Thursday, April 15, 2010

The Cobbler's Wife Had No Shoes

Did I jinx myself by writing about LastPass a few weeks ago?

Somebody guessed Michele's gmail account password, and got control of her account. She was basically doing what I'd been doing until a couple of months ago, using a password that was short and easy to remember and, it turns out, easy to guess if you did a little bit of googling on her. Her gmail account started out as just a non-work email address she'd use when online services or shops asked for an email address.

So who cares if somebody guessed the password? No biggie.

But over time she started using the gmail account for all her non-work stuff. So she was extremely unhappy to wake up yesterday morning and find out all her friends and family received this message:
This had to come in a hurry and it has left me in a devastating state. I'm in some terrible situation and I'm really going to need your urgent help. Some days ago,unannounced,I came to visit a resort center in Drayton, Scotland Road Industrial Estate, Dry Drayton Cambridge England, UK..but I got mugged by some hoodlums and lost all my cash,credit cards, I'm financially stranded right now and my return flight leaves in few hours time but I need some money to clear some bills, I didn't bring my cell phone along since I didn't get to roam them before coming over. So all I can do now is pay cash and get out of here quickly.I do not want to make a scene of this which is why I did not call my house,this is embarrassing enough. I was wondering if you could loan me some cash, I'll refund it to you as soon as I arrive home just need to clear my Hotel bills and get the next plane home, As soon as I get home I'll refund it immediately. Write me so I can let you know how to send it.
Wow! Well, I was certainly concerned, so of course I wrote back:
Oh my gosh, that's terrible! I knew you were heading overseas, I'm sorry to hear you are having SUCH a hard time!

How can I help?

--
Gavin
Three hours later "Michele" replied:
Glad you replied back to my email..I still have my life and passport cos it would have been worst if they made away with my passport. well all I need is just $2,450 and you can have it wired to me via Western Union. Here's my info below

Michele Cooke
8, Scotland Road Industrial Estate, Dry Drayton Cambridge CB23 8AT , United Kingdom.

As soon as it is done, kindly get back to me with the confirmation number and let me know if you are heading to the WU outlet now?

Thanks...
Anybody who knows Michele well enough to lend her $2,450 will know that she doesn't write "cos" unless she's writing about trigonometry. And after reporting the hijacking she's got control over her gmail account again and sent an "all clear" message, thanking all the people who emailed or called to let her know that she'd been hacked.

The scammers did several sneaky things, though:
  1. After spamming everybody, they deleted her gmail contacts list-- I assume to make it harder for her to send an "ignore that last email, I do not need money" message.
  2. They created a very similar free email address at Yahoo (clandreesen@yahoo.com) and setup a gmail filter to forward all email to that address.
  3. They moved all of her mail to the gmail Trash folder, and had the same mail forwarding filter automatically move new messages to the Trash.
Tricky buggers! Her email would probably still be forwarded to the scammers if I hadn't done a little research and run across a handy list of things to check if your gmail account gets compromised.

I suppose this is the digital equivalent of losing your wallet -- it is annoying and embarrassing and time-consuming. Gmail has a pretty good account recovery process, although it takes them most of a day to investigate and figure out who the proper owner is. Michele re-created it from messages left in the Trash folder; good design on Gmail's part that there's no way to erase a message immediately. But it would be way cool if they could automatically restore all the mail forwarding and contact list and other account settings to how they were before the account got hijacked.

I hadn't finished creating ultra-secure LastPass passwords for all the sites I visit; "who cares if somebody hijacks my Wordpress comment-on-blogs account?"

The answer is "anybody who might be fooled if they got a message from me saying I was in trouble." I'm changing those passwords, and am going to make sure the answers to the password recovery security questions are ultra-secure, too...

5 comments:

jpo said...

Sorry about the hack, Gavin. You've inspired me to change my fairly insipid Gmail password right now. Oh, and could you wire me a couple hundred dollars, too?

Gavin Andresen said...

I'd be happy to wire you a couple hundred dollars. What's your bank account number?

jpo said...

Oops, sorry I forgot to leave my account number here. It's 3141-592-6536. If you could please wire the funds to this account ASAP, I'd really appreciate it.

Anonymous said...

just got an email with the EXACT same content... i did respond out of curiusity, and got my response immediately (unlike your 3 hours later). Obviously this is a really idiotic scammer if he doesn't change his M.O.

jpo said...

Never gets old...

http://pogue.blogs.nytimes.com/2010/12/23/a-day-with-an-e-mail-scammer