My Email Account Was Hacked! How I Regained Control of It
89© 2009 by Daniel Carter. All rights reserved. Copying or reproducing any portion of this article without permission is illegal and will be prosecuted.
Traveling Abroad
I had the opportunity to travel abroad earlier this year. While I was abroad, I checked email about every day. I didn't use an internet café, but rather we stayed at a place with a public computer. That was a mistake. What I didn't know was that computer had spyware on it, and I was completely exposed as I checked email and other accounts. With spyware installed, a hacker got information to my hotmail account. I had a low level password, so it wasn't a problem for him to crack. I found out later that these career hackers have all kinds of programs to help them crack codes and passwords.
A Big Surprise When I Got Home
I was only abroad for about a week. It wasn't until I got home and settled again that I received this very strange message at an alternate email address:
"Hello,
Sorry i did not get you informed about my short trip to london for a seminar on empowering Youth for Fight Against HIV/AIDS,and i was attacked on my way to the hotel by some hoodlums and they took away all my belongings, i have reported the incident to the London Metropolitan Police and they are still investigating the incident,So i thougth to contact you if you can help me out financially so i can sort out my hotel bills and fly back home,And i promise to refund you as soon as i get back home.Let me know if you can help me so i can give you my details."
(The message appeared exactly as above.)
The hacker sent this message to every name in my address book—nearly 600 people. Those in regular contact with me were aware I was traveling, but a little bewildered by the supposed side trip to London. I was actually home, and hadn't even been in touch with many of my close friends and family yet.
There are strange little clues that the message was not really me. It isn't my writing style, the wording was not familiar to my style, there were strange typos uncommon to my writing, etc. But regardless, I was supposedly greatly distressed by the mugging, and therefore, a valid reason for the strange writing. At least that's what was hoped, and it actually worked in one case.
After getting this message, I quickly tried to log in to my hotmail account. No luck. No matter what I did, I couldn't log in. The hacker now owned my account. I was permanently locked out unless I could prove the account actually belonged to me. The hacker could go on scamming money from all of my friends and family. I nearly panicked.
What to Do, Step by Step
• First, contact everyone in your address book as soon as you can. Let them know the situation, use an alternate email address, and tell them not to respond to the hacker. Make phone calls, send text messages, and enlist the help of friends and family to spread the word. You don't want anyone to fall for this scheme. Time is not on your side, so get as much help in contacting people as you can.
• Second, regain control of your account. You don't want to just abandon your hacked account because the hacker has access to not only your personal information, but potentially everyone else's in your address book. By giving the hacker an opportunity to contact them, he may be able to set up spy ware on unprotected computers, and perpetuate his hacking crimes.
Depending on your email provider, the procedures for recovering the account may differ. Free email accounts are particularly difficult and frustrating to recover because there is NO live help. No phone support, no contact except by unearthing, excavating and carefully looking for the proverbial needle in the haystack for the one form that you fill out and they respond to in (hopefully) 24 hours.
Sadly, hacked email accounts are rather common, but to my advantage, that created a lot of public information that isn't too difficult to find. The best source of information I found was ask-leo.com. This is what I found:
Where to Look to Reset Password
Then Go Here:
ask-leo Provided This Info
To contact Hotmail Customer Service:
- Log in to Hotmail - ideally with the account you have a question on, but any account will do.
- Click on Help, in the upper right corner of the Hotmail page.
- Click on View other Help suggestions or contact us near the bottom of the left hand side of the resulting page.
- Select Other - Contact MSN Hotmail in the Category drop-down list.
- Fill out the contact form.
Since Windows Live Hotmail has arrived, here is an updated link for contacting them.
It took me about an hour and a half to get through the layers, searches and finally, the link to the form to fill out to request a password reset. But if this happens to you, don't give up. Keep going till you find it. It's not just your security that's at stake.
This next part is CRUCIAL
• Third, get the link to reset your password and make it VERY secure. Additionally, change all the security information.
