Use Hotmail, Provide iPhones to Nigerians!
January 9, 2008 12:09 PM Subscribe
My girlfriend's Hotmail account has been hijacked. For real. Repeatedly. Help.
The salient points:
On Friday, she could log into her Hotmail account with no problems. As of Saturday, she was unable to log in -- the error message said her username and password didn't match. She tried to reset her password, but her secret question had been changed too (meaning she obviously didn't know the answer). After filling out the support form on Hotmail's site, receiving an email from them at a different address, and giving them lots of information, they reset her password and she could access the account. That was Monday.
She logged into her account and discovered that a) many of her emails had been deleted, and b) there was a string of emails about eBay purchases that she did not make. Several of them were back-and-forths with sellers who were getting the Paypal runaround from the person who had hijacked her account. A couple of the sellers finally wised up and reported the fraud to eBay and the auctions were canceled.
Within a couple of hours of her successful login, her password and the secret question had been changed again and she was again locked out of her account. Hotmail has not yet responded to the most recent breach.
One of the emails in the eBay exchange included a name and mailing address in Nigeria. (As in, "No, don't worry, PayPal will make the payment soon! Please go ahead and ship my iPhone to this address!") I've googled the name and address and can't prove that the guy is real, but it is at least one piece of info we have. (I don't have his IP address, but I suppose I could email the eBay seller with whom he was communicating and ask if it's in his header info. Only problem is, the eBay seller also had a Hotmail address, and right now we're suspicious of anything Hotmail-related.)
She's filed a police report, by the way, but that isn't making Hotmail respond any more promptly. And since there's been no monetary loss so far, the police won't/can't actually do anything. (Like they would anyway....)
So, what's going on? How is someone repeatedly accessing her account, and how can we stop it? (She's signed up for gmail in the interim.) How is it possible that the person who hijacked the account knew, within the hour, that she had regained access? And how did that person access her account even after she changed her password? Is it possible that the offender works for Hotmail? Is there a key-logging thingy on her Mac? Were her tech support communications not actually going to Hotmail, but to the hijacker? What the hell?
Is there anything we should do to her computer to make sure there's no malware on there? (I'm not a Mac person, so I'm clueless on this front.)
Any other advice or possible explanations?
Google search pretty much just confirms that the situation is fucked up, but doesn't provide much in the way of help.
The salient points:
On Friday, she could log into her Hotmail account with no problems. As of Saturday, she was unable to log in -- the error message said her username and password didn't match. She tried to reset her password, but her secret question had been changed too (meaning she obviously didn't know the answer). After filling out the support form on Hotmail's site, receiving an email from them at a different address, and giving them lots of information, they reset her password and she could access the account. That was Monday.
She logged into her account and discovered that a) many of her emails had been deleted, and b) there was a string of emails about eBay purchases that she did not make. Several of them were back-and-forths with sellers who were getting the Paypal runaround from the person who had hijacked her account. A couple of the sellers finally wised up and reported the fraud to eBay and the auctions were canceled.
Within a couple of hours of her successful login, her password and the secret question had been changed again and she was again locked out of her account. Hotmail has not yet responded to the most recent breach.
One of the emails in the eBay exchange included a name and mailing address in Nigeria. (As in, "No, don't worry, PayPal will make the payment soon! Please go ahead and ship my iPhone to this address!") I've googled the name and address and can't prove that the guy is real, but it is at least one piece of info we have. (I don't have his IP address, but I suppose I could email the eBay seller with whom he was communicating and ask if it's in his header info. Only problem is, the eBay seller also had a Hotmail address, and right now we're suspicious of anything Hotmail-related.)
She's filed a police report, by the way, but that isn't making Hotmail respond any more promptly. And since there's been no monetary loss so far, the police won't/can't actually do anything. (Like they would anyway....)
So, what's going on? How is someone repeatedly accessing her account, and how can we stop it? (She's signed up for gmail in the interim.) How is it possible that the person who hijacked the account knew, within the hour, that she had regained access? And how did that person access her account even after she changed her password? Is it possible that the offender works for Hotmail? Is there a key-logging thingy on her Mac? Were her tech support communications not actually going to Hotmail, but to the hijacker? What the hell?
