My buddy got hacked...so I played CSI.
I had a buddy on Facebook who I believe got hacked...and since his email password (I assume) is the same as his facebook...these people got into his yahoo account and sent me the following email:
>>>I'm writing this message with tears. I made a quick trip to United Kingdom with my fam. and we got mugged at the park of hotel where we stayed. worse of it was that our bags, cash and credit cards were all stolen at GUNPOINT leaving us penniless right now.
It's was a horrible experience. need help flying back home and the authorities are not being 100% supportive but the good thing is that we still have our passports. we need some cash to settle our bills and get on flight back to the state.was wondering if you can loan me some money and i promise to pay back. please let me know if you can help.
I'm freaked out at the moment.. <<
The above email piqued my 'spammy-sense' and so I put it away in my head. What led me to this was the way it didn't say "Dear Will, (Or Dear Bill)" and while Gary is an old high school buddy who I'd help without thinking twice if I could...ew're not at the 'I need to borrow money' stage of our friendship so this seemed out of left field for him. But I resolved to DM him in FB to try and verify.
I was incredibly surprised when I logged into Facebook this morning and Gary went ahead and IM'ed me. The below is our IM conversation.
>>IM Conversation
hi
9:59am
Hey bro
Just about to message you
Got an email that looked like spammage.
10:04am
i went it to you
10:04am
Oh...
10:05am
is real i sent you that
10:09am
Cool...what do you need?
<<
OK...here is where my 'spidey sense' went off again. I noticed Gary's english seemed a bit...off. Now if he was on a cell phone in Heathrow I thought...it could be POSSIBLE he's typing 'short hand'...but I was still skeptical here. I decided to 'play along' in case he was REALLY in trouble...BUT...I also decided to lay a trap for him.
>>IM Conversation Part Deux
10:10am
All i need is some $$
10:10am
How much?
10:11am
$1,500
10:11am
That would be tough to get bro.
I might be able to swing something...but have to look.
On a related note...did you talk to Mr. White our old Choir Director? you and he are on really good terms right???
10:13am
yes that we be enough for me to get back home and i promise as soon as i get back home i am going to refund it back to you
10:13am
I can maybe get half. Want me to call Mr. White to see if we can get more?
10:13am
Okay fine
how much can you spare me with right now
because our fight leaves in the next 1 hour from now
<<
Anyone who knew me in High School knew where I laid the trap...but our Choir Director WASN'T Mr. White...it was Mr. Ford (and ANYONE who took classes with 'jolly Jim' as we used to call him would NEVER forget that...). Him saying 'Fine'...told me EVERYTHING I needed. Someone had hacked Gary's account AND his email and was trying to be sneaky.
I must say I started feeling PRETTY good right here. LIke A-HA...I GOT YOU NOW SUCKA!
>>>IM Message Part 3D:
10:15am (Me)
I would do that
if you were Gary
We didn't have a Mr. White as our Choir Director. I know you'd know that.
I've contacted Facebook regarding your fraud.
Thank you
10:16am
I have contact Mr.white he said his going to send me some $$ too
10:16am
There IS no Mr. White.
that was a ruse to see if you were Gary and this chat has been archived and forwarded to Facebook.
10:18am
okay
so are you going to loan the $$
right now?
(Will's Note...SERIOUSLY?!?!?! Clueless much???)
10:18am
No.
Again...you're not Gary
Stop trying to trick me.
<<
At this point I put Gary in my 'No Chat' list I have on Facebook for those friends who are big on chatting with me during the day and take it personal if I seem to never respond back (usually cause FB is open on one of my other machines and I'm not REALLY looking at it...). That way he wouldn't see me.
I then contacted Facebook's help section...in there they have a name for this particular scam called a '419 Scam' where someone impersonates a friend on Facebook asking for money to be wired. I reported this and actually PASTED the chat to them. I got the following back in like 7 minutes:
>>>Begin Epilogue Note:
Thank you for bringing this to our attention and for providing such clear details for investigation. We have now taken the appropriate action to secure this person's account.