I got the link to reset the password, regained control, but only changed it to a moderate level security, which was a big no no. (I hadn't yet read the information I've included below about the importance of secure passwords.) And I left all the other security information the way I had it originally, even though the hacker had changed most of it! Another no no.
Within 24 hours of regaining control, sending out emails to everyone in my address book warning them of the scam, I lost control of the account again to the hacker. He contacted msn and requested a password change, and they GAVE IT TO HIM! So once again, I had to proveI owned the account by supplying information only I would know. They resent another password change link and I finally regained control. But by this time, there were some consequences.
One of my friends fell for the scam. In two installments he sent a significant amount of money by Western Union to a London office. He was just trying to be a devoted friend. He said the only thing he could think about was me being beaten in London, with no money, no phone, no anything, and he wanted to get me home safely. The point is, it could be any of us, really.
So once I got control of my account the second time, I did the following:
• Fourth, forward your address book to your new primary email account and delete it from the hacked account. I also forwarded all important messages to the new account. Once you clean out the account, delete it entirely. Shred it, destroy, and otherwise obliterate it. This is really about the only way to keep the hacker from getting it back that I know of. They are tenacious and love the challenge of the sick game it is to them. They believe they are smarter than you, especially armed with all their equipment. Don't give in.
• Fifth, label all correspondence between the hacker and contacts and keep it as evidence, forwarding it to the new email address. Your hacked email account is a crime scene, if he is able to scam money from anyone.
• Sixth, file a report with the appropriate authorities, if required. My friend filed a police report about the money scam with local authorities. They kept the report on file, and instructed both of us to file a report with the FBI.
• Seventh, file a report with the FBI if the hacker actually gets money. Internet Crimes must be reported online. Calling the FBI to file a report will do no good. The place to file the report is called the IC3 division. (Click here for the link.)
Now here's an interesting bit of information. Since the crime also occurred in England, I went to Scotland Yard's website, and spent another couple of hours trying to figure out how to file a report with them, only to finally read that they are in partnership with the FBI, IC3 division in the US, and they share and exchange information. So learn from my experience and just file the report with IC3. [Sigh.]
What I Learned
Crack Your Password in a Second or Less!!
• I learned that if you are going to use free email providers, free is the biggest reason for having extremely secure passwords. I'm finally happy with mine.
• A lot of public computers are safe. Libraries, are generally a good example. However, lower standards of safety occur in many, many locations. You may want to inquire about the security of a computer away from home.
• It's worth it to fight to get your account back. I found out later that others in my address book suddenly had security issues with email, and social network sites. However, they never became as severe as my case. We think my hacker also tried to hack some of their accounts as well.
• If you ever get hacked, change passwords and security information on every other account you have on the internet. I did have some minor problems with breaches on a website I maintain, and strange blips on some other secured accounts, so I changed all passwords and security information on every account as quickly as I could. No troubles since then.
Somewhere, on a Yacht . . .
We learned from the FBI (on a very long wait to talk to someone who told us to file the report with IC3) that in our case, the scenario of my being hacked was most likely something like this: A guy sits out in the Mediterranean Sea (or somewhere on the ocean) in a luxury yacht filled with all kinds of computers and and hacking devices, floating around so no one can get a permanent fix on him, using spyware planted on computers all over Europe. When he hacks an account he's interested in, he sends out the scam email to everyone in the owner's address book, and then if he gets a bite, he instructs one of his "flunkees" on the continent somewhere to pick up the money via Western Union. The amounts are usually $1,000 or less, but if you can get that amount two or more times out of one person, and then get more from others in the address book, you've got pay day. The "flunkee" forges ID using your name, walks in and picks up the money. Western Union, to my knowledge, never asks for more than a "look-see" of the ID. They don't photocopy it or record it in any way. The crook is a free to go, cash in hand. Therefore, it would be wise that if you ever do wire money through such a service as Western Union, you could stipulate that you require a photocopy of the ID used as a requirement for picking up the money. That way, you eventually get the photocopy, and bingo, you've got a photo of your thief. This is all after-the-fact thinking, and I haven't tried it, but if any of you ever do it, please post and let me know if it works.