Is there anything we should do to her computer to make sure there's no malware on there? (I'm not a Mac person, so I'm clueless on this front.)
Any other advice or possible explanations?
Google search pretty much just confirms that the situation is fucked up, but doesn't provide much in the way of help.
Whatever you end up doing, I'd suggest she permanently switch to the Gmail account.
posted by nasreddin at 12:23 PM on January 9, 2008
posted by nasreddin at 12:23 PM on January 9, 2008
Look for physical keyloggers as well, if it is a USB keyboard.
posted by mikepop at 12:24 PM on January 9, 2008
posted by mikepop at 12:24 PM on January 9, 2008
And change the password on the Gmail account from another computer until you rule out keyloggers; once she gets her password reset from Hotmail again have her log in from another comupter and change her password again, etc. Basically, I wouldn't use the computer for anything sensitive until you get it figured out.
posted by mikepop at 12:25 PM on January 9, 2008
posted by mikepop at 12:25 PM on January 9, 2008
The eBay account is not your girlfriend's, right? If so, this situation makes absolutely no sense. Someone hijacked her free hotmail email account, just to use it to send fraudulent emails? They could just have easily opened their own new hotmail account to do the same thing.
Someone dumb enough to use your girlfriend's account for this is probably not smart enough to use any of the methods you mentioned (key-logging, internal hotmail functions, Mac-based malware, etc). The most likely explaination is that the guy is using a dictionary-based attack and both of the passwords your girlfriend used are in his dictionary.
posted by burnmp3s at 12:34 PM on January 9, 2008
Someone dumb enough to use your girlfriend's account for this is probably not smart enough to use any of the methods you mentioned (key-logging, internal hotmail functions, Mac-based malware, etc). The most likely explaination is that the guy is using a dictionary-based attack and both of the passwords your girlfriend used are in his dictionary.
posted by burnmp3s at 12:34 PM on January 9, 2008
First off: your girlfriend needs to change her secret question and answer. Choose a pair that is something nobody will guess- 'Who is the president of the United States?' and 'Bela Lugosi', for example. My guess as to how someone would 'know' she'd changed her password would involve them trying to log into the account and failing. (Which is an astonishing possibility after she's changed the password, I know.)
Second off: view full headers on the email: you should be able to suss out an IP address for the buyer quite handily. Third off, contact ebay support: you should be able to get a user ID out of that email, and they have records for this person which are related to fiscal matters and therefore verifiable.
Of course, first order of business is to get Hotmail to respond. they give you an incident # or a ticket # related to the prior password reset? Use that in refering to this incident, because it's the same one, and you'll get to second or third-tier support much faster, that way.
posted by mephron at 12:34 PM on January 9, 2008
Second off: view full headers on the email: you should be able to suss out an IP address for the buyer quite handily. Third off, contact ebay support: you should be able to get a user ID out of that email, and they have records for this person which are related to fiscal matters and therefore verifiable.
Of course, first order of business is to get Hotmail to respond. they give you an incident # or a ticket # related to the prior password reset? Use that in refering to this incident, because it's the same one, and you'll get to second or third-tier support much faster, that way.
posted by mephron at 12:34 PM on January 9, 2008
Response by poster: burnmp3s, she says now that she did sign up for an eBay account a long time ago, but never used it. So I guess she did have one after all.
mephron, she changed the secret question after being able to log back in. Didn't make a difference, and now the dumbass has changed it again to something she can't answer.
The emails -- we printed them out, and the hard copies are the only ones we have right now since we can't get in to Hotmail to view the headers.
When contacting Hotmail the second time, we included the report number in the subject. Didn't make a damn bit of difference -- they still haven't responded.
posted by mudpuppie at 12:39 PM on January 9, 2008
mephron, she changed the secret question after being able to log back in. Didn't make a difference, and now the dumbass has changed it again to something she can't answer.
The emails -- we printed them out, and the hard copies are the only ones we have right now since we can't get in to Hotmail to view the headers.
When contacting Hotmail the second time, we included the report number in the subject. Didn't make a damn bit of difference -- they still haven't responded.
posted by mudpuppie at 12:39 PM on January 9, 2008
Can you confirm, as per burnmp3 above, that your gf hasn't been using some simple password?
