If you have not already read my first post on this please read it here. I thought I was done with the hacker but also had a sense that maybe I was not. This morning, my wife got an email from the admin at the financial institution where the hacker had tried to have money wired. The admin had left on Thursday soon after we discovered that I had been hacked. The hacker must have realized that we were on to him (I say him because I have never heard of a woman doing this sort of thing) when he say the email he sent to her with the wire information and my signature being sent back to me (I had requested this by phone). I guess he decided to punish her. When she came to work this morning, there was more than 800 emails that had been addressed to me but forwarded to her account. I new then that he was still somehow in my account.
I check the account to see if he had put a forwarding email but there were only the ones I had put in. I I called the ISP and their tech helped. It turns out that there was a capability in the email settings called filter. It was the equivalent of what most email programs call “rules” He had set up two rules. One rule sent every communications from my bank to a gmail account that he had set up probably for that day or even just for my account. The other which must have put in after he was discovered, sent every email to the admin at my bank. I checked with her about when she got the first email that had been addressed to me and it was shortly after she had sent me the email with wiring instructions and signature. So I guess the hacker could not help himself and had to take revenge or show how powerful he was.
So how did he get into my account after I changed the passwords. I think he kept my account open after he logged in. I would guess that more than one computer can be connected at a time to the email account via the web interface and as long as you are connected, you stay connected even if the password is changed. So this is another learning. If someone is already logged into your email account, changing the password does not get them un logged. I have not figured out how to accomplish this yet but will make a comment when I do. I just checked and do not see any new rules but who knows. He may still be there.
I felt like sending this bastard an email at the gmail address he used but frankly, I am sure he has more tricks and I do not want to go to war with this person.