Join 3,512 readers in helping fund MetaFilter (Hide)


How to get rid of the phisher?
October 17, 2008 8:12 AM   Subscribe

Someone went phishing, and hooked my daughter. What can she do now?

I'm asking this for my daughter. Macbook, OSX. I know nothing about phishing so couldn't help her with this. I've been bragging about AskMe for years, so I offered to post this here. The rest of this post is from her.

- - - - - - - - - - - - - - - - - -

On 10/10 I realized that I couldn’t log onto a couple of wesbites I normally visit. Facebook wouldn’t accept my password, Hotmail
(different account than the email linked with facebook) wouldn’t accept my password and my bank’s website wouldn’t recognize my log-in name. I got confirmation from the bank that nothing was being used and I changed my Facebook password (which sends an prompt to the uncompromised email address) and was able to log on and use it until 10/15.

Last night I tried logging onto Facebook but the same problem arose where it wouldn’t recognize my password. I tried changing my password but still couldn’t log on. This morning I changed my password again and when I finally logged in I saw that there were about 15 messages sent from my name to various individuals. All of these messages looked exactly like this:

Hello Seller.

Good Day..How are you doing and hope that everything is okay...Actually i come across this your item you placed on site which i have interesting on buying it , kindly may i know present condition of this item including your latest price you are willing to sell it to me...in other for us to be able to able about this item i will be happy to read back from and you should kindly get back to me vai this email address...******@hotmail.com

Cheers


All of these messages were sent to people posting laptops for sale and the email was different than my own. I changed my bank log-on through the phone but I still cannot access my email (because I can’t remember the access question “who is your favorite teacher?” from when I started my email in middle school!). So I’d like to know if anyone has any advice or insight into my problem, or even something I could run to find/get rid of what is compromising my computer. Thanks so much for any help!
posted by iconomy to Computers & Internet (16 answers total) 5 users marked this as a favorite
 
1. Reset ALL passwords. All of them. All. ALL! And, make it nothing like the prior password
2. Notify your bank of the breach. Watch your credit reports closely as the perpetrators may just keep the information and use it at a later date.
3. Get adaware and the like and run it. I doubt your actual computer was compromised, but still, use protection.
4. Notify all people who got that email that you got cracked so they dont fall for it too.
5. Look for any email addresses added to your accounts and make sure they weren't changed.
6. Change all security questions. ALL OF EM! Use nonsensical answers, and write them down.

As for inability to get into your email, I would contact their support on the matter. Good luck, I hope you don't get burned any more than you have.
posted by Mach5 at 8:28 AM on October 17, 2008 [1 favorite]


Oof. No real advice for solving the current problem, but a comment on the problem of forgetting the answers to security questions -- either pick questions with definite answers (name of high school, city of birth, mother's maiden name, etc) or do what a friend of mine does -- put the exact same answer every time, no matter what the question is. So for example, always put the name of the city you were born in as the answer, even if the question is "What's your favorite color?"
posted by Rock Steady at 8:32 AM on October 17, 2008 [1 favorite]


Do you have an ebay account? If not, check to see if one has been created using your hotmail account ASAP and alert ebay that it's fraudulent.

Agree with changing every single password, even to web sites that might not seem to matter so much, and also to using the same answer to all the secret questions so you don't have to remember whether you abbreviated part of your high school's name on this site or who your best friend was when you set up that profile.

Flag and monitor your credit report and bank/card accounts.

Once you're through all of this, develop a password system. Use different passwords for different accounts--ie, do not use the same password for your email and Facebook accounts, and definitely don't use the same password for your email and bank accounts! It can get a little harder to remember, but it's infinitely more secure. You could also make each password a variation of the site, so gmail would be "gpassword", bank would be "bankpassword", facebook would be "fbpassword" and so on.

Good luck--it's a major headache.
posted by purplecurlygirl at 9:10 AM on October 17, 2008


Oh, that sucks. You have my sympathies--this exact happened to me last fall, only with Yahoo mail* and eBay. It's such a pain in the ass.

Seconding all of purplecurlygirl's advice, with some additional suggestions/commentary:

I would recommend calling the big 3 credit reporting agencies and seeing if you can put a 1-year freeze on your credit, which means that you'll be notified if anyone tries to open a credit card, etc., in your name. (However, if you're a minor, you might not be able to do this over the phone, but it's probably worth the effort to make the call anyhow, because it can affect your taxes, your FAFSA applications...)

You've probably already sent messages to the people the phisher contacted on Facebook, but just if you haven't, do so because if any of them complain, you could get booted off of FB for TOS violation.

Definitely check on eBay for your handle. Google your hotmail address, as well as the name that appears before the @ sign.

Use non-alphanumeric characters in your passwords if you're allowed to.