Some guy might just be re-running a dictionary attack on the same set of hotmail accounts and if she is using passwords such as "strawberry1" or whatever, this will continue to happen.
posted by vacapinta at 1:38 PM on January 9, 2008
Some guy might just be re-running a dictionary attack on the same set of hotmail accounts and if she is using passwords such as "strawberry1" or whatever, this will continue to happen.
posted by vacapinta at 1:38 PM on January 9, 2008
Response by poster: Yeah, vacapinta, it seems that the password maybe wasn't as secure as it could have been. We're working on that now. She feels kind of stupid about it.
Update: We've fixed things with eBay and PayPal. Both compromised accounts are now canceled.
Here's the deal: In going through the PayPal process (which involved doing an "I forgot my email address" menu), we found the gmail address for the hijacker. The guy had tried to change her PayPal username to his own username (while keeping her payment information). When he did that, PayPal sent a confirmation email to her Hotmail account. She saw that email during the hour that she was able to log in on Monday. Okay, so, when she did the I-forgot-my-email-address thing, it redirected her to a web form that automatically had this dude's gmail address filled in.
So we have his gmail address. What do we do with it?
I can't seem to find a way to report him to Gmail. Their help site -- even for compromised accounts (which this isn't, really) -- is totally useful. There doesn't seem to be a way to report that he's using his gmail account for fraudulent purposes, and most certainly violating their TOS.
Any way to report him?
If not, I think I'm going to get everyone I know to spam the hell out of him.
posted by mudpuppie at 2:03 PM on January 9, 2008
Update: We've fixed things with eBay and PayPal. Both compromised accounts are now canceled.
Here's the deal: In going through the PayPal process (which involved doing an "I forgot my email address" menu), we found the gmail address for the hijacker. The guy had tried to change her PayPal username to his own username (while keeping her payment information). When he did that, PayPal sent a confirmation email to her Hotmail account. She saw that email during the hour that she was able to log in on Monday. Okay, so, when she did the I-forgot-my-email-address thing, it redirected her to a web form that automatically had this dude's gmail address filled in.
So we have his gmail address. What do we do with it?
I can't seem to find a way to report him to Gmail. Their help site -- even for compromised accounts (which this isn't, really) -- is totally useful. There doesn't seem to be a way to report that he's using his gmail account for fraudulent purposes, and most certainly violating their TOS.
Any way to report him?
If not, I think I'm going to get everyone I know to spam the hell out of him.
posted by mudpuppie at 2:03 PM on January 9, 2008
The eBay account is not your girlfriend's, right? If so, this situation makes absolutely no sense. Someone hijacked her free hotmail email account, just to use it to send fraudulent emails? They could just have easily opened their own new hotmail account to do the same thing.
It makes tons of sense. Putting people on the trail of someone else keeps them off your trail.
Check your credit rating as well for unknown purchases.
posted by Ironmouth at 2:58 PM on January 9, 2008
It makes tons of sense. Putting people on the trail of someone else keeps them off your trail.
Check your credit rating as well for unknown purchases.
posted by Ironmouth at 2:58 PM on January 9, 2008
Response by poster: The PayPal rep told the gf that they already had his email address, but didn't indicate whether they were going to pursue it at all. I hope they at least search for his email address to see if anything else comes up.
posted by mudpuppie at 3:02 PM on January 9, 2008
posted by mudpuppie at 3:02 PM on January 9, 2008
Spamming the hell out of a Gmail account isn't actually going to affect the recipient, because Gmail's spam filters are very good indeed. It might improve the filters though. Here, spam the hell out of me: flabdablet@gmail.com
posted by flabdablet at 3:58 PM on January 9, 2008
posted by flabdablet at 3:58 PM on January 9, 2008
Just today it appears a friend of mine had her yahoo account similarly compromised -- someone sent out emails to all the people in her address book. It's very strange -- she's investigating.
Good luck getting it all sorted out -- it's a shame things have gotten so creepy out here on the interwebs.
posted by amanda at 5:45 PM on January 9, 2008
Good luck getting it all sorted out -- it's a shame things have gotten so creepy out here on the interwebs.
posted by amanda at 5:45 PM on January 9, 2008
Response by poster: Um, brujita, already did. See Metachat.
