Hacked

It was clearly not the first rodeo for the hackers. They seemed to have most bases well covered.
They are pros in one sense of the word.

They also likely run a script (an automated computer program) that quickly makes a bunch of evil settings to the account in a matter of seconds.
 
Thanks for sharing. Good reminder to check for the 2nd means of contact.

I've gone through all my accounts to make sure I have at least two phone numbers and/or e-mail accounts on each. I've been known to drop my phone over the side or otherwise destroy it, and these days you can't log on to just about anything without that 2FA text.

Another thing I've done is enable notifications for any charges to all my credit cards and checking accounts. It won't prevent theft, but at least I'll know pretty quickly if anyone makes a fraudulent purchase. Hopefully before it's sent, in the case of an on-line order.
 
Gumby,
Regarding not changing passwords: as one other poster mentioned, keeping a list near the computer that has the username and password is one technique - but you need to maintain it. The browser your wife uses on her computer can store user ids and passwords. This isn't generally recommended.

OR, she can download an app like Bitwarden (free version is fine) that is an add-on to her browser. It does the same thing as the browser password manager. It can pre-fill the userid and password when she goes to a website. It can also make up a difficult password to use on any website/app. It can be added as an app to her device (phone, tablet) if she uses the device more than a computer. And, it has a record of each userid and password if you need to look something up.

Just a thought.
 
Gumby,
Regarding not changing passwords: as one other poster mentioned, keeping a list near the computer that has the username and password is one technique - but you need to maintain it. The browser your wife uses on her computer can store user ids and passwords. This isn't generally recommended.

OR, she can download an app like Bitwarden (free version is fine) that is an add-on to her browser. It does the same thing as the browser password manager. It can pre-fill the userid and password when she goes to a website. It can also make up a difficult password to use on any website/app. It can be added as an app to her device (phone, tablet) if she uses the device more than a computer. And, it has a record of each userid and password if you need to look something up.

Just a thought.
I have used a handwritten list on paper for some time, and I have been good about maintaining it. Now the young wife does as well.
 
I share your frustration with finding help on Amazon. Finally figured out the shortest was to click on the triple bars on far left top of page. Scroll down to help section. It will take you to a page of optons for the type of help you need
 
Thanks for starting this thread. I looked at my Amazon account, and was a bit surprised to see I didn't have an alternate/back-up email address on there. Seems like most of my accounts have that, but Amazon was set up long ago. But Amazon doesn't seem to have the option for back-up email!

So I (somewhat hesitantly) used their only other option and entered a mobile phone number. And while I appreciate that 2FA adds some security, it's a minor pain, and I also fear that if someone gets into my phone, they've got it all.

I like the idea someone posted of using an email address only for these sorts of things, and only access that through the browser, with no links to it, no auto-log on, no bookmarks, or anything.

Having complex passwords for your email is essential, IMO. That's the gateway to all these accounts with their "RESET PASSWORD" function. Scary. If someone gets into your email, they can do all sorts of things behind the scene (as demonstrated in this thread). They can intercept emails so that you don't see them, or worse, modify them and pass them on, so things look normal, but with bad info.
 
Just an update: I finally figured out why we couldn't get the reset codes from Amazon. When the hacker got into the young wife's email, not only did he start forwarding her email to himself, he also knew the emails that would be sending those reset codes to us and put them in as "blocked senders". I just found that out today by wandering around the email settings for her account. It would have helped if the email provider customer service rep or Amazon rep had suggested that we also look there, as we clearly explained the problem to them two days ago. I can't believe this is the first time this particular scam has happened.

We also worked through all her accounts this morning and changed the passwords to be unique and difficult. What a pain.
My condolences. It is indeed a royal pain.
 
I would suggest that you enable notifications on your email server to send you a notification when a new login attempt occurs. At least with gmail, they do this by default. Unfortunately, not all email services provide this capability.
 
as an aside, not to hijack the thread, I originally dismissed this when I first read "the young wife" because it seemed like an tale told from a facebook email forward. I referred to my wife once as "my first wife" and that's how the fight started.
 
This same thing happened to me on New Years Eve this year.

