An important bit of news. I’m not in Manilla. I haven’t been robbed. You don’t need to send me any money, all is well. I make this announcement because yesterday I had a bit of a surreal experience and got my accounts hacked. All of my e-mail contacts got sent the following message within 2 minutes of the villain gaining access to my e-mail account.
“Just hoping this email reaches you well, I’m sorry for this emergency and for not informing you about my urgent trip to Manila,Philippines but I just have to let you know my present predicament. Everything was fine until I was attacked on my way back to the hotel, I wasn’t hurt but I lost my money, bank cards, mobile phone and my bag in the course of this attack. I immediately contacted my bank in order to block my cards and also made a report at the nearest police station. I’ve been to the embassy and they are helping me with my documentation so i can fly out but I’m urgently in need of some money to pay for my hotel bills and my flight ticket home, will definitely REFUND as soon as back home .”
I made a few school boy errors that made hacking my accounts quite easy, but I wanted to share them with you to prevent the same thing happening to you. I was on Facebook at 2.00pm yesterday when a message popped up to say that I was logged out, and an e-mail on my yahoo account to say that I had requested a password change to my Facebook account. Before I could click the “not me” button the message disappeared and I was unable to log back in to Facebook because my password had changed. I went back to my e-mail and saw all the messages and contacts disappear.
I phoned my internet provider BT who responded quickly by taking control of my screen through remote log-in. Getting access in to my account they were able to identify that my default e-mail had been changed to firstname.lastname@example.org, and that all of my contacts, and anyone who had e-mailed me had been sent the e-mail, and anyone replying offering to help or questioning the message by e-mail had their reply going direct to the impostor. The message carried some credibility because it was sent from my account and in my e-mail template that others were familiar with. Because I was able to act immediately, this was blocked, the fake Yahoo default closed and they were able to pick up the IP address and location of the offending account. This detail was then forwarded to the police who responded whilst the “data robbery” was in progress, because the location was in London. I’m hoping they can make an arrest in this case, it’s just fortunate that I was live at the time.I await further news.
Whilst this was going on,I was getting a whole stream of tweets either telling me that my e-mail had been hacked or inquiring after my welfare.
@billboorman Hi Bill, your email just been hacked. Unless you really are in Manila
— Paul Harrison @Carve (@CarveConsulting) April 2, 2012
@BillBoorman Your email account appears to have been hacked. Got a message to say you were attacked in the Philippines and need cash.
— Alison Henderson (@Alisonscolumn) April 2, 2012
I also got a host of calls to authenticate the story and offer help if it was genuine. As I travel quite a lot to different places and I was robbed in Miami, when Facebook friends did come to my rescue, I guess the story was possible. Thanks in particular to Andy Hyatt who was the first to call, and posted on my timeline to warn people who I was not robbed and not in Manilla. In fact I was at home in Earls Barton.
In true social media fashion, once the drama was over the banter followed, including one message from Ryan Leary who posted on Facebook that he had just sent me $20k to rescue me and when was he going to get it back!
I have to say that BT were excellent in responding so quickly and getting me back on track. They are now in the process of restoring all my contacts and e-mails back. As far as I can tell, no one was duped in to sending money, and the police have something to go on. The scum bag gained access by registering an account via Yahoo live messenger, fortunately they did not have time to get beyond Facebook and my Twitter log in uses a different password.
My lesson is to tighten up my security. I had a simple to work out password because it was my children’s names and if you look at any of my social places you can find them and figure it out. Hackers go through your profiles and try things like names, company names etc to guess passwords, and most of us use something familiar as a password to make it easy to remember, and if it’s easy to remember, it’s easy to guess. Better to have different passwords, and something random that includes numbers, and is not referenced anywhere else. Might be hard to remember, but hard to remember is hard to crack. Dates of birth are also vulnerable because they can be found on Facebook. Use something that is not listed anywhere else.
If you are the low life who tried to rob my friends and you’re reading this, I hope you get caught soon, you are leaving a trail, and I’d be glad to give evidence against you. Thanks everyone else for your messages and concern, it reminds me that although we may only be connected on-line, it’s a real community. Button down the hatches, get your security in good order and if you do get a message asking for help, check in another channel before reacting. Apologies to anyone who was inconvenienced by my little adventure. In the words of Vinnie Jones at the end of Lock,Stock and 2 Smoking Barrels, “It’s been emotional.”
I learned about cyber security training courses and plan to attend as I believe there is more I should know about cyber security and its possibilities to protect my personal data.
If you are the one who hacked my accounts, this one is for you: