An Email Hack

imoldernu

imoldernu

Gone but not forgotten
Joined
Jul 18, 2012
Messages
6,335
Location
Peru
This may be nothing, but it's worrisome to me, and I am passing it on, because I couldn't find any reference to this kind of problem/hack? on Google.

So, here's how it started (I've changed the names). My friend's name is "johnsmith"

It came in on gmail, with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor..."

I naturally, clicked on the "Reply" and sent him a note... "How can I help?"

No answer for a half hour, then, a note back from him... "my email was hacked."

After an hour, I called him to see what happened. After several busy signals, I finally got through. He was frantic... Apparently his contact list or facebook list had been hacked, and the same message had been sent to everyone on the list. Well over 100 names, and everyone was writing and calling him to see if they could help.
.........................................................................

So here's how I think it worked:
1. His email address is "johnsmith@gmail.com"
2. When I went back to look at the Email, the "from" name was "John Smith via yahoo.com"
3. I didn't notice the "via" part.
4. When I went back to the original mail, and opened the extended address it showed:
"johnsmith <johnsmith@gmail.com> via yahoo.com ".
5. When I went back to look at my "reply", this is how it was addressed.

itsme <itsme@gmail.com>
to: johnsmith <johnsmith@gmail.com>
date: Thu, Aug 3, 2017 at 10:33 AM
subject: Re: Urgent
mailed-by: gmail.com
Click to expand...

6. No mention of the viayahoo.com but simply his normal address. John smith has no yahoo address, but I didn't know that.

......................................................................................
Yeah... probably too much to process, but based on my friend's experience, which continues as more of his friends or contacts reply, I thought it serious enough, and tricky enough to be a real problem.... especially if my "itsme" email address could be the start of another hack... maybe directed at me. etc, etc.
In any case, it was enough reason to change my passwords... again. Let's hope this is just another "boy calling wolf".
 
Last edited:
I would say it's a common thing.

Nothing to worry about.

It's life.
 
Any email that starts this way should always be looked on with suspicion, and even presumed fraudulent.

imoldernu said:
It came in on gmail, with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor..."
Click to expand...
 
Something similar happened to my emails twice.

One time while still w*rking. Another to an aol account.

Each time, folks contacted me as I didn't even know of the hack til then. There was no "help me" email but must have got hacked someone.

Sounds like your friend should make sure his computer is virus free.
 
Once when I was still working, in the middle of the morning I got an email from one of my employees personal email accounts that said something like he and his family were on vacation in a foreign country and had been robbed. If I'd be able to lend them some money, please reply and he'd give me instructions for a wire transfer.

I walked down the hall to his desk and said, "hey, I was pretty sure you were right here as I had not approved any vacation time recently. Do you know you've been hacked?" He did, as he'd been fielding calls from many distant relatives and friends wanting to help. His email account had been compromised, and from there, the thieves had reset his Facebook password and posted the same story and he couldn't get into either account to fix it.

It took a few phone calls to get back into both accounts and notify everyone that he and his family were fine.

This is why two factor authentication is a good thing.
 
"with the title "Urgent" , and read as follows:

"How are you? I made a trip, Please I need you to do me a favor...""

MichaelB said:
Any email that starts this way should always be looked on with suspicion, and even presumed fraudulent.
Click to expand...

+1000! Those combined are RED FLAGS!!!

Did your friend ever send you something "Urgent"? Sure, first time for everything, but there's at least a yellow flag - proceed with caution.

Then "How are you?"? Note he didn't use your name? Too generic...

"I made a trip", not "I took a trip", or "I'm on a trip", or "I'm away from home"? hmmmm, sounds like a non-American-English speaker to me (is your friend a non-English speaker?). Also no mention of where (might be a give-away), more generic pablum....

Then asking for a favor. Shields Up!

Clearly, your friend's email got hacked, probably just a brute force password guess. Everyone needs to use a STRONG password on their email, as it is the gateway to so many things. But it could also be a virus. He should change the email PW from a TRUSTED computer, get his cleaned up/checked, then continue on.

I think you are OK, but maybe some experts can comment on that. But it wouldn't hurt for you to change your PW as well, to something strong.

-ERD50
 
The strangest one I got was from a friend, who passed away a year or more ago.
But, she is still send e-mails:confused:
 
Those are often spoofed email addresses--click on the sender and a different email address appears--so not really sent by a hacked email account. Re FB and addresses--I wanted to check out a place using its app and somehow my inactive empty FB came up as a log in option when I downloaded the app. The app said it would not post to my FB page but that it would have access to my friends and my email address book. Easy to see how a spoofed email could use one's address book.

A few years ago I was apparently selling Viagra to everyone in my address book :):
 
Last edited:
Quick follow-up

Just received this a few minutes ago...from Facebook, which I'm signed up for, but have never used.

Hi itsme,

We received a request to reset your Facebook password.

Click here to change your password.

Alternatively, you can enter the following password reset code:
884918
Didn't request this change?
If you didn't request a new password, let us know.
Click to expand...
(showed a link to click)

I have not been on facebook at all, since the day I signed up well over a year ago.
Based on my OP, am thinking that the "via" yahoo could have something to do with that Yahoo hack. The follow up on the link about changing the facebook password, said that the "request" may indicate a hack, and also asked if I had received requests for password change from other websites.
 
Anything more than a blank profile on FB is sharing too much info :(.
 