1. Hacker obtained access to my email password, and I did not have MFA on my email because it had been annoying me
2. Hacker setup an Outlook Email Alias to the hackers account, which subsequently copied down the servers full contents of my email history
3. Hacker setup blacklist items for all the popular sites like Facebook, Instagram etc so that if I were to receive a "password reset link" from the hacker it would immediately confuse me as it lands in my deleted, spam or blacklisted folders.
4. Hacker initiated some sort of spamming algorithm to my email where I got welcome letters after being spam signed up for 10,000s of online accounts from across the globe, all different countries.
5. The day came I began receiving spam calls from 000 numbers, or unknown numbers that proceeded for about 3 hours straight.
6. Password reset links began coming in to reset all my fun and valuable accounts.
7. Hacker accessed my credit union online portal (its a common portal used across many us banks but re branded for my bank), and transferred money ($425) or so from my personal checking, to my business checking where I had the BillPay feature enabled. The hacker then cut a check to an accomplices address in Chicago.

I've worked in IT and IT security my whole life. Let my guard down 3 times.

1. I was getting annoyed having to MFA to my core email account, so I disabled it for some time. CORE MISTAKE. All of this would have been avoided had I not done this. I also removed it for Facebook, and had never had it setup for my bank.
2. I had been re-using an old common and known compromised password for many logins that are valuable. BIG mistake. BUT its one of those things, the path of least resistence is the least secure aha!
3. I just generally should have known better to not make mistake 1 and 2 above. Complacency that was unwarranted and honestly dumb. I put my email address into my media center PC that hadn't been upgraded in years... that story below!!

The clock struck midnight, I had just finished installing the new Windows 12 OS on my Media Center PC because I was having audio issues with my home theater's atmos sound. I play all media via the Win 12 OS on a media server, so I decided to upgrade.

Windows 12 kept barking at me to put in a Microsoft email address to install the OS. I was super annoyed and it was about 10pm and I was getting tired. Instead of being smart, and googling around for a solution...I knew I could bypass this the last time, it seemed obvious but not this time!

Well, its not obvious how to bypass the email requirement You need to disable your internet, and run some special command when installing the OS to get around it. I found this out after the fact.

I think this was how my email address hit the "wire". Either that or it was when I logged into my outlook account on my media server. I never do that, never had done that, but for some reason that night, I did.

I went to bed, and sadly still couldn't figure out why my Dolby Atmos speaker ceilings weren't producing audio beyond the receivers built in test sounds.


About 3am the madness begins. I leave my phone on full volume, but downstairs so its out of reach in case of emergency calls.

Ding.


Ding. Ding.

Ding. Ding .Ding. Ding. Ding. Ding .Ding Ding. Ding. For at least 3 minutes. I wake up its like 3:03 am. I'm getting spam email sign up welcome letters from across the globe. I wipe my eyes, and enter battle mode.


The whole fam was woke up by the incessant dinging.

I start looking through email logs on my phone, and realize, mobile isn't gonna cut it. I lock into the home office by 3:05am. I'm on my Outlook desktop app on my biz PC. Fully, locked and loaded. All security up. I unplug the network, take down the router...disconnect the Coax. We are dark. I shut down my Media Center PC, and I unplug the 2 external drives that store my movie collection of over 12,000... I had heard the HDD's churning and that was odd, they idle ONLY if I am accessing the server with it on in front of me...there will be NO other HDD sounds unless I am physically there using it...something is accessing this thing... so I shut it down.


I start cleaning up emails and find the time the damage started. In the midst of the 1000s of emails I see some Password reset emails coming in for my bank, UPS, USPS, FedEx, Roblox, PayPal, Ebay, Steam, Epic Games and.... MICROSOFT. I've found the crumb, I've found the needle in the haystack.

I see a second subsequent email from Microsoft that says my email alias had been updated, and because it had been updated immediately after a password change they flagged it as suspicious and sent out the email telling me I should double check all security.

So, I use the password reset link (its special, its outside the regular reset links on the apps) its the one that came in through my alias being changed, and this is key. HAD I not realized that my alias had been changed on the Outlook web app, and subsequently went in and wiped out the email that the hacker had put into that field...they would have continually been copied on all of my SUBSEQUENT attempts to reset my own passwords, and intercepting those attempts.