*I was able to find some secret 800 number for yahoo customer service, which was miraculous, but there doesn't appear to be anything similar for Hotmail.
posted by cowboy_sally at 9:27 AM on October 17, 2008


Oh, also, check Amazon, if you're already a customer.

Apparently the hotmail/Facebook hijack thing is not all that uncommon.
posted by cowboy_sally at 9:32 AM on October 17, 2008


Thanks so much for all of this good advice, everyone. This is exactly what she needs to know.
posted by iconomy at 9:34 AM on October 17, 2008


Also for the whole rember thing use "Stickies" it is a app. on mac that when on covers your computer with little stickies of any size you want. Then call one passwords and list the user name and password for all of your web sites. This will let you use nonsense words for passwords without worry of forgetting them
posted by CollegeNelson at 10:13 AM on October 17, 2008


CollegeNelson's idea is great, until someone else uses your computer and notices that your list of passwords is in plain sight.
posted by mikeh at 12:05 PM on October 17, 2008 [2 favorites]


For storing and searching notes on OS X, I recommend the wonderful (and free) Notational Velocity, which encrypts its data file and can be set to require a password on launch.
posted by D.C. at 12:27 PM on October 17, 2008


One thing I have noticed in the original post is that you reset your Facebook on the 10th, and it was re-changed again on the 15th.

That suggests to me that this wasn't a single phishing activity, but more likely someone has managed to install a program on your computer that is either (a) a keylogger (and thus stores every keystroke you make on the computer and send it to a remote site); (b) a proxy/intercepter (every information you send to a website goes through a third-party site first, and gets stored there, your info is then forwarded to the actual site so you never notice that your information is being intercepted).

So, before you follow Mach5's (reset all passwords) or CollegeNelson's (use stickies) suggestions, you need to make sure to do two things:
1. Use a different computer that you know is clean, to reset all the passwords.
2. Do not enter any of these passwords on your computer until you have someone with the appropriate computer skills test and clean your computer from spyware/rootkits/malware.

Otherwise, they will get every new password that you will set, since anything you type on that computer is likely being transmitted to a third party.
posted by tuxster at 12:43 PM on October 17, 2008


Thank you tuxster! Excellent observation.
posted by iconomy at 12:44 PM on October 17, 2008


Thinking further about your comment, tuxster - she called me in a panic a couple of weeks ago and told me that while visiting a lyrics site (I know, I know), a pop-up appeared on her screen and something started to install itself on her machine. She kept trying to close the pop-up and then kept trying to turn off her laptop, and couldn't. Finally she managed to power down, but when she turned the laptop back on, whatever it was continued to download (I *think*....not 100% sure about that part). I'm not sure of all the details, but I'll talk to her later.

I'll be the first to admit that I didn't think this kind of stuff (the pop-ups and auto-downloading, not the phishing) happened to mac owners. I've never owned one myself but did buy each of my kids a macbook, safety from this kind of thing being one of the main reasons.
posted by iconomy at 12:56 PM on October 17, 2008


I think tuxster is correct with the idea that it was not a phishing incident but rather that your daughter's computer was compromised and a keylogger or similar application was installed.

I'll be the first to admit that I didn't think this kind of stuff (the pop-ups and auto-downloading, not the phishing) happened to mac owners. I've never owned one myself but did buy each of my kids a macbook, safety from this kind of thing being one of the main reasons.

Unfortunately I think that what happened to your daughter will become a relatively common event amongst owners of Macs. Criminals (phishers etc) have become aware of what a lucrative opportunity there exists in targeting Mac owners who typically will be younger and more affluent than the average PC user. I read somewhere recently that more US college students own Macs than own PCs, and because of Apple's wonderfully successful marketing campaign there is a misconception that Macs are fundamentally more secure against these kinds of attacks.
posted by electricinca at 5:55 PM on October 17, 2008


I think this sounds like what might be currently on your computer: AppleScript.THT Trojan Horse.

I think it's worth a try to download and install MacScan, to see if it's capable of cleaning it up...
posted by tuxster at 7:41 PM on October 17, 2008


If your daughter is using Gmail or Yahoo, they both have support numbers that can be reached (these are a bit hard to track down however...) that can help with lost passwords / security questions and help you regain access to your account.
posted by perpetualstroll at 8:07 AM on October 18, 2008


Yep. I think you're right, tuxster - that's it. And she uses both iChat AND Limewire, the two programs mentioned in the article. We had a pc that had to be trashed due to a virus sent via Limewire, and she installed it on her mac despite my advice to never use it again. Huh. Mom was right. Who would have thought ;) Thanks again for your insight!
posted by iconomy at 9:12 AM on October 18, 2008


« Older Looking for movie scenes that ...   |  Our dog died yesterday... shou... Newer »
This thread is closed to new comments.