In order to resolve this matter, please ask Gary to view the Security section of Facebook's Help Center:
http://www.facebook.com/help.php?page=420 (Note by Will...keep all jokes about the page number to yourselves please. :) )
From here, he can take immediate steps to contact us and reestablish ownership of the account.
Thanks for contacting Facebook,
Donna
User Operations
Facebook
<<
I'm posting this blog to remind you all out there how EASY it is to be hit by something like this. Either as a victim of the fraudulent party or as an avenue to hit your friends. As I work in IT...even I don't follow GOOD password guidelines. (Most of my passwords follow the SAME structure...and if you got into one...you'd get into ALL). SO! What do you do?
First; If you have a good secure password...use it for 1 (MAYBE 2) things ONLY. Don't use it for EVERY SINGLE email, Facebook, MySpace, Bank Account etc. I would really take the number of things you have passwords for and divide by 2 maybe as to how many secure passwords you need...and make them REALLY secure (Caps and lower-case, at least 1 number, 8 characters MINIMUM and don't use REAL words (unless they're backwards).
Second: Avoid encryption that EVERYONE knows. Using a Zero for an o in a word, a 3 for an E, a + for a t...etc. Having hard passwords is tough to remember...but as Gary may be able to tell you...if he didn't use the same (or similar) password for his Yahoo Mail...he wouldn't have been hit as hard.
Third: Finally...if you need to keep password notes in hard copy...then do so smartly. Think of words that RELATE to your password. So if you have a sheet...say put 'Facebook = Dog sideways 4 digits European' Now...here's where I"d think. In my head I'd know that I was talking about my first girlfriend's first name backwards...(I don't use this by the way...so don't think you have me). If someone got this sheet...they may try one of my old dog's names with perhaps a 1234 at the end. Bypassing the sideways (which would tell me the word was backwards). In truth this password would have been A$iL09102009' It was her name backwards, with 8 digits of the date/year I made password in american notation. Again...this is pretty advanced...but the point I'm making is...if you keep notes...there isn't ANYWAY a person would get that sheet and be able to decipher it...but you would because in your head you would know that sideways meant backward...dog may be what you thought of the person after years of therapy trying to get over them not calling you back, and 4 digits means 8 to you which would lead to date and European would throw them off the trail of the order of the digits (if they hacked the system you're using and saw when you set password).
Fact is whatever works for you is fine. I just want to suggest you KEEP yourselves safe. Making passwords even on Facebook of your kids, dog, wife etc's names with a few numbers is NOT going to work...ESPECIALLY if it's a password you're kinda proud of...and decide to use for your email and God-Forbid...bank as well. Even I've learned...recently my hotmail got hacked and it had my 'all use' password...well the person who hacked it got THEIR email address set as the password reset...I had to jump through a TON of hoops...and that Hotmail was where I have all my SPAM sent and my Paypal information. Needless to say I went and changed ALL my passwords and jumped through 30 hoops with Microsoft to get it cleared.
On a final note...my best friend Steve has a spreadsheet that I send him regularly (or mean to...I need to update and get to him)...this spreadsheet contains ALL my login information with Passwords to the bill sites I pay, Facebook, Email...everything but the bank (because Deb has that information). I highly recommend you do this. The sheet exists for ONE reason. If something were to happen to me...he is to give that file to Debi...so she can notify our debtors, and mostly...my online friends that I'm gone. I highly recommend that if you feel uncomfortable giving such a file to your spouse directly (and in truth...I'm debating keeping Steve in the know solely as a 'if Deb and I go together' thing...and just giving this file to Deb outright)...then find a good friend whom you know would A: Never abuse that...and B: know how to store it so that it doesn't get hacked (not just a flash drive...but CDROm or something. DON'T just keep it on your PC to be hit in an attack). I know that if something were to happen to me...one thing Deb would think about is how to let my online/old/high school/college friends KNOW I was gone. I don't want her to have to SEARCH through things...so I'll make it as easy as I can. If you haven't done this...take the time. Talk with a good friend...and set it up. Keep it updated...and hopefully when our time is up...your family will know what to do to pay bills and let those you care about in Cyberland know you're gone.
