This is a very interesting and scary just in time for the Halloween Season. Unfortunately this horror story is true and although the victim did not get hit hard, it could have been terrible. The victim ended up having to close her email address and open a new one. She also became very familiar with a common term all us security people know called “Man in the Middle”.
Man in the Middle is a term used when you are surfing at a free shared WI FI hot spot and you can log into that router over at the coffee shop, restaurant, etc. What happens is that the BAD GUY acts as the Hot Spot and spoofs people into believing they are directly hooked into the free wireless router. Instead, they are first working through the BAD GUY’s computer and he is recording all the keystrokes, passwords and other activity on his laptop. The Bad Guy is hoping you will access websites using your credit card, bank account, etc so he can later take that information and steal your identity, steal your money or order products using your credit card information.
Below is a letter from the victim with personal information removed for obvious reasons. I will tell you some easy prevention tips at the end of this blog that can hopefully stop you from being a victim as well.
You all received an email last week from someone who hijacked my email account. I am not in England and I would never as for money in an email. It was so nice to talk to so many of you who called out of concern, Hearing your voices with emotion is so much better than this email stuff. I think I’m going to go back to the phone calls.
This is my new email address REMOVED@gmail.com
Please remove REMOVED@hotmail.com from your contacts list as I have closed out that account.
I learned a few lessons however from some Internet security personnel that may be helpful.
1. My email and password were probably hijacked when I was in Europe when I used an unsecured WI-FI area to access my email. When using WI-FI, only access your emails from a cell phone or anywhere you don’t have to use your password.
2. If you do receive an email with a strange subject line or unexpected or unusual attachment, even from someone you know, DO NOT OPEN IT until you verify it was actually sent by your contact. Call your friend don’t just email. The hijackers may receive your email and continue a conversation with you and may possibly hijack your email address. If you responded to the email that was sent to you from me, CHANGE your password on your email account in order to prevent your email from being hijacked.
3. It’s best to reach out to your friends by phone to let them know their email has been hijacked.
4. HOTMAIL does not have LIVE support to assist you with re-accessing your emails. I was lucky to get my contacts back. So back up your contacts on your computer.
5. These hijackers are really looking for a poor soul who may send money to a loved one, such as grandparents. Please let friends who you think may be vulnerable to such scams.
Good news is, some poor bas_ _ _ _ in Nigeria got nothing, and I got to talk to a whole bunch of friends last weekend while my email was down!!!!!
Now this turned out to be a huge inconvenience for the victim but at least no monetary loss.
Here are some safety tips when using public WI-FI areas.
1. Don’t access sensitive information such as your banks, credit card companies and other places requesting your email and passwords.
2. Try not to use any site demanding a password be used unless you absolutely must. Then change it once you are back in a secured area.
3. Backup your computers and your contacts in multiple locations.
4. Always use an antivirus software and be sure to keep it updated. Check it too as sometimes you cannot get a new update until your computer reboots.
5. Never send money to anyone who requests it by email. With all the tricks out there, you should be able to speak to someone live by telephone when they claim to be in need.
6. Don’t answer emails that ask you to visit websites and insert your personal information. Even if the website looks real. It probably is not and your bank or credit card will never ask for your full social security number, date of birth and account numbers on a website.
7. Don’t talk when your mouth is full of food. This is unrelated but I needed another number to make 7 tips. Plus, it’s just plain good manners.
Let me know if you have any good tips to add and send them our way. Surf’s up so be careful!