Sunday 28 March 2010

My Palm Sunday Saga: Foiling A Nigerian Cyber Criminal Attack!

Hello my friends, this is Clair back again in control of my own blog - for real this time - having recovered my email account by utilizing a secure computer (other than my own laptop.) Some "blankety-blank" cyber criminal from Nigeria hacked my password to my Gmail account and took over my personal email address book - with about 1900 distinct email addresses in it - plus impersonated me on my own blog (right here) which gets controlled by that same Google password.

He also took over, then took down my Facebook site - out of spite, because I foiled him on the other.

All the postings my friends were putting on FB to warn me and everyone else actually went straight into his hands and probably been deleted, until he got tired of managing that, I suppose. I never had access to any of my personal emails he siphoned off for almost 20 hours - and still don't - except for approx 50 "good" emails he decided to stash into my trash folder (which I rescued later.) So please review your sent folder for any email you sent me from about noon on Saturday onward to mid-day Sunday - East Coast time in America - or during the day and evening Sunday if you live in Australia.

You can resend email to me without fear and trepidation if it was important or still relevant, since I'm back in control of my own email. You can use the same address, since there is a strong layer of security around it now - beyond what I already had! I sincerely hope no one else gets their password hacked like I did, but realistically, these days its more a matter of when, not if. The unsuspecting and naive are particularly vulnerable.

If you want the gory details on what he did, including how I and some friends helped to foil the plot and stopped him in his tracks - read on! (You might learn a few important things about how to prevent this, or at least what to do or look for right away if it happens to you - without having to give up your whole history of email.)

This was the original message, which that perpetrator sent out in great batches of email as well as posted on my blog for a chunk of time over the past day:

-------------------
I'm sorry for this odd request and I'm writing this with tears on my eyes due to the situation of things right now,I'm stuck in London United Kingdom with my family,we came down here on vacation and we got Mugged at GUNPOINT.. worse of it was that cash cell phone and credit cards were stolen,it's such a crazy and terrifying experience for us,I'm scared and so worried right now.. we need help flying back home, the authorities are not being 100% helping, but the good thing is that we still have our passports,Our return flight Leave back home Today,But i still have problem in sorting out the hotel bills ..

I'm freaked out ..............

Clair and Carole Anne.

---
It's apparent this automated system was controlled by a spy 'bot, because several people reported to me during the aftermath that if they responded with an email of concern, they all received an IDENTICAL follow-up histronic comment in return (identical as in key stroke by keystroke) but which still was effectively designed to heighten the angst:

RE: Carole Anne and i needs your help!!!

OMG!!!I'm so glad to hear back from you I'm scared and so worried right now,it's was so Terrifying....thank goodness i still have my life and passport,my return flight leave back to the state in few hrs time,but i still have problem in sorting out the hotel bills,i was just wondering if you can loan me some cash $$ till i get back home to refund you back. All i need is 1000 pounds and you can have it wired to my name via Western Union

Here are the details you need :

Name : Clair Hochstetler

Address : 30 Leicester Square

City : London

Country : United Kingdom

I'm so happy you are helping and I promise to pay you back


-------------------------

Yeah, right -- so glad to hear that "your happy!"

Trust me, we won't ever likely be "stranded" anywhere in the world, even if we have cards and money stolen. We know how to protect ourselves from all that crap, being quite world travel-savy by now. As one of my friends said in a message posted to Carole Anne today - if something like that ever happened to us anywhere in the world, knowing us and our "resourcefulness", he was quite confident that we would have made 20 new friends in the first ten minutes who would be willing to help us make connections! I imagine he's right about that...

I do hope nobody got suckered into this scam so prevalent now world-wide. This story yesterday from CNN describes the problem well. I do have good anti-virus, anti-hacking and spyware detection security installed on my laptop (using a reputable package from Comodo which I auto-update three times a week) so I'm still not sure how this cyber criminal pulled it off. They must have accomplished it while I was online because I thought it was strange when I was accessing my Picasa Web sit (my photo storage site online, also controlled by Google) and it asked for me to type in my password again which I never had to do before. After I typed it in, the trouble began, it wouldn't work, and I simply went to bed to figure it out in the morning. Then the bogus emails began flowing out in batches - as I slept. Probably to my whole list!