Thanks for reading...(and Gary...change your frigging password).
>>>I'm writing this message with tears. I made a quick trip to United Kingdom with my fam. and we got mugged at the park of hotel where we stayed. worse of it was that our bags, cash and credit cards were all stolen at GUNPOINT leaving us penniless right now.
It's was a horrible experience. need help flying back home and the authorities are not being 100% supportive but the good thing is that we still have our passports. we need some cash to settle our bills and get on flight back to the state.was wondering if you can loan me some money and i promise to pay back. please let me know if you can help.
I'm freaked out at the moment.. <<
The above email piqued my 'spammy-sense' and so I put it away in my head. What led me to this was the way it didn't say "Dear Will, (Or Dear Bill)" and while Gary is an old high school buddy who I'd help without thinking twice if I could...ew're not at the 'I need to borrow money' stage of our friendship so this seemed out of left field for him. But I resolved to DM him in FB to try and verify.
I was incredibly surprised when I logged into Facebook this morning and Gary went ahead and IM'ed me. The below is our IM conversation.
>>IM Conversation
hi
9:59am
Hey bro
Just about to message you
Got an email that looked like spammage.
10:04am
i went it to you
10:04am
Oh...
10:05am
is real i sent you that
10:09am
Cool...what do you need?
<<
OK...here is where my 'spidey sense' went off again. I noticed Gary's english seemed a bit...off. Now if he was on a cell phone in Heathrow I thought...it could be POSSIBLE he's typing 'short hand'...but I was still skeptical here. I decided to 'play along' in case he was REALLY in trouble...BUT...I also decided to lay a trap for him.
>>IM Conversation Part Deux
10:10am
All i need is some $$
10:10am
How much?
10:11am
$1,500
10:11am
That would be tough to get bro.
I might be able to swing something...but have to look.
On a related note...did you talk to Mr. White our old Choir Director? you and he are on really good terms right???
10:13am
yes that we be enough for me to get back home and i promise as soon as i get back home i am going to refund it back to you
10:13am
I can maybe get half. Want me to call Mr. White to see if we can get more?
10:13am
Okay fine
how much can you spare me with right now
because our fight leaves in the next 1 hour from now
<<
Anyone who knew me in High School knew where I laid the trap...but our Choir Director WASN'T Mr. White...it was Mr. Ford (and ANYONE who took classes with 'jolly Jim' as we used to call him would NEVER forget that...). Him saying 'Fine'...told me EVERYTHING I needed. Someone had hacked Gary's account AND his email and was trying to be sneaky.
I must say I started feeling PRETTY good right here. LIke A-HA...I GOT YOU NOW SUCKA!
>>>IM Message Part 3D:
10:15am (Me)
I would do that
if you were Gary
We didn't have a Mr. White as our Choir Director. I know you'd know that.
I've contacted Facebook regarding your fraud.
Thank you
10:16am
I have contact Mr.white he said his going to send me some $$ too
10:16am
There IS no Mr. White.
that was a ruse to see if you were Gary and this chat has been archived and forwarded to Facebook.
10:18am
okay
so are you going to loan the $$
right now?
(Will's Note...SERIOUSLY?!?!?! Clueless much???)
10:18am
No.
Again...you're not Gary
Stop trying to trick me.
<<
At this point I put Gary in my 'No Chat' list I have on Facebook for those friends who are big on chatting with me during the day and take it personal if I seem to never respond back (usually cause FB is open on one of my other machines and I'm not REALLY looking at it...). That way he wouldn't see me.
I then contacted Facebook's help section...in there they have a name for this particular scam called a '419 Scam' where someone impersonates a friend on Facebook asking for money to be wired. I reported this and actually PASTED the chat to them. I got the following back in like 7 minutes:
>>>Begin Epilogue Note:
Thank you for bringing this to our attention and for providing such clear details for investigation. We have now taken the appropriate action to secure this person's account.
