Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
An Email Hack
Old 08-04-2017, 07:25 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru, il
Posts: 6,032
An Email Hack

This may be nothing, but it's worrisome to me, and I am passing it on, because I couldn't find any reference to this kind of problem/hack? on Google.

So, here's how it started (I've changed the names). My friend's name is "johnsmith"

It came in on gmail, with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor..."

I naturally, clicked on the "Reply" and sent him a note... "How can I help?"

No answer for a half hour, then, a note back from him... "my email was hacked."

After an hour, I called him to see what happened. After several busy signals, I finally got through. He was frantic... Apparently his contact list or facebook list had been hacked, and the same message had been sent to everyone on the list. Well over 100 names, and everyone was writing and calling him to see if they could help.
.................................................. .......................

So here's how I think it worked:
1. His email address is "johnsmith@gmail.com"
2. When I went back to look at the Email, the "from" name was "John Smith via yahoo.com"
3. I didn't notice the "via" part.
4. When I went back to the original mail, and opened the extended address it showed:
"johnsmith <johnsmith@gmail.com> via yahoo.com ".
5. When I went back to look at my "reply", this is how it was addressed.

Quote:
itsme <itsme@gmail.com>
to: johnsmith <johnsmith@gmail.com>
date: Thu, Aug 3, 2017 at 10:33 AM
subject: Re: Urgent
mailed-by: gmail.com
6. No mention of the viayahoo.com but simply his normal address. John smith has no yahoo address, but I didn't know that.

.................................................. ....................................
Yeah... probably too much to process, but based on my friend's experience, which continues as more of his friends or contacts reply, I thought it serious enough, and tricky enough to be a real problem.... especially if my "itsme" email address could be the start of another hack... maybe directed at me. etc, etc.
In any case, it was enough reason to change my passwords... again. Let's hope this is just another "boy calling wolf".
__________________

imoldernu is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-04-2017, 07:44 AM   #2
Full time employment: Posting here.
CaliKid's Avatar
 
Join Date: Apr 2016
Location: Cali
Posts: 905
I would say it's a common thing.

Nothing to worry about.

It's life.
__________________

__________________
______________________
Hoping to get out around September 1, 2022... I hope, I hope, I hope. Until then off to work I go....
CaliKid is online now   Reply With Quote
Old 08-04-2017, 07:50 AM   #3
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 29,342
Any email that starts this way should always be looked on with suspicion, and even presumed fraudulent.

Quote:
Originally Posted by imoldernu View Post
It came in on gmail, with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor..."
MichaelB is online now   Reply With Quote
Old 08-04-2017, 07:58 AM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,574
Something similar happened to my emails twice.

One time while still w*rking. Another to an aol account.

Each time, folks contacted me as I didn't even know of the hack til then. There was no "help me" email but must have got hacked someone.

Sounds like your friend should make sure his computer is virus free.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-04-2017, 08:02 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Posts: 5,080
This happens through FIL's FB account, frequently.
target2019 is online now   Reply With Quote
Old 08-04-2017, 08:18 AM   #6
Thinks s/he gets paid by the post
 
Join Date: Mar 2013
Location: Coronado
Posts: 1,145
Once when I was still working, in the middle of the morning I got an email from one of my employees personal email accounts that said something like he and his family were on vacation in a foreign country and had been robbed. If I'd be able to lend them some money, please reply and he'd give me instructions for a wire transfer.

I walked down the hall to his desk and said, "hey, I was pretty sure you were right here as I had not approved any vacation time recently. Do you know you've been hacked?" He did, as he'd been fielding calls from many distant relatives and friends wanting to help. His email account had been compromised, and from there, the thieves had reset his Facebook password and posted the same story and he couldn't get into either account to fix it.

It took a few phone calls to get back into both accounts and notify everyone that he and his family were fine.

This is why two factor authentication is a good thing.
cathy63 is offline   Reply With Quote
Old 08-04-2017, 08:38 AM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 21,318
"with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor...""


Quote:
Originally Posted by MichaelB View Post
Any email that starts this way should always be looked on with suspicion, and even presumed fraudulent.
+1000! Those combined are RED FLAGS!!!