But I can tell you that scammer happened to pick on the WRONG GUY this time around! I've traced him down got his phone number in Nigeria, and am in the process of contacting a good personal friend originally from Nigeria and living in Chicago who is actually back in Nigeria there right now visiting and working for a few months in his home area around Lagos where this crap happens all the time. I'm sure hoping he will help me figure out WHO the best authority is to report this to and we can "nail" the perp.

Fortunately most of my friends quickly figured out something like this was happening when they read the terrible grammar of that message, and Carole Anne and I got a slew of text messages, mobile phone calls, and several skype voice mail messages from friends all over North America and Australia wondering if we were safe - or simply warning us of the breach of security. I wonder how long this will string along? Maybe until all the batches of email get sent out, I suppose...

When I awoke this morning and was warned by an early phone call from a very concerned friend I quickly logged on with Carole Anne's computer and we change all our passwords for the online access to a couple different bank accounts so no money was taken or accounts compromised there. What they were really interested in, though, was not MY bank accounts, but my friends each sending a thousand pounds to London on "my behalf" into the Western Union account "I" had set up!

That friend who called me this morning was quite worried because the description of what happened to "Carole Anne and me" in that first email actually happened "for real" to a chaplain friend of his in Rome a while back, when the guy got mugged at gunpoint, had literally everything taken off him except his passport returned, and was left stripped down to his underwear, keys and money gone and all....and then he had to go to a hotel nearby mostly naked, and emailed my friend for help from Rome. Yes, this is true!

It took TWELVE HOURS after my system was compromised to reset my account with a very strong password (my backup email address was my account at the hospital and I couldn't access it no matter what I tried - because the hospital's computer/email system also apparently had a some sort of major glitch to repair today and "took a holiday".) So I was FINALLY able to trace down the abnormalities within my Google account as soon as I got back in control and reset the four "switches" he had messed within it's inner workings:

1) He had reset the Google account home country to Nigeria

2) The phone contact in my account (the greatest mistake on his part) was reset to his own phone! All I had to do was do a quick "screen shot" of all that so the authorities have it.

3) He had established a fake email account on Yahoo.com - with his own password so I couldn't access it - which closely resembled a legitimate one I had at Yahoo, and hit the switch so that any password reset information would be sent there: clair.hochstetler@yahoo.com -- I stayed ahead of him on that one by adding some more options for email addresses to receive password reset information and changed the password twice in quick succession during my own reset, so he lost out on that one!

4) The perp turned on the forwarding email switch so all email anyone sent me after this happened went to that new email address he controlled with his own password instead of staying in my Gmail inbox. (I didn't find that extra "glitch" for a while.)

One friend was savy enough to deliberately string him along in a series of email communications back and forth and obtained the ISP tracing I can use to report him, and another friend has been had some bold conversation (stringing him along deliberately via IM "chats" with "me" on my Facebook) to try to get the information from this scammer on the account number he was setting up in London to receive the money. All useful for filing the report to Google and the authorities. I hope they won't take too long to respond - but I won't hold my breath with the great amount of this criminal activity going on. It will be interesting to see if/when the authorities in Nigeria feel like even dealing with this.

Meanwhile I'm steaming angry about how the perpetrator took down my entire Facebook later today, probably in retaliation for being traced. I finally was able to get my FB site restored with a DIFFERENT and exceedingly strong password - as I did with my Gmail account - but it took 24 hours of waiting without access to get it.

UPDATE -- see the note I made to my friend Val below: I finally shut him out of Face Book as well, and sincerely hope that there will be no more "faux" conversations with that Nigerian scammer posing as "me." But I sure do want to hear about it if such occurs again after the point in time that I made that comment below.

If you have a Gmail account like I do,
here is some very valuable info about ways to monitor any suspicious activity. However, I'm actually having some second thoughts about Google's vulnerabilities, lack of personal support, and particularly what can happen to users like me who are stuck with using a comprehensive one-password system powering many different applications Google owns. The crim gets one password and can access "everything" in the Google family "system."

