Sunday, July 17, 2011

My Friend's Been Hacked!

Have you ever received an email like this?



Subject: RE: URGENT RESPOND NEEDED‏

Hello,
I am sorry I didn't inform you about my traveling to Europe for a program called Empowering Youth to Fight Racism,HIV/AIDS,and Lack of Education,the program is taking place in three major countries in Europe which are Dublin,Scotland and England,I am persently in England,London.

I misplaced my wallet on my way to the hotel where my money,and other valuable things were kept.I will like you to assist me with a soft loan urgently with the sum of $2,800 US Dollars to sort-out my hotel bills and get myself back home.

I will appreciate whatever you can afford to send the money today.i'll pay you back as soon as i return,Let me know if you can assist. please use this information to send the money to me.I wait your quickly respond



I posted a copy of that email on my blog in February of 2009 (See: Traveler Scams: Email Phishers Newest Scam). Since that time ALMOST EVERY DAY I receive an email from someone thanking me for my post and telling me that one of their friends seems to have fallen victim. Then they say "What do I do next?"

Normally I tell them they need to contact their friend and have their friend report to their email provider that they have had their password stolen.

Please note that this is DIFFERENT than just getting a weird email that says it came from a friend. In this traveler scam, if you reply to the email, the bad guy will often reply with personal information about you "that only your friend could know." That's because they are actually in your friend's email account reading emails from you to try to find a way to convince you to wire them money.

Another indicator that someone may have had their email hacked is when there are several people on the "To:" or "CC:" line that you know your friend knows. When spammers randomly forge a "from" address, it doesn't necessarily mean they have stolen your friend's password, but when SEVERAL of your friend's acquaintances are in the "To:" line, it means the criminal has access to your friend's address book or email messages.

Hotmail: My Friend's Been Hacked!


Microsoft has just announced this week a new way that you can help your friend (if both of you use hotmail.) Dick Craddock writes in the "Inside Windows Live" blog on July 14th, Hey! My Friend's Account Was Hacked! about a new feature that is being offered to hotmail and live.com customers.

With the new feature, when you are reading the offending email, you can pull down the "Mark As" menu and choose "My Friend's Been Hacked!:



When you take the time to mark the message like that, it sends a high priority request to Microsoft to put this account "on hold." Now, there has to be some OTHER circumstances true as well, you can't use this to just cause trouble for people who annoy you, but when your report is combined with other factors about your friend's email usage -- such as sending an unusually high number of messages, or logging in from an IP in another country -- the account will be placed on hold.

That immediately stops the criminal from being able to use the account to send spam, AND let's your friend begin an Account Recovery Process the next time they try to log in.

Yahoo! and Gmail?


What if your friend doesn't use Hotmail?

Microsoft has now begun pushing the "My Friend's Been Hacked!" reports to Yahoo! and Gmail as well. So if YOU are a hotmail user, and your hacked friend is using Yahoo! or Gmail using the reporting mechanism on hotmail will still send an alert to Yahoo! or Google and let them know of the suspicious email you've received.

Hopefully this will become a new industry standard practice and we'll be able to send reports from any of our mail clients!

Here's some advice from other providers on what to do if a Friend seems to be compromised:

- Gmail: Report A Security Problem

- Google: How to Recover Your Email Account

- Facebook Security

- Yahoo! Account Helper

(If you have a suggestion of a better link, please let me know . . .)

No comments:

Post a Comment