Hackers

inspirespirit

I've been hacked !!!
I have 2 email accounts. One I use daily and 1 that I check every now and again (left over from when I used to use AOL as ISP). I also used to use Twitter but got fed up with it.

Well, yesterday one of my Twitter followers told me my account was active with someone sending 'Work from home, click here', and 'I've earned 350$ today, to do the same, click here', type messages, every single day.

So, I then tried to access my twitter account and couldn't. Ask Twitter to resend password change details to my account (which happened to be my old aol account). Couldn't get into my aol account either. aaarrggg.

Eventually, after phoning aol etc. i got into my old aol account and was able to sort out twitter. Then checked through all the emails. There are loads on there as I obviously have 'reply by email notifications' on this board and a couple of other forums I am on. so trailed through and then noticed that the WHOLE of July is missing. My emails go straight from May 25th To beginning of August !!!!

My son thinks someone has used that account for the whole of that month and then deleted everything they did.

As it happens, I am 3 years into a bankruptcy, so the chances of anyone being able to open a bank account, credit card etc., should be zilch, cos I still cannot even get a mobile phone on contract, let alone anything else. I have one bank account which is a very simple account purely to pay direct debits.

Just worried now cos I don't know what else they may have done.
Any thoughts please? :mad:

leemoss

Changing all your passwords, secret questions, secondary email addresses associated with your accounts is the best thing to do straight away. Also make sure you do the same for other accounts which may use the same email address/password combination such as facebook or for any accounts which have sent emails to the hacked mailbox.
I would guess only AOL/your email provider could get the emails back but I wouldn't hold too much hope.
I'd also do a full virus/spyware scan on your computer to check for keyloggers/trojans.

RussJK

Sorry to hear it, do as per leemoss's post. If you had a 'weak' password, then that might explain things.

Malwarebytes Quick Scan (feel free to post a log):
http://www.malwarebytes.org/mbam-download.php

Hijackthis log to rule out common trojans:
http://www.users.on.net/~russ/hjt/

itsadoozy

As a security professional, I agree with the above tips. The key is to now change all your online passwords, and ditch the AOL account. Set-up a new email account, and ensure that each password you have is unique to each on-line service you access. The biggest mistake users make is having simple passwords, then using it on multiple logins. Even a difficult password used on multiple account is weak security.

Come up with a unique way of remembering your passwords for each service. I recommend coming up with a phrase only you know or can remember (The Rain In Spain Stay Mainly On The Plain) take the first letters of your phrase (trissmotp), Capitalise one or more letters, change a letter of two to numbers and add something that associated the password to the service.

Here's an example of a strong password to access your Amazon account: Tr1s5montpaN (where aN is the first and last letters of Amazon).

The same method can be used for Banking with Halifax, but because you've got a method, you decide for important accounts you reverse the service initials : Tr1s5montpXh (Xh = Halifax letters backwards). You can elaborate many different ways, but try the phrase method first.

The key is to have a strong password you can remember, without the need to write it down or save in a text file on your PC or device.

For regular free accounts you register while browsing the web or subscribing to things, don't use your regular method, as you often have less trust with these accounts, and don't want to give the system admins one of your codes, which they may well break, especially if you register to two of their dodgy services. Come up with regular password perhaps just using the phrase code without the service initials : Tr1s5motp

After 6 to 12 months, come up with a new phrase and reset all your passwords to keep ahead of the hackers.

Hope this helps.
Dave

inspirespirit

thank you. I have spent all day changing passwords. Have phoned the bank. I've run a scan.

Dave that is a clever way of remembering passwords. Thanks very much.

S0litaire

As always here is a timely Cartoon from XKCD regarding passwords: lol

itsadoozy

Excellent !! I think I will steal that for future presentations... did I say steal ? I meant ..... re-use. What's the original source of the image?

Cheers Dave

S0litaire

It's a site http://xkcd.com
it's a cartoon site, new cartoon every monday, wednesday and friday.

Naf

S0litaire wrote: »

It's a site http://xkcd.com
it's a cartoon site, new cartoon every monday, wednesday and friday.

And a pretty neat iPhone app

joe134

inspirespirit wrote: »

I've been hacked !!!
I have 2 email accounts. One I use daily and 1 that I check every now and again (left over from when I used to use AOL as ISP). I also used to use Twitter but got fed up with it.

Well, yesterday one of my Twitter followers told me my account was active with someone sending 'Work from home, click here', and 'I've earned 350$ today, to do the same, click here', type messages, every single day.

So, I then tried to access my twitter account and couldn't. Ask Twitter to resend password change details to my account (which happened to be my old aol account). Couldn't get into my aol account either. aaarrggg.

Eventually, after phoning aol etc. i got into my old aol account and was able to sort out twitter. Then checked through all the emails. There are loads on there as I obviously have 'reply by email notifications' on this board and a couple of other forums I am on. so trailed through and then noticed that the WHOLE of July is missing. My emails go straight from May 25th To beginning of August !!!!

My son thinks someone has used that account for the whole of that month and then deleted everything they did.

As it happens, I am 3 years into a bankruptcy, so the chances of anyone being able to open a bank account, credit card etc., should be zilch, cos I still cannot even get a mobile phone on contract, let alone anything else. I have one bank account which is a very simple account purely to pay direct debits.

Just worried now cos I don't know what else they may have done.
Any thoughts please? :mad:

Hi, I am with aol, long time, and onereason I don,t move is E-mail address change.Got a g-mail also.However, Is Aol, still your ISP/ if not, how have you still got access to Aol e-mails? Can you retain it after moving to another ISP? Sorry to know you were hacked,I have been a victim myself, it,s awful;

inspirespirit

Joe, you can retain your aol email when you move. I was with aol for many many years but I was paying a phenomenal cost for my broadband (26 per month). When I told them I was moving they didn't offer me a better price (this was about 2 years ago), so I moved to BT. I now get my broadband and phone plus line, including free anytime landline calls for 26 pounds per month.
I have an email account with aol and also a gmail. They were actually really helpful when I rang them about being hacked, even though they are no longer my ISP.

Solitaire - great cartoon. Thanks.:)