The IC3 unit is apparently besieged with such reports as mine. And I was one of the lucky ones who actually got my email account back and only had one friend scammed out thousands instead of millions of dollars. (According to the FBI.) But for anyone who has to endure this, just keep calm, be methodical about solving the problem, and follow through. Your security is only part of the equation. If you follow through to regain your account (if you can) and warn everyone else, you are saving an exponential amount of grief and money.
Let me know if this article is helpful. If I need to clarify or add more details, I will.
P.S. A Very Strange Twist
I received, below, a message from an unknown source, bragging about how to make $100K a week by "hacking" Western Union, or any money transfer business, by changing the name of the recipient to ANYONE you choose, thereby allowing the hacker to receive any and all funds he is able to hack. Obviously I am very angry to think that even hackers are trying to victimize more people by using this hub for illegal activities. But further, it demonstrates the ease at which anyone who is dishonest and too lazy to seek gainful employment can prey upon people such as you and I.
Below is an edited version of the message I received in the comments section of this hub. Edited, because I want to make people aware, but don't want to help increase traffic for such malicious information.
"Dear Customer,
What's ****** ******? And How does It Work?
***** ***** is a software that cracks money transfer databases and gives the DATA for payments made to any country in the world.
The new feature now is that you are able to change the receiver's name to any name you choose in same country and you are also able to make new transfers by accessing other's debit cards/credit cards which has unlimited financial capabilities.
The cost is $1000 and with it you can be able to make $100,000 weekly if you are smart.
You won't regret it getting one for yourself
Thanks."
GRRRRRRRRR!!!!!!!!!! Makes my blood boil!!! Especially after my friend and I have been victimized by such people.
However, there is another bright spot. A reporter from Associated Press read this hub, and interviewed me as a good source for how to overcome such hackings. After my experience, I was more than happy to get this information out there on how to protect ourselves.
Just be careful and be smart. There are more hackers out there than we realize, who can find any one of us, even though we believe we are only a needle in a haystack, a one-in-a-billion chance of being hacked. Not so. By shear numbers alone, we each stand a pretty good chance of being hacked at least once or twice in our lifetime. And one successful hacking creates instant nightmares for not only you and I, but for just about everyone else who may be in any online address book we supposedly "own." Once they hack you, they own your account, and it's not an easy thing to regain ownership and control.
So don't pretend you're not a potential victim and they won't find you. They certainly are trying their best to find any weak spot they can in any online account you have. So get educated about knowing what hackers are capable of doing. Avoid being a victim by following safe guidelines while on the internet.
Thanks for reading. Please keep commenting and supplying further information if you have any.
PrintShare it! — Rate it: up down flag this hub
Comments
Eye opener to be sure. Nothing like being smacked up side the head and having to go through it, but now that I have, I'm glad to give others the heads up. Thanks for your comments, 4hourmike.
I had a woman that hacked into my account, and she lived in the same town. I turned all the information into the police department, including my password for that account. They took care of all the stuff that she was trying to scam people out of, and the credit cards that she had applied for .. under my email address. That was a mess. Sure glad you got back home in time to get control of all that stuff.
Wow - I read about your good news in the monthly HubPages newsletter - congrats on the article! That is waay cool :D
Your hub has excellent information - wish I had read it a few months ago...I made the mistake of clicking on a link I thought a friend had sent through MSN, and a hacker got ahold of my account. Fortunately I managed to get it back, pretty much the same way you did, only not as severe...but I can't run MSN on my computer anymore. I had all my friends delete my MSN addy from their accounts just in case, and now I use Yahoo for online chats (with friends.) My hotmail account still works as I managed to get it back and changed the password - fortunately they weren't as clever as your hacker, so nothing else was compromised...guess we live and learn LOL
Thanks so much for the information - good to know I followed your instructions :D
What I am wondering is... Would your email account have been saved if it had a strong password? In other words, did the spyware on the public computer revealed the password to the hacker? Or did the spyware only revealed the email address and the hacker still had to use extra software to crack the password? Because if the spyware had recordeded the public computer's keypresses, it might have revealed the actual password to the hacker, in which case having a strong password would not have helped. It would be scary if spyware can record keypresses and transmitt them to hackers. I wonder if that is a capability of spyware or not.