I've pulled down all five years worth of email which was stored only ONLINE, back out of "the cloud" now and inside my new Thunderbird 3 (compatible with Firefox) but in the process saw that he siphoned off all my individual and group contacts - yep, all 1900 + of them. I grabbed my email back just in case they decide they have to shut down my Gmail account for good and force me to start a new one. I sure don't want to lose all that history.

Theoretically anyone's email can "go down" if a spy worm intercepts your FaceBook or other social networking site when online. (Yep, that's where I now suspect it all started - and I hear that's where the most vulnerability is.) We have got to figure out how to stay protected from the dastardly designs of such scum! However, what I'm reading now is not too encouraging...and a lot of it is written by people with Macs who are not traditionally plagued with viruses and worms in their computers - but it's all happening to them now, as well, while online interacting with their data in "the cloud."

Jeepers, what a way to waste a perfectly good Sunday - and it was Palm Sunday at that! And most of the next night, too, calming down my very worried peeps.

I suppose in the "Big Picture" of things....a very good thing to come out of this debacle is just knowing we still have many good friends - both here in Australia also scattered around the world - who really care about what happens to Carole Anne and me!

Somewhat calmer now...
Clair

6 comments:

  1. Clair,
    He is still attacking - you need to change your Facebook password. Just moments ago I got this Facebook message from a scammer on your Facebook account. Val

    Sunday
    12:06pmClair
    hey

    12:06pmVal
    hi there!!

    12:07pmClair
    how are you doing?

    12:07pmVal
    Did you get out of London ok?

    12:07pmClair
    we really need your help
    and thats why am on here

    12:07pmVal
    You are in London?

    12:09pmVal
    call me

    12:09pmClair
    i cant cos i dont have access
    to a phone right now

    12:10pmVal
    use Skype

    12:10pmClair
    i cant cos am in public library now
    and the network is so poor

    12:11pmVal
    use your own laptop

    12:11pmClair
    all we need is 970 to sort our hotel bills

    12:12pmVal
    I'll call you

    (he stopped responding after that)

    ReplyDelete
  2. Clair and Carole Anne: What an ordeal -- and it could happen to any of us. I use gmail, as well as bellsouth, and I did have something strange recently with having to type in my password again. Have not noticed or heard of from others, any problems, however. When I first read the email, I was surprised, because I hadn't seen any emails about going to London. Then the whole story struck me as fishy, especially when I read the title, etc. with bad grammar. I've gotten enough mail from Nigeria and elsewhere with that kind of poor English and poorly written sentences to recognize SPAM or hackers. I hope you have had the last of that experience and are free from now on. I'm wondering if maybe I'd better change my password to Google -- think I will today.

    ReplyDelete
  3. Val, I was able to get clearance to reset a strong password on my FaceBook account just now. I shut him out - I sincerely hope that there will be no more faux conversations with the Nigerian scammer!

    ReplyDelete
  4. I knew it was a farce. You and I have the same luck. Remember when the associate of our favorite realty company stole my identity using google. I told you then and I'll stick by it now, Google is bad. They are set in a way that allows this to happen. I don't use google in any way at all. I didn't think your spelling could possibly be that horrible. Glad to see all is well.

    ReplyDelete
  5. Clair, I responded to his initial email with my concern and that I would pray for you all. He then responded with the OMG response listed above, and asked for money. I told him I couldn't do that, but to please skype me and talk to me. No response after that. Then I worried that now he would mess with my email contacts, since I responded. Do I need to take any special precautions now? Or change passwords? I hope not! Gloria

    ReplyDelete
  6. Gloria, it depends on what sort of email service you use and your computer security setup. I use Comodo Internet Security package and it was strong and kept secure. The problem is out there in cyberspace and with web-based email in "the cloud" like Gmail. If you use Gmail know this could happen to anyone at anytime no matter how secure your own hardware is. The best advice I can give you is to read (all of it) the notes and comments in this Gmail forum: http://www.google.com/support/forum/p/gmail/thread?tid=66c56da9fbf74f9b&hl=en

    ReplyDelete