SO I clear out the alias, and now I take a breathe. I can do further assessment and damage control. I know that the hacker no longer has access to my email, MFA is in place with a new non-comprimised password, CHECK, and CHECK!

But facebook, oh boy. So they get into that account, reset the password, and update the recovery phone number from my number to theirs. They then update the email on file for the account to the hacker email. That account is gone forever. Connected to my Arborists business page, un recoverable. FB support is horrendous.

The problem is, I had a linked Instagram account. They were able to compromise the instagram account and since the two companies are all mighty powerful Meta, and naturally like a dysfunctional family, getting one to resolve the other's hacked account problem is a lost cause. I created a new account with a new email address.

The hacker took control of my instagram, spam posted all my connections... then violated instagram rules, which disabled my instagram, and subsequent facebook, and subsequent facebook business page. I wrote a letter to the California Attorney General and they said their was nothing they could do to help me recover a Meta account. Again, that account is lost. Don't ever expect the BIG companies to help.

It's New years day PM now, and I'm on the phone with my bank's cyber security and fraud department explaining the whole cut check deal out of my business account. I tell them, never in the history of kgtest's banking has he evet transferred money from his PERSONAL over to BUSINESS.. I says, the money flows the other way, obviously. The business cashes the checks and ALL that money flows back into my personal account, AMERICAN DREAM BABY! They get it. The account was locked down, but now the payment is put to a stop after me explaining it all. Otherwise, the hacker would have been able to cash that check. I tried to USPS track the packages final destination address in the Chicago area, but I would need to know the exact zip code for UPS to reveal the address on the online tool and I didn't feel like cycling through every possible Chicago zip to discover where the check was headed. What was I gonna do, give the guy a knuckle sandwhich after snagging bus ticket to Chicago?? Cyber Security said 100% the address this check is going to, and the person responsible for attempting to cash it, IS ALSO a victim of a crime and being extorted.

At one point the Credit Union was demanding I have a trained tech scan and assess my computer hard drive before they would allow me back into my online account. That stance didn't last long. I literally DISKPART clean the server's HDD, scanned all the external drives and found no virus.

So where was the actual point of infliction:confused: And why did it happen at the exact moment it happened? Those questions bother me today. It's my belief that when I signed into the Windows 12 OS on New Years eve with my Outlook account, that triggered an algo that the virus kicked off notifying someone that my account was vulnerable. Then it was accessed and the "farm" took over.

There are literal encampments of enslaved workers spamming people everyday. There are 3 that are known but more keep popping up, and they move from third world country to third world country. Fascinating circumstance really. Dig into it a little. It's us vs them, folks.

If anyone is still following me, the damages were not too extreme. Cost me quite a bit of time recovering passwords. It happened right before a 12 day trip to Maui, so I had to deal with a little fall out while enjoying island time, meh.

I had a few declined transactions as bank accounts were getting re-issued. That cost me some fees. Most of those I was diligent to get removed, but I know I missed a couple (we run a 300k plus annual HH budget plus biz txn so there are a lot of moving parts, I believe have over 28 accounts but I am not certain(.

It cost me less than $100 but a lot of time. DW got upset with me in front of the neighbors which is out of character for us, over the whole ordeal...but I get it. She doesn't want our trust and position in life compromised and this was a little ding to the armor. None of her accounts were impacted...only things with my email address associated.

1724784892653.png




For anyone who read this far, make your passwords way more secure than you think they are today and use MFA where you need to use your phone to login. And NEVER lose your phone.

One other tip, had I not had the Outlook app on my PC, and the web version or my mobile version...it would have been impossible to recover and cleanup all the damage from the spam that came through.

All is well now! Still a millionaire :D
 
as an aside, not to hijack the thread, I originally dismissed this when I first read "the young wife" because it seemed like an tale told from a facebook email forward. I referred to my wife once as "my first wife" and that's how the fight started.
I have called her the young wife here since the day I joined this board in 2006, and, more generally, I have called her the young wife since the day we got married in 1984, because she has always been two years younger than me. When I first met her, she was a teenager.
 
