As I dashed to run no more than 40 minutes’ worth of errands, identity thieves—mostly likely from Nigeria*—invaded my email account(s) and unleashed a frenzy of fraudulence.
They’d clearly been poised for the takeover. Within 30 minutes of my last sent email (3:03 p.m.) and less than 15 minutes from the time I stood up from my desk (approximately 3:15 p.m.), my archived files show that the hackers began sending out their rogue “I’ve been mugged in the UK; please wire money!” message to my entire contact list (3:33 p.m.). They sent the false plea out in 25 batches to “undisclosed recipients.”
Yet before they started sending the highly implausible message, they’d actually wreaked the most havoc by hijacking my accounts (this hacking affected multiple accounts because I use one interface to access all four of my paid, Yahoo! Small Business accounts as well as my free Yahoo! account), changing the password and altering settings within my email management system. They’d observed which of the five accounts was my primary email and were certain to use that one to do their damage.
When they finished pummeling my contacts, they exported my entire 9.5-year old contact list, deleted it from my system, then set about trashing bounce-backs and responding to replies some of my colleagues had already begun sending. When one long lost contact (it was a really old email list!) retorted tongue in cheek “$10,000 on its way”, the hackers responded “thank you please hurry.” I could see the trail of all this activity because I have my email set to save all sent messages and the trash file was still full.
As I was returning to my home office from my brief errand (3:45-ish), I began receiving calls from friends and colleagues. “Irene, you’ve been hacked!!!” I had just a mile and a half left to get back to home base, but it was the longest journey ever. I live online. My email is the lifeblood of my business. Any compromise to this system is detrimental to my productivity…to my livelihood.
Back at my desk, I immediately saw that my email login was null and void and started frantically googling for a Yahoo! phone number. Miraculously, I unearthed one rather quickly (“miraculously” because Yahoo! does everything it can to divert customers from actual human interaction). As I struggled to attain resolution with the person from Yahoo!’s call center, I opened a new browser and discovered my Facebook account was also hijacked.
In the ultimate of adrenaline-infused multitasking, I maintained contact with Yahoo!’s call center and managed to regain control of my Facebook account (I’ll explain how in another blog post).
Thankfully, I have a rarely-used Gmail account by which the Yahoo! rep could send a fresh account verification. With that contortion, I was able to click through and reset my password to regain control of my account. Back inside, it was like coming home to find the place ransacked.
I spent all night and the rest of the weekend fielding calls and messages from contacts far and wide, new and old. The nature of the calls fit into two categories: those who wanted to warn me I’d been hacked and those who thought it might be a hoax but just wanted to talk to me to make sure all was well.
Mind you, I did have one contact who thought with his heart first and wired $500 before reaching out by email or phone to verify my whereabouts. Thankfully, he was able to halt the transfer. I shudder to think how close the thieves came to stealing money from someone so kind-hearted.
Less than one week after my horrific hacking, a fellow Yahoo! email user whose name had been harvested from my contact list was also hacked—on email and Facebook. Frankly, his saga turned out to be a much longer, even more intrusive situation. The hackers managed to camp out for hours in his accounts. They changed all his settings, associated a false email with his Facebook so he had no authority to ‘get back in’ and even set up his email to forward to a false email address that was just one letter off from his real email. This trickery was intended to enable the hackers to engage contacts in extended exchanges that might be more convincing. Thankfully, it didn’t work.
With the full story now recounted for you, I’ll now be offering posts about how this could also happen to you and how you can protect yourselves and your information. Don’t think that this happened to me just because I’m so highly active online. This could happen to any human with an email account.
Look for my next posts. Please-please-please read and take heed!
Back to you shortly…
* – Email hacks are often traced back to Nigeria. I feel strongly this is accurate for my case because of some information unearthed by my friend who was hacked just days after me.