Anyway -- I sent an email to his gmail address professing a false interest in the product he's tried to by repeatedly. A response came almost immediately from a COMPLETELY DIFFERENT (i.e., bogus) hotmail account, asking me to provide paypal info.
HOW DO I NAIL THIS GUY???
posted by mudpuppie at 11:25 PM on January 9, 2008
Anyway -- I sent an email to his gmail address professing a false interest in the product he's tried to by repeatedly. A response came almost immediately from a COMPLETELY DIFFERENT (i.e., bogus) hotmail account, asking me to provide paypal info.
HOW DO I NAIL THIS GUY???
posted by mudpuppie at 11:25 PM on January 9, 2008
Not sure. But MeFi sure is an excellent spam honeypot. My Gmail spam folder is now accumulating garbage at least five times as fast as it was two days ago.
posted by flabdablet at 12:20 AM on January 11, 2008
posted by flabdablet at 12:20 AM on January 11, 2008
That is just crazy. Hope you sort it out. I have recently sold an iPhone on ebay and have had alot of Nigerians bid. One who won the auction in the seconds sent me a fake Paypal Pament Advise!
I want to let you klnow about another fraudulent trader on ebay: Here is my story.
I had a guy approach me selling iPhones, PS3's, DVD's and other technical gadgets really cheap His Ebay name is: WOOLFIKA (e bay) fake ID name is: UROS POPOVIC from Beograd in Serbia (which he scanned and sent to me). I made payment of $250 (was suppose to be $1000.00 but at last minute I cancelled it) to deliver goods. You guessed it, they never arrived. Be on the lookout for this guy, he has also used the allias: MYWOOLY2001 (ebay) and VUK MAKISIMOVIC as a real name.
He is seeking people who like to buy items in bulk at very cheap prices. I asked him to send through ID and photo's to prove his identity. He did this but has done a runner. It's no so much the money for me, it's lying theives who take advantage of people thinking they can get away with it.
If you come accross him with any transactions - AVOID HIM, he is very dodgy. I have reported him to local authorities.
I have attached a photo of him so you can avoid him wherever possible (the same image he sent to me. He works on global scams so be aware.
Hope this helps someone out there to not fall for his lies! People like this should be punished. At least I have learnt from my mistake, hopefully someone out there has the chance to see this before being burnt by this low-life.
I am not looking for advice, just want to let people know about this criminal!
Take care
posted by codymc7777 at 5:59 PM on October 21, 2008
I want to let you klnow about another fraudulent trader on ebay: Here is my story.
I had a guy approach me selling iPhones, PS3's, DVD's and other technical gadgets really cheap His Ebay name is: WOOLFIKA (e bay) fake ID name is: UROS POPOVIC from Beograd in Serbia (which he scanned and sent to me). I made payment of $250 (was suppose to be $1000.00 but at last minute I cancelled it) to deliver goods. You guessed it, they never arrived. Be on the lookout for this guy, he has also used the allias: MYWOOLY2001 (ebay) and VUK MAKISIMOVIC as a real name.
He is seeking people who like to buy items in bulk at very cheap prices. I asked him to send through ID and photo's to prove his identity. He did this but has done a runner. It's no so much the money for me, it's lying theives who take advantage of people thinking they can get away with it.
If you come accross him with any transactions - AVOID HIM, he is very dodgy. I have reported him to local authorities.
I have attached a photo of him so you can avoid him wherever possible (the same image he sent to me. He works on global scams so be aware.
Hope this helps someone out there to not fall for his lies! People like this should be punished. At least I have learnt from my mistake, hopefully someone out there has the chance to see this before being burnt by this low-life.
I am not looking for advice, just want to let people know about this criminal!
Take care
posted by codymc7777 at 5:59 PM on October 21, 2008
This thread is closed to new comments.
There are very few keyloggers for OS X, but this app claims it will find them.
Use firefox, install no script, it protects against cross-site scripting, which seems to be more prevalent.
posted by sharkfu at 12:23 PM on January 9, 2008