This same thing happened to me on New Years Eve this year.

...
Thanks for adding your story. It is a huge pain to deal with this stuff, and if we can get people to improve their security by recounting our experiences, it will be at least some consolation.
 
Gumby, thanks for this thread. It got me off my butt to go into my password manager and spen 1/2 day (or more) changing passwords, deleting unused ones, resolving duplicates, and taking things out of there that should not be in there.

Oh, and don't lose your phone is a great message. Or, if you do lose it, make sure it's password encrypted and with face recognition.
 
LESSONS



5. Amazon customer service is abysmal.
I agree.......yet OP plans to continue to reward them by continuing to do business with them. There's not much for sale on Amazon that you can't buy elsewhere for less money with better customer service. Their customer service will never improve until people start taking their business elsewhere.
 
I agree.......yet OP plans to continue to reward them by continuing to do business with them. There's not much for sale on Amazon that you can't buy elsewhere for less money with better customer service. Their customer service will never improve until people start taking their business elsewhere.
I felt that way with facebook. I stayed away after their horrendous customer support yielded no results after futile attempts.

But capitalism talks. And I was losing a lot of money not being able to connect with customers via Facebook Marketplace etc. So reluctantly, after a 3 month hiatus with spring rolling around, and me wanting to be able to connect with marketplace folks for tree care needs, I signed up again. I felt a little "dirty" doing this tbh, but a man's gotta eat.
 
As long as we don't get hacked again and need actual personal customer service, Amazon is fine for our needs. Free shipping and easy returns and the price is usually competitive. I also trust them to actually be selling whatever it is they have listed. We've had bad experiences with online sellers before being scams that take the money but don't ship the goods.
 
I agree.......yet OP plans to continue to reward them by continuing to do business with them. There's not much for sale on Amazon that you can't buy elsewhere for less money with better customer service. Their customer service will never improve until people start taking their business elsewhere.
I don't agree with this.

We order a lot from Amazon. We get our moneys worth out of Prime every year. Generally we have stuff arriving multiple times a week, specifically because of the sheer breadth of what they offer, convenience, the lower prices, and the customer service. We've rarely had any issues with customer service. No more than 5 real problems over 25 years. Generally, if there's an issue with an order, they resolve it or give a refund instantly.

Clearly, in Gumby's case there were issues with the customer service. However, I don't think it's the norm, and his tips for avoiding the issue he had will prevent it from happening to others. Maybe, if hacking accounts becomes more prevalent with Amazon, they will come up with better procedures to handle it more effectively.
 
Just to add to the above, I've found Amazon customer service to be fantastic. Using the on-line "chat" type option, they're always quick to remedy any problem I've had. Returns are easy, or they might just credit your payment and not bother with the return.

Of course that implies you're able to log on and use the chat feature. And, yes, they're difficult to reach by phone.
 
Sorry to hear about the hack, but why would anyone hack a Facebook account ? (unless it was a business account?) I have one, but never use it anymore.
Being able to pose as a friend opens up a lot of opportunities. My daughter did not practice good online hygiene and got her FB hacked. The hacker reached out to friends with wonderful job opportunities and other scams. One of them bit and in the process got friend to give back account numbers for “direct deposit” and emptied the friends account. I don’t know if the friend ever got her money back.

I tried getting through to Facebook but it was impossible. Life a bunch of messages via the app. My daughter ended up just getting new account.

One time a friend of my daughter on FB (who likely had been hacked) had a great deal for a used car. Wanted a down payment of a few hundred $ to “hold it”. Daughter did it but it was a scam.
 
My takeaway from this is do not use an email service that doesn't offer you the option of being notified on your phone when someone tries to login from a new device. Gmail will make you say yes or no before allowing a login
 
Thanks for this thread. This morning I added 2 factor authentication to some accounts that did not have it plus I removed my credit card info from Amazon and some other accounts where I can just type in cc info as needed. An hour of work but better safe than sorry. I already had good unique passwords on all accounts.
 
Back
Top Bottom