Did your friend ever send you something "Urgent"? Sure, first time for everything, but there's at least a yellow flag - proceed with caution.

Then "How are you?"? Note he didn't use your name? Too generic...

"I made a trip", not "I took a trip", or "I'm on a trip", or "I'm away from home"? hmmmm, sounds like a non-American-English speaker to me (is your friend a non-English speaker?). Also no mention of where (might be a give-away), more generic pablum....

Then asking for a favor. Shields Up!

Clearly, your friend's email got hacked, probably just a brute force password guess. Everyone needs to use a STRONG password on their email, as it is the gateway to so many things. But it could also be a virus. He should change the email PW from a TRUSTED computer, get his cleaned up/checked, then continue on.

I think you are OK, but maybe some experts can comment on that. But it wouldn't hurt for you to change your PW as well, to something strong.

-ERD50
ERD50 is offline   Reply With Quote
Old 08-04-2017, 08:45 AM   #8
Thinks s/he gets paid by the post
Souschef's Avatar
 
Join Date: Dec 2015
Location: Santa Paula
Posts: 2,328
The strangest one I got was from a friend, who passed away a year or more ago.
But, she is still send e-mails
__________________
Retired Jan 2009 Have not looked back.
AA 50/45/5 considering SS and pensions a SP annuity
WR 2% SI 2SS & 2 Pensions
Souschef is online now   Reply With Quote
Old 08-04-2017, 08:58 AM   #9
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 17,400
Those are often spoofed email addresses--click on the sender and a different email address appears--so not really sent by a hacked email account. Re FB and addresses--I wanted to check out a place using its app and somehow my inactive empty FB came up as a log in option when I downloaded the app. The app said it would not post to my FB page but that it would have access to my friends and my email address book. Easy to see how a spoofed email could use one's address book.

A few years ago I was apparently selling Viagra to everyone in my address book :
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 08-04-2017, 09:35 AM   #10
Administrator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee ba gum
Posts: 24,294
Quote:
Originally Posted by Bestwifeever View Post

A few years ago I was apparently selling Viagra to everyone in my address book :
I bet they got a rise out of that
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
Alan is offline   Reply With Quote
Old 08-04-2017, 10:12 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru, il
Posts: 6,032
Quick follow-up

Just received this a few minutes ago...from Facebook, which I'm signed up for, but have never used.

Quote:
Hi itsme,

We received a request to reset your Facebook password.

Click here to change your password.

Alternatively, you can enter the following password reset code:
884918
Didn't request this change?
If you didn't request a new password, let us know.
(showed a link to click)

I have not been on facebook at all, since the day I signed up well over a year ago.
Based on my OP, am thinking that the "via" yahoo could have something to do with that Yahoo hack. The follow up on the link about changing the facebook password, said that the "request" may indicate a hack, and also asked if I had received requests for password change from other websites.
imoldernu is offline   Reply With Quote
Old 08-04-2017, 10:14 AM   #12
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 29,342
Quote:
Originally Posted by imoldernu View Post
Quick follow-up

Just received this a few minutes ago...from Facebook, which I'm signed up for, but have never used.
More scam.
MichaelB is online now   Reply With Quote
Old 08-04-2017, 10:17 AM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 9,574
Anything more than a blank profile on FB is sharing too much info .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-04-2017, 10:47 AM   #14
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 17,400
Quote:
Originally Posted by Alan View Post
I bet they got a rise out of that
They were sure hard to convince otherwise
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 08-04-2017, 10:52 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: LKN
Posts: 13,718
Happens all the time, you have to stop and look over any email that isn't completely familiar in every way - even if it seems to come from someone you know. You have to look at the exact email address, especially if there's anything odd or "urgent" and asking for a response. It may have a familiar name in front of the @ sign (not always), but usually the domain is something unfamiliar, usually from another country IME.

You probably know to never click on a link or open an attachment in a suspicious email. If in doubt, DON'T.