In order to resolve this matter, please ask Gary to view the Security section of Facebook's Help Center:
http://www.facebook.com/help.php?page=420 (Note by Will...keep all jokes about the page number to yourselves please. :) )
From here, he can take immediate steps to contact us and reestablish ownership of the account.
Thanks for contacting Facebook,
Donna
User Operations
<<
I'm posting this blog to remind you all out there how EASY it is to be hit by something like this. Either as a victim of the fraudulent party or as an avenue to hit your friends. As I work in IT...even I don't follow GOOD password guidelines. (Most of my passwords follow the SAME structure...and if you got into one...you'd get into ALL). SO! What do you do?
First; If you have a good secure password...use it for 1 (MAYBE 2) things ONLY. Don't use it for EVERY SINGLE email, Facebook, MySpace, Bank Account etc. I would really take the number of things you have passwords for and divide by 2 maybe as to how many secure passwords you need...and make them REALLY secure (Caps and lower-case, at least 1 number, 8 characters MINIMUM and don't use REAL words (unless they're backwards).
Second: Avoid encryption that EVERYONE knows. Using a Zero for an o in a word, a 3 for an E, a + for a t...etc. Having hard passwords is tough to remember...but as Gary may be able to tell you...if he didn't use the same (or similar) password for his Yahoo Mail...he wouldn't have been hit as hard.
Third: Finally...if you need to keep password notes in hard copy...then do so smartly. Think of words that RELATE to your password. So if you have a sheet...say put 'Facebook = Dog sideways 4 digits European' Now...here's where I"d think. In my head I'd know that I was talking about my first girlfriend's first name backwards...(I don't use this by the way...so don't think you have me). If someone got this sheet...they may try one of my old dog's names with perhaps a 1234 at the end. Bypassing the sideways (which would tell me the word was backwards). In truth this password would have been A$iL09102009' It was her name backwards, with 8 digits of the date/year I made password in american notation. Again...this is pretty advanced...but the point I'm making is...if you keep notes...there isn't ANYWAY a person would get that sheet and be able to decipher it...but you would because in your head you would know that sideways meant backward...dog may be what you thought of the person after years of therapy trying to get over them not calling you back, and 4 digits means 8 to you which would lead to date and European would throw them off the trail of the order of the digits (if they hacked the system you're using and saw when you set password).
Fact is whatever works for you is fine. I just want to suggest you KEEP yourselves safe. Making passwords even on Facebook of your kids, dog, wife etc's names with a few numbers is NOT going to work...ESPECIALLY if it's a password you're kinda proud of...and decide to use for your email and God-Forbid...bank as well. Even I've learned...recently my hotmail got hacked and it had my 'all use' password...well the person who hacked it got THEIR email address set as the password reset...I had to jump through a TON of hoops...and that Hotmail was where I have all my SPAM sent and my Paypal information. Needless to say I went and changed ALL my passwords and jumped through 30 hoops with Microsoft to get it cleared.
On a final note...my best friend Steve has a spreadsheet that I send him regularly (or mean to...I need to update and get to him)...this spreadsheet contains ALL my login information with Passwords to the bill sites I pay, Facebook, Email...everything but the bank (because Deb has that information). I highly recommend you do this. The sheet exists for ONE reason. If something were to happen to me...he is to give that file to Debi...so she can notify our debtors, and mostly...my online friends that I'm gone. I highly recommend that if you feel uncomfortable giving such a file to your spouse directly (and in truth...I'm debating keeping Steve in the know solely as a 'if Deb and I go together' thing...and just giving this file to Deb outright)...then find a good friend whom you know would A: Never abuse that...and B: know how to store it so that it doesn't get hacked (not just a flash drive...but CDROm or something. DON'T just keep it on your PC to be hit in an attack). I know that if something were to happen to me...one thing Deb would think about is how to let my online/old/high school/college friends KNOW I was gone. I don't want her to have to SEARCH through things...so I'll make it as easy as I can. If you haven't done this...take the time. Talk with a good friend...and set it up. Keep it updated...and hopefully when our time is up...your family will know what to do to pay bills and let those you care about in Cyberland know you're gone.
Thanks for reading...(and Gary...change your frigging password).
Comments