed*dah)

  10. Hi Susie!
    Boy do I feel for you! I was recently hacked also but Yahoo caught it for me and informed me and so did Facebook. I was so amazed! They didn't let anything through. I had a friend who had been hacked and informed them so they were watching out for his contacts I guess.
    I was hacked completely a few years ago while online, the hacker popped up a message telling me he'd hacked me and started deleting all my files on my computer! I had to unplug from the internet and completely reformat the hard drive, and guess what? It happened to me 3 times!!! Somehow the hacker had created a backdoor to my computer. I finally had to buy a new computer to stop it. I was running Norton at the time too, but he somehow managed to change things in Norton, a very smart hacker. So be on your guard, if anything else happens, some hackers are really hard to get rid of.
    Irene (Saudimeemaw)

  11. My sister was a victim too. Someone sent her an email that her yahoo account was going to be closed so she needed to verify her information. She panicked and fell for it! The hacker got access to her account, changed her information and sent out an email to everyone on her contact list saying that she was stranded in London and needed money wired to her through Western Union. As I was reading the email, I immediately noticed that it was not my sister's style of writing and it was out of character for her to go overseas without telling me (she has never been outside of the US!).

    A friend of mine who used to be an IT, swears by the free anti-virus AVAST. It has received rave reviews from a popular site such as CNET. I have it and its caught some malicious you-know-what for me alhamdulillah.

    Also run the program Malware Bytes at least every week. This is also another outstanding freeware that comes highly recommended.

  12. Thanks for all the advice and great information. We all need to take steps to protect ourselves.

  13. "A friend of mine who used to be an IT, swears by the free anti-virus AVAST. It has received rave reviews from a popular site such as CNET. I have it and its caught some malicious you-know-what for me alhamdulillah."

    Its free for a reason. lol I used it for a LONG time with no problems and computer had a virus! This was recently. I bought Webroot and called it a day. My friend NEVER had issues either. I was the unlucky one I guess.


  14. Lol. Is there an anti-virus program that would keep us 100% virus free all the time?

  15. Oh my, that is scary stuff! Thanks for the heads up.

  16. Susie, I have posted a link on my Facebook page for all of my contacts. We can't be too careful. Thank you for sharing this information.

    umm Umar

  17. A story worth telling - we all need to be reminded of those simple security do's and don'ts.

    Glad you regained control of the situation reasonably quickly!

  18. Other questions to ask are fake ones that you will know are fake. eg. I was on chat with a friend who noticed a different address for me than usual. He suddenly asked me a bunch of questions which were true like "What were you and my wife talking about on chat before?"; "What recipe did she ask you for?"; then "What did you tell her on the phone yesterday?". He repeated the last one 2X even though I insisted we hadn't spoken on the phone, and then apologized about why he suddenly went into security mode. I think these type of questions are good too, both the real details of a conversation and the fakeout.

    Off to change some passwords! LOL :)

  19. Want a great password that is hard to crack? Come up with a sentence you could easily remember (maybe about a pet, or your child, or something you're interested in). Take the first letter of each word in the sentence, and replace words like 'to' and 'for' with 2 & 4 (if you use those words). Mix it up a bit too by capitalizing a couple of the letters. Here's an example of what I do:

    Original sentence: 'My car likes to break down all the time'

    Password: McL2bDaTt

    This is the only type of password allowed by my university's IT department, and I think it's awesome

  20. i'm so happy you got all of your emails sorted out. thanks for sharing this with us...because i have used the same passwords on all of my accounts and my husbands for the past 6 years. but i will change them now :)