It used to be they were so poorly done it was easy to know it was a fraud - they've gotten smart enough these days that they use logos and formats that look like the real thing.
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 45% equity funds / 30% bond funds / 25% cash - radically changed Nov 2018
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Old 08-04-2017, 10:54 AM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru, il
Posts: 6,032
Quote:
Originally Posted by MichaelB View Post
More scam.
Maybe, maybe not... apparently this did come from Facebook, as this Q&A comes from the facebook secure site. The email did come from the address mentuioned in the Q&A below.
https://www.facebook.com/help/commun...d=945838113505

What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.

Yes, amusing, but confusing... in any case, it tells me that someone can now access my facebook account without me knowing anything about it.

So... if it can happen like that, what's to stop them from using my Gmail account to access any of my other connections... banks, amazon, etc.... I've changed my password on the Gmail account now, but what could have happened in the meantime? After all, they were able to access my facebook account.

So, I'll stop here. It is what it is... At this point, I think the lesson learned, is to always expand the "from" address on incoming email, to be sure that the "from johnsmith@gmail.com, doesn't also have the "hidden" viayahoo.com added to it. That's how it all started.
imoldernu is offline   Reply With Quote
Old 08-04-2017, 10:59 AM   #17
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 17,400
Quote:
Originally Posted by imoldernu View Post
...
What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check....
I don't think they got so far as to access your account--they tried to sign into your account and when they didn't know your password, asked for a password change, triggering FB's email to you.

I did get an email from Discover a few months ago that someone had tried to change my password for my card. When I called customer service, they said there wasn't anything fraudulent going on and perhaps someone had mistyped their own account number--they still replaced my card, but weren't very concerned.
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 08-04-2017, 11:03 AM   #18
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 29,342
Quote:
Originally Posted by imoldernu View Post

What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.

Yes, amusing, but confusing... in any case, it tells me that someone can now access my facebook account without me knowing anything about it.

So... if it can happen like that, what's to stop them from using my Gmail account to access any of my other connections... banks, amazon, etc.... I've changed my password on the Gmail account now, but what could have happened in the meantime? After all, they were able to access my facebook account.

So, I'll stop here. It is what it is... At this point, I think the lesson learned, is to always expand the "from" address on incoming email, to be sure that the "from johnsmith@gmail.com, doesn't also have the "hidden" viayahoo.com added to it. That's how it all started.
No, someone may have tried to log into your FB account.
You should never click on the link you get in an email. If you have doubts, go to FB, log in, and change your PW.

Even if they could log into your FB account, how would that help them log into GMail, banks, etc? (Unless you use the same PW and username everywhere)
MichaelB is online now   Reply With Quote
Old 08-04-2017, 11:03 AM   #19
Moderator Emeritus
braumeister's Avatar
 
Join Date: Feb 2010
Location: Flyover country
Posts: 13,082
Quote:
Originally Posted by imoldernu View Post
somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.
This is very common; it happens all the time. DW used to get her account "cloned" about once a month.

She stopped it by changing her practice to always sign out of FB when she has finished using it to keep up with friends. She then signs in again next time she wants to use it.
__________________
I thought growing old would take longer.
braumeister is offline   Reply With Quote
Old 08-04-2017, 11:06 AM   #20
Full time employment: Posting here.
 
Join Date: Sep 2007
Posts: 514
Your friend has a computer virus, and it's trying to spread to his contacts via his address book.


Tell him to run a virus scanner to clean it up.


And tell him to either stop clicking on sketchy-looking email attachments, even if the email comes from someone he supposedly recognizes (it just means they have a virus, too), and/or to stop surfing ... *ahem* ... web sites featuring "adult" content.
__________________

kombat is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yahoo hack MichaelB Other topics 56 05-19-2017 04:22 PM
9volt battery hack maddythebeagle Other topics 3 11-07-2007 08:22 AM
Hack? One zoned to two zoned A/C Sam Other topics 3 07-13-2007 02:42 PM
Ticker Factory hack :) HobbyDave Other topics 3 05-02-2007 07:26 PM
URL Problem Possible Hack Outtahere Forum Admin 21 05-17-2006 10:43 PM

» Quick Links

 
All times are GMT -6. The time now is 06:01 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.