What a great informative and well written article. Thanks. I just learned a lot. Greg Spinks
Something to keep in mind - if you had used say a random unadministered PC ina hotel - a hacker..or more appropriately a scam artist can merely install a keylogger program, one can download these for free all over the internet - they record all key strokes and then mail the logs
If someone had in fact cracked your email, they should have a reason to put the effort into your account...in your case, i bet you got keylogged. I do know there are many programs that can quickly run through every possiblr combination BUT in the case of your hotmail..one can only do I believe 5 unsuccessful attempts before there is a forced delay...that would be very time consuming even with software assistance
usually, peoples accounts are easily compromised not by easy passwords but by easy pasword hints - what is my pets name? search social network for email - find profile - picture of my dog "bingo"
now your compromised
strong passwords have number and letters and capital and lowercase
A trick i use on password hints is to never answer the question asked, if it asks "what street do you live on" i go with "brown" easy to rememebr but not researchable
Excellent information here! This is one to bookmark and print for my files. Thank you!
Unless you have a free account on one of those Social Sites or free email account then you really need to be very careful where you logon from on the net.
Stay away from net cafes and public areas where there's apt to be hackers/crackers.
The best way to be secure onthe net is to have a private domain and hosting account. That way you can easily regain your account without a problem.
Stay away from free email services if you're a professional and using email for business.
I don't think they can hack into accounts as you have portrayed in the graphs above. The graphs are only relevant if they have your computer otherwise hotmail, gmail and all the other free providers of email will stop any computer from the net from repeated access to their servers in a very very short time.
Congratulations on your recognition and great article btw.
The article is very helpful. The link that lead to the "Time it takes to crack the code" was very interesting and enlightening.
Thanks for the comments everyeone. Peacefulparadox, yes, I think if my password would have been stronger I could have avoided a lot more risk. However, it's hard to know for sure depending on the kind of equipment the hacker may have. But a strong password is an obviously good defense.
Jon thanks for the additional info. You're right regarding free email accounts, and that provider accounts have a lot more firewall, filters and other protections that free email accounts don't have. The friend I travelled with has email accounts set up through a provider and he wasn't affected. That being said, for those of us who do have free email accounts because we don't have the benefit of a provider, the info here should be a great help to secure accounts and keep hackers at bay.
It's also good to remember the social network accounts still run the same risks for hackers, regardless of who your internet provider is. It's just important to be aware, get educated and figure out how to be safe on the internet. That's the biggest thing, I think.
Hi Daniel very interesting,thank you for the information. I am had a slight problem with my AOL email. I was able call my email provider. You are right about finding that needle in a hay stack. Thanks for the info.
It's interesting to note that I have denied a few comments because they are actually from hackers. One that came through congratulated me on such a great article, then proceeded to say that he hopes to incorporate everything he's learned and use it to his advantage. In checking out his link, it's evident that he's also a hacker. Truly psycho-weird stuff.
So beware, any information we can share with each other in a forum like this is also going to be used against us.
thanks for the great hub, very informative.
Thanks for stopping by, maribin.
Great info, and great to hear that you got your account back. One little thing I would mention, never ever never leave a password written down. I don't but my friend did, and lo and behold... same idea.
Wow. That's truly a reality check. I think you are so right on that one. Thanks for the comment and great advice!
Really really great hub. Thanks for sharing this with us. Usually people tend not to reveal what they gotten into. But this hub is truely an eye opener. And i really like your presentation too. Thanks for sharing.
Thanks for reading, aj's!
Amazing, i never knew something like this ever existed.
4hourmike says:
5 months ago
Wow! What an eye-opener. I travel extensively. I've been in Southeast Asia for the past year. I'm constantly logging on to unsecured networks all over the place. After reading your horror story, I've gone through and upgraded all of my passwords. Thanks for a great informational hub.