Join 3,557 readers in helping fund MetaFilter (Hide)


Two separate online email accounts have been broken into within six months.
September 13, 2010 5:06 AM   Subscribe

Two separate online email accounts (Hotmail then Gmail) of my wife's have been broken into within six months. Each time the hijacker changes the password, sends a message to the contact list asking for some emergency money, then deletes the contact list. Any idea why my wife would be targeted? And what should she do to protect herself from now on?
posted by markcmyers to Computers & Internet (14 answers total) 2 users marked this as a favorite
 
do a virus check! check out www.bleepingcomputer.com and they will help you do a hijackthis log!

You probably have a keylogger
posted by freddymetz at 5:13 AM on September 13, 2010 [1 favorite]


not sure she was targeted, has she entered her credentials into any third-party form from facebook or other services, often they ask for email account credentials "to see if your friends use this too" etc... or, she was phished and thought she was going to her hotmail account.

If she can confidently say she has not done any of this, i'd look to see if she has a trojan or keylogger on her system. If so, consider doing a deep clean of her systems.
posted by fozzie33 at 5:14 AM on September 13, 2010


Most likely, she's targeted because her password is easily guessed or accessed, although as noted the PC could have a virus or she's susceptible to phishing attacks. She should be using a strong password (random mix of upper and lower case letters and numerals), and change it often (every three months). Do the same for your PW retrieval questions - IOW, don't supply your actual mother's maiden name, or where you went to high school, but something else that you can remember but that's not discoverable by hackers. And when you set up a new account, print out and delete immediately the confirmation email you receive, so that hackers can't get at it and use it to access more personal info.
posted by beagle at 5:15 AM on September 13, 2010


Obvious, but did she use the same user name and/or password for both accounts?
posted by anaelith at 5:48 AM on September 13, 2010


I hope you don't do any internet banking from that computer. We need more information - how computer literate is your wife? How is her computer hygiene. I confess, my initial thought was "you ha-ave a key logger!" - but that's merely because if something like that happened to me, it would almost certainly be the only way it could happen. Your wife may be clicking on phishing emails - that is, emails designed to look like official emails from hotmail or whatever, but actually hacker emails - or having a crazy-easy password, or added her email to a list, or a source that is less than pure.
posted by smoke at 5:50 AM on September 13, 2010


Was your wife's password a simple word or a date that could be guessed by a dictionary attack?
If so, I am guessing this may have happened to her hotmail account.

Did she change her passwords after her hotmail account was broken into? If not, the person who broke in may have guessed that this user was using the same password on other email accounts.

If any of the above is true, your wife should be using stronger passwords. There are many ways to do this. One is to think of a short somewhat nonsensical phrase that only means something to her and use the first initial from each word.
posted by vacapinta at 5:51 AM on September 13, 2010


Do all four of these things:

1. Make sure she uses a proper password
2. Do not re-use the email account password with other online services. Your email password is your master password.
3. Make sure the secret question answer is very difficult to guess. Write it down and store it in a safe.
4. Do not run your computer as Administrator for day to day use.
posted by devnull at 5:53 AM on September 13, 2010


then when you've done those:

5. Make sure Automatic Updates are enabled.
6. Install Secunia PSI
posted by devnull at 5:56 AM on September 13, 2010 [1 favorite]


Just to be clear, this is a totally automated process that people try on thousands of accounts at once. It's not that someone has any particular interest in hurting your wife.
posted by miyabo at 6:37 AM on September 13, 2010 [1 favorite]


call your ISP and get your IP address changed - it's prolly dynamic anyways. but AT&T will sometimes give a free static IP address with their highest level of service. i'd prolly check my machine for rootkits. Then I'd format and reinstall. Hell, i might replace the HDD completely. Do a complete system reinstall. Then build all new online identities with 12 character passwords that include non-dictionary terms, punctuation and capitalization.

Nuke it from space, it's the only way to be sure.
posted by Davaal at 6:38 AM on September 13, 2010


This happened to me recently. I was traveling, and I'm pretty sure it was one of the youth hostel computers I used (even though I was usually very careful about entering my passwords on their machines for this very reason).

Seconding what miyabo has said - this is totally automated, not someone trying to target her specifically.

The only other piece of advice I would add is that I'm not sure this is generally a virus - I know quite a few mac users who've been hacked this way on their home computers. I have a strong feeling that fozzie33 is right about it having something to do with facebook third party stuff. Especially since both my email and facebook accounts were hacked. (they used the same password, pre-hack Sara C. being a fucking moron.)
posted by Sara C. at 6:59 AM on September 13, 2010


Just reiterating what miyabo said: this is not personal, don't waste a bunch of time trying to decide who's out to get her. This is malware written by bad people, but it's not anybody sitting down and deciding your wife in particular needs to have a bad day.

Probably the number one way to remain immune to these viruses is to not use any third-party "check my email contacts to find more friends!" links. Lots of "legitimate" sites use them - I constantly have Facebook and LinkedIn nagging me to do this, for example (and I believe a rogue application on Facebook was the first iteration of the Stuck In London/Grandchild scams, before it branched out to email) - and first off it's wrong to spam your friends, and secondly you never really know who all you're giving this information to. But this is certainly a wake-up call to both check your basic security and online behavior.
posted by Lyn Never at 7:16 AM on September 13, 2010


exactly... highly, highly unlikely that it is a targeted attack... this happens to tons of people... and it is standard practice for the malware programs to change the users password when sending out the spam, it gives them a little more time to send it out and makes their emails look "less spammy" to the provider. Just change the passwords, if she doesn't use one account, clear out the address book (keep it in a third-party program ie: outlook, thunderbird).
posted by fozzie33 at 7:31 AM on September 13, 2010


See also today's XKCD. nthing that it's not personal.
posted by Lebannen at 12:24 PM on September 13, 2010 [1 favorite]


« Older The name is at nearlyfreespeec...   |  What's the best solution out t... Newer »
This thread is closed to new comments.