My email account was hacked and how I learned about it
I was recently hacked in a very serious and scary way and am still dealing with it. I got an email from the person that administrates my accounts at one of the major investment banking companies. It was in response to an email that appeared to come from my account but was not sent by me. The email referred to the administrator by her first name and requested that $25,000 be sent “to one of my clients.” The administrator’s reply, which I saw, asked me for the wire information and a signature. While the email looked normal, any one that new me well would have guessed that it was not from me because of the writing style.
I called the admin right away. Incidently, I was not in the USA at the time. I told her that the email was not from me and that I had been clearly hacked. I asked her to report it to the security people at her firm who never bothered to contact me. As we were speaking, a second email came in from the hacker. It has the wire transfer instructions with my signature which they had clearly gotten from another document in my email account. I felt a chill go up my back.
Then I went to work in a very intensive way to change all my passwords, starting with my email accounts. Then I changed my emails on my bank accounts.
I called the officer that handles my regular bank account. She was very sympathetic and said this was happening a lot.
I then called the bank which was suppose to receive the wire transfer. It was a credit union in Tennessee. I spoke to a security person there and gave them all the information. I figured that the hacker might be using this sleepy credit union to accumulate the days haul and then transfer the funds out.
Strangely, I had just been talking with friends who are staying with us about the importance of good computer security. I boasted that I had never been hacked. I explained that I use strong passwords as well as 1password. I use different passwords for different accounts and I am very careful with clicking on links in emails to avoid phishing sites.
So how did this happen to me?
Well, my main email account goes to an ISP and then is forwarded to my iCloud account and a Gmail account. I don’t really use the ISP account. So here is how I think I got into trouble. I used to use a common password on all these sites, like many of you. I forgot that I had used this password on my mail account at the ISP and maybe dozens of other internet sites. Some of these sites could have been easily hacked and my email address and password taken. My email address uses my domain but it is easy to use a DNS look up programs to find out where the domain is hosted. Then it would be very easy to log into my email account to both send and receive emails. I actually think that the hacker did not use my email account to send the the email to the administrator since I could not find a trace of that, but the hacker did read my emails to check for the response from the admin. Once I changed the passwords on my email account, the hacker (who might even be reading this blog post) was cut off unless he/she has some kind of virus on my computer. I did run virus detection and did not find anything.
I should mention that just before I saw the email response from the Admin to the phony email, I got a message that someone tried to change my password on Dropbox. But they did not change it successfully because drop box would have sent an email saying it had been changed. Not sure why this happened.
It could have been worse and it might still be worse
The hacker could have changed the passwords on my email account and I would not have been able to get into my email. This may have actually happened, but the hacker did not really understand that the control panel at my ISP would not have removed the forwarding to my iCloud account. Once you are locked out of your email, you have a very difficult time changing passwords because most sites send you an email with the instructions and a link for changing them. I would have called the ISP and had them change the password so I could get into my account, if I could convince my ISP that I was indeed me.
The hacker had access to all my emails. He probably spent sometime trying to figure out how I bank. Maybe he used a robot to look for emails from financial institutions. But in looking through my emails he could or did learn a great deal about my life. He could see investment reports. He could have realized that I use a voice over IP service and actually gone into that service and had my calls forwarded to his own phone service so he could intercept calls to me.
Once a hacker has control of your email account, they can go about finding sites where you have accounts and resetting the passwords thereby giving them access and locking you out. So sites that only require you to click on a link in an email sent to you are very risky if you ever loose control of your email account.
I don’t know if the hacker copied all my emails and will be doing additional data mining. It is a very frightening thought.
What I learned and what i suggest you do
We are totally dependent on email and, for most of us, we must make our email passwords very secure and never use them for any other purpose. That will limit the ability of a hacker to get into our email. They could still hack the ISP that we use or we could get some malware on our computers. We should always forward our emails to one or more accounts. That way, if the hacker does not realize that we have done that, we can still see emails sent to us and we can reset passwords if we need to. Many sites will send emails if someone tries to change a password so we would at least see that they tried and maybe succeeded.
Some sites now use two step verification such as Google and Dropbox. This relies on something you know, your password and something you have, like your cell phone. I suggest you use this on every site that supports this capability.
- Protect your email like it is your life (it might be) by
- having a very strong password that you only use for email
- have one or more additional email accounts where you forward your email. Gmail is good for this if it is not your main account.
- Use a two step verification when ever possible.
- Use strong passwords in general and consider using an application like 1password that remembers your passwords on your computer and will generate new passwords for you.
- Move sensitive documents out of your email account as soon as you no longer need them.
- Make sure that your banks will not do a wire transfer without a verbal confirmation.
- Assume that a hacker is reading everything you write and receive. My hacker could have been hanging out in my account for months.
I welcome comments and suggestions about this.