If you have not already read my first post on this please read it here. I thought I was done with the hacker but also had a sense that maybe I was not. This morning, my wife got an email from the admin at the financial institution where the hacker had tried to have money wired. The admin had left on Thursday soon after we discovered that I had been hacked. The hacker must have realized that we were on to him (I say him because I have never heard of a woman doing this sort of thing) when he say the email he sent to her with the wire information and my signature being sent back to me (I had requested this by phone). I guess he decided to punish her. When she came to work this morning, there was more than 800 emails that had been addressed to me but forwarded to her account. I new then that he was still somehow in my account.
I check the account to see if he had put a forwarding email but there were only the ones I had put in. I I called the ISP and their tech helped. It turns out that there was a capability in the email settings called filter. It was the equivalent of what most email programs call “rules” He had set up two rules. One rule sent every communications from my bank to a gmail account that he had set up probably for that day or even just for my account. The other which must have put in after he was discovered, sent every email to the admin at my bank. I checked with her about when she got the first email that had been addressed to me and it was shortly after she had sent me the email with wiring instructions and signature. So I guess the hacker could not help himself and had to take revenge or show how powerful he was.
So how did he get into my account after I changed the passwords. I think he kept my account open after he logged in. I would guess that more than one computer can be connected at a time to the email account via the web interface and as long as you are connected, you stay connected even if the password is changed. So this is another learning. If someone is already logged into your email account, changing the password does not get them un logged. I have not figured out how to accomplish this yet but will make a comment when I do. I just checked and do not see any new rules but who knows. He may still be there.
I felt like sending this bastard an email at the gmail address he used but frankly, I am sure he has more tricks and I do not want to go to war with this person.
Two Thirds Done 
Really scary stuff, Avram. I hope you get this resolved quickly with as little damage as possible.
LikeLike
Hello Avram,
First I want to say I am sorry for you for this unpleasant experience. Learning from it does not make it less unpleasant. It’s not a game, the guy tried to rob you and might try again. He may have get access to some of your friends information including mine (if he reads French). In the past, you may have received friends login and passwords to help them with technical bottlenecks and you do
not remember.
” I am sure he has more tricks and I do not want to go to war with this person. ”
Why not?
The guy is at war with you already, it’s not like it’s up to you to decide. So what you are saying here is that you want to protect yourself until you will become an uninteresting target to him. Well, this is you at war and not realizing it. From day one you took measures to block him from harming you. That was your side of the war.
What you didn’t do is attack him. You didn’t try to have him be arrested, and I guess that this is what you mean when you say “I don not want to go to war”.
At war, there is usually a winner and a loser. Your terrorist will not sign a peace agreement if he is not forced to. He will move to another target when he feels that you are well protected. But with all the knowledge he gained from you, will he stop where you want and think he will? I cannot write anything here, so please be a chess player.
Painful: Here we are witnessing this development from the outside with you being the victim, and the more he harms you, the more we (and you) learn from it, as if we receive an unsolicited gain from your unsolicited troubles. It’s like, hey hacker, hurt my friend Avram more so I can learn more tricks to protect myself. Neuuuu.
And of course if the guy reads this, he is probably a pervert too, enjoying the whole situation.
It’s probably too late now so I can write it here in the open. I think that there is no better defense than attack, and a hard one.
Once you took the appropriate steps to protect yourself by anticipating what he may do next, you go to phase two: attack. Find his weak point, wear his shoes, have him panic and run or get caught.
He is anonymous? You could -now it’s too late so I can say it- set up a fake series of email exchanges making him believe he is about to be discovered. Even now, how would he knows if it’s fake or real.
Do not just wait for his next trick and do not let him enjoy.
Amicalement,
LikeLike
“Embiggened is not a real word, unless we have been in the Simpson’s Universe. 31, 2014, an instalment of “Ƭhe Simpsons” actually predicted the final score of the game made use of in 2005. Grandpa Abe Simpson fought in World War II, at least in the older episode in which the timeline may make sense.
LikeLike