Happens all the time, you have to stop and look over any email that isn't completely familiar in every way - even if it seems to come from someone you know. You have to look at the exact email address, especially if there's anything odd or "urgent" and asking for a response. It may have a familiar name in front of the @ sign (not always), but usually the domain is something unfamiliar, usually from another country IME.

You probably know to never click on a link or open an attachment in a suspicious email. If in doubt, DON'T.

It used to be they were so poorly done it was easy to know it was a fraud - they've gotten smart enough these days that they use logos and formats that look like the real thing.
 
Last edited:
MichaelB said:
More scam.
Click to expand...

Maybe, maybe not... apparently this did come from Facebook, as this Q&A comes from the facebook secure site. The email did come from the address mentuioned in the Q&A below.
https://www.facebook.com/help/community/question/?id=945838113505

What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.

Yes, amusing, but confusing... in any case, it tells me that someone can now access my facebook account without me knowing anything about it.

So... if it can happen like that, what's to stop them from using my Gmail account to access any of my other connections... banks, amazon, etc.... I've changed my password on the Gmail account now, but what could have happened in the meantime? After all, they were able to access my facebook account.

So, I'll stop here. It is what it is... At this point, I think the lesson learned, is to always expand the "from" address on incoming email, to be sure that the "from johnsmith@gmail.com, doesn't also have the "hidden" viayahoo.com added to it. That's how it all started.
 
imoldernu said:
...
What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check....
Click to expand...

I don't think they got so far as to access your account--they tried to sign into your account and when they didn't know your password, asked for a password change, triggering FB's email to you.

I did get an email from Discover a few months ago that someone had tried to change my password for my card. When I called customer service, they said there wasn't anything fraudulent going on and perhaps someone had mistyped their own account number--they still replaced my card, but weren't very concerned.
 
imoldernu said:
What this tells me, is that somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.

Yes, amusing, but confusing... in any case, it tells me that someone can now access my facebook account without me knowing anything about it.

So... if it can happen like that, what's to stop them from using my Gmail account to access any of my other connections... banks, amazon, etc.... I've changed my password on the Gmail account now, but what could have happened in the meantime? After all, they were able to access my facebook account.

So, I'll stop here. It is what it is... At this point, I think the lesson learned, is to always expand the "from" address on incoming email, to be sure that the "from johnsmith@gmail.com, doesn't also have the "hidden" viayahoo.com added to it. That's how it all started.
Click to expand...
No, someone may have tried to log into your FB account.
You should never click on the link you get in an email. If you have doubts, go to FB, log in, and change your PW.

Even if they could log into your FB account, how would that help them log into GMail, banks, etc? (Unless you use the same PW and username everywhere)
 
imoldernu said:
somehow, someone signed on to facebook in my name... accessed my account, and requested a password change. The email from facebook was sent to my gmail address as a security check.
Click to expand...

This is very common; it happens all the time. DW used to get her account "cloned" about once a month.

She stopped it by changing her practice to always sign out of FB when she has finished using it to keep up with friends. She then signs in again next time she wants to use it.
 
Your friend has a computer virus, and it's trying to spread to his contacts via his address book.


Tell him to run a virus scanner to clean it up.


And tell him to either stop clicking on sketchy-looking email attachments, even if the email comes from someone he supposedly recognizes (it just means they have a virus, too), and/or to stop surfing ... *ahem* ... web sites featuring "adult" content.
 
Several years ago I was on a cruise with my parents. My Dad was right in front of me when I received a message from his iPhone. It said, "you are an a$$hole". This came from one of his web mail accounts - maybe gmail. It was funny at the time.
 
MichaelB said:
...
You should never click on the link you get in an email. If you have doubts, go to FB, log in, and change your PW.

Even if they could log into your FB account, how would that help them log into GMail, banks, etc? (Unless you use the same PW and username everywhere)
Click to expand...

This.

Don't even spend a micro-second trying to figure out if the email is authentic or not. Assume it is bogus, just go directly to the source itself, from your previous bookmark or other trusted source, and go from there. If they managed to do a good job of fooling you into thinking the email is genuine, they got you. Don't even give them the opportunity.

-ERD50
 
Along with looking at emails with subjects of "Urgent" or "Help Me" or "Viagra" :), remember preventive measures in the first place.

Updated anti-virus, malware software and as others mentioned, 2FA and using a good anti-spam filter email filter. In the FB example, even if the scammer got the password, 2FA wouldn't blocked the scammer from logging in. As for the scam email, a spam filter that "learned" what is spam probably would have just placed the email in the spam folder and the friend may have never decided to click.
 
MichaelB said:
Any email that starts this way should always be looked on with suspicion, and even presumed fraudulent.
Click to expand...

Exactly.

And, realistically, if a friend needed urgent help they would be phoning me or at the very least sending a text.
 
I got a email from Apple today saying my billing address was updated by someone this morning. It gave me a link to change my password if I didn't do it. I didn't use that link, but I did go to Apple site using a different computer to login and changed my password. Did I do something wrong?
 
You must log in or register to reply here.

Similar threads

Mr._Graybeard
I got phished
2 3 4
Replies
85
Views
5K
isisdave
I
T
What's Your "Good Deed"?
Replies
12
Views
602
TickTock
T
ownyourfuture
Suspicious Email *Regarding State Return*
Replies
20
Views
2K
Koolau
Koolau
FlaGator
Direct Marketing Incompetence – A Vexing Problem
2
Replies
35
Views
930
athena53
athena53
easysurfer
MOVEit Hack
Replies
10
Views
861
easysurfer
easysurfer

Latest posts

Back
Top Bottom