Yeah Right.

So First thing this morning get a call from my dad... His email has been HACKED!!! Sure enough get to work and login, there is the please help I need money email staring back at me :-).

I pulled the originating IP from the Header of the email and low and behold it came from Nigeria.

Since this is his primary email for his DSL account I guess the next step is to call AT&T and have them kill the email address so he can create a new one. Also gonna get him to create a gmail or something too so he's not using the AT&T one anymore.

Any thoughts on what else to do? Have a Nice Day :-)
[Reply]

He didn't give his bank account to a Nigerian prince that is going to prison and needs to hide his fortune somwhere did he?

Sorry, I know this isnt funny. I know alot of people lately have had their e-mails hacked. I received a few e-mails from friends about how much better their sex life is now after trying a new drug, they included a link because they are very thoughtful friends.
[Reply]

I don't think there is much else to do Justin other than what you've already listed.
Something similar happened to my aunt, I got a 'help me I'm stuck on holiday, wallet, phone etc stolen'. I replied to the email and said 'tell me how we know each other and I'll send you the money'........it was an amusing exchange.

Hopefully it's just a case of them getting the email addy's for his contact lists and nothing else. That's generally what I've seen happen in cases like this.

It's amazing to think that this scam must work or why would it continue to happen so often. Hope everything works out ok.
[Reply]

Nobody was hacked. Hacking implies someone got into the email account and obtained personal information.

Email addresses are culled and used for spam, scams, and junk (e)mail. Happens all the time. Good luck trying to stop it. Some ISPs have better spam filters than others.
Posted via Mobile Device
[Reply]

How considerate of them :-)

Apparently my dad is trapped in Spain and needs $1,833.24 USD to settle his hotel bill sent to some website that looks totaly legit.... :-)
[Reply]

First step is to log into his account (if he can and reset the PW) make it something hard and I mean hard. Something like jwidl&sj24kem (you get the point). He may not like it but try it and write the password down.

if he can't log in then get in touch with AT&T and they maybe be able to reset the pw and recover control of the account.

My hotmail was hijacked twice ... the third time the pw was similar to above and remains so today ... no problems for a while now.
[Reply]

I agree that all that has happened is that a password was compromised. If he had any personal information in email archives in that account, etc, well, then he may be well and truly screwed.

I agree with the idea of making the password hard and that it is okay to write it down, especially if he pretty much only uses it from home - although sticking it in your wallet behind your drivers license (or similar) is fine as well.

Don't rely on the originating IP. IP injection and email injection are trivial to do. If I was doing something like this, I'd use a Nigerian IP address just to give a nod to those who figured it out.

The important thing to figure out is how the password was compromised. Was it just a brute force attack and he was using a weak password or perhaps his computer was infected with malware and his data was harvested from there or maybe he was foolish enough to use a public use computer that wasn't secure or ... You get the idea.

Oh well, back to prepping the course I am teaching next term. A grad CS course in secure programming...

quick edit: here is an acceptable set of hints for creating passwords. Don't give much credence to the first section "Tips" but the next two sections are really good. Mnemonic devices are your friend!
http://www.cs.umd.edu/faq/Passwords.shtml
[Reply]

I'm confused.
Did the Nigerian plea come from Dad's email addy? Or did Dad receive the email from an unknown sender?
Posted via Mobile Device
[Reply]

Oh, and finally (I promise). I recommend gmail and set up the account so that it will only connect using HTTPS (secure HTTP using the openSSL toolset). I also recommend that, if possible, set up your home computer to connect using IMAP (over a secure connection) and delete the messages off the server after downloading. Of course, if that is totally inconvenient, you can do something else, that's just my recommendation, and it is worth every penny that you paid for it as well!
[Reply]

I was hacked (or whatever you want to call it) into a few weeks back...couldnt figure out which website I was on that caused the leak or that was hacked but anyway all I did was change my password and all the fake emails stopped :-) No harm no fould in my case just all sorts of crazy emails sent from my account about viagra and all sorts on nonsense.
[Reply]

It went out to his entire contact list from his addy. On top of that once I finally got into the acct it had been wiped clean no mail no contacts just like a brand new acct. I have changed the password and set one of my side accts as the backup in all of the options. Hopefully this won't happen again at least not any time soon.
[Reply]

I misunderstood your original post. My apology.
I hope your efforts to prevent it from happening again are successful.
Posted via Mobile Device
[Reply]