Jeff Ward: You've Been Hacked!

And how you might avoid a similar fate!

I want to thank my alert readers who were among the first to let me know my e-mail account had been hacked. I want to assure you I've never even been to London, I’ve (thankfully) never been set upon by armed thugs, and I wouldn’t be caught dead writing anything like “OMG.”

As fellow columnist Rick Hollinger said that fateful afternoon, “I bet you didn’t realize how many friends you had!” While it’s nice to be popular, after about the 80th “you’ve been hacked” phone call, I was seriously considering a future as an Amish hermit.

That said, it was gratifying to hear so many compatriots say, “We knew it wasn't you because your prose isn't nearly that bad. Who knew being a reasonable writer could come in so handy?

I’m glad you all were far too smart to send our enterprising e-mail hijackers any of your hard-earned cash. The good news is, my e-mail account is back under my control, my password is stronger than ever, and now I can repay your kindness by explaining how you might avoid this mild, but disturbing identity-theft fate.

Whenever I’m facing this type of computer conundrum, the first thing I do is turn to the experts at Helping Hand PC in Wasco. In this case, Jason and Chris explained how these insidious e-mail hackers work. And it’s all automated!

They start by having “bots” programmatically scour the Internet for e-mail addresses that lead back to a specific domain name. The fact that mine is attached to hundreds of columns as well as a business made it that much more likely to get their attention.

Once in their hands, the software heads to an AT&T back door, where they can run password permutations at lightspeed until they come up with the correct combination. In this case, the bots rerouted my e-mail, created a fake e-mail address very close to mine, sent the suspect e-mail out to all my contacts, and deleted every one of those contacts so I couldn’t warn them in bulk, and they’re out!

The reason some readers got that e-mail is, not only does this incredible software access your contact list on the cloud, but it rifles through your “sent” directory seeking out every e-mail address in that folder. Then it solicits the folks I had replied to, as well.

Most of you also noticed that, if you hit the “reply” button, the response would've gone to an e-mail address containing an extra “f” in my first name.

As Chris put it, this kind of mechanical hack isn’t all that malicious. They’re simply looking for one or two e-mail recipients to cough up a couple of hundred dollars. The only damage they really did was to delete those contacts—they didn’t even dump my saved e-mails.

The worst thing about all this agita was having to deal with AT&T which continues to be one of the worst customer-service companies on the planet. It’s neither easy nor intuitive to change an AT&T e-mail password—you have to start with your telephone account login.

The first "help" representative couldn’t understand me, even after I repeated my phone number three times. Then I came up with a back-end phone number to somewhere here in the states, but that clueless gentleman wanted me to wait a day to change my password. After promising me he wasn’t transferring me back to the outsourced help desk in India, he did just that.

That third support person had no idea how to help, so I went back to the U.S. number and finally found someone who understood the password-changing process. But I’m the one who had to tell her how to stop emails from being forwarded to another address.

Other than being a bit unlucky, Jason told me my downfall was that my previous eight-digit alphanumeric password just wasn’t strong enough. These days you have to include both upper- and lowercase letters, numbers—even punctuation—to make it as long as possible.

Though I don’t think it mattered much in this automated case, I rarely use the same password twice, so there was no danger of the hackers moving on to financial websites.

Jason said that their customers are dealing with this phenomenon on a regular basis and one business client lost thousands of contacts. That last AT&T support person told me she’s getting five or six calls like mine every day.

So the moral of our story is twofold! First, for anyone who's as reliant on computer technology as I am, it pays to have a good relationship with a decent computer-consulting company. If you use the techs at those big-box stores you will get exactly what you pay for. Should you require their services, you can reach Helping Hand at 630-940-1718. Tell Sue that Jeff sent you.

And secondly, especially for those with e-mail addresses that are always out there, do not use anything like “1234” and “password” for your e-mail password. These hackers are getting more sophisticated every day, so we have to make an effort to stay a step ahead.

I know it’s a pain, but make your passwords as long, convoluted and difficult to crack as possible. Then their bots will simply move on to the next victim with a simple six-character password.

The irony is, as Jason told me, if these hackers put half this effort into something positive, they’d all be millionaires!

Ain't the computer age something?

Sandy Kaczmarski November 15, 2011 at 02:50 AM
Such a lonely blog post! I guess you getting hacked isn't as interesting as yacking about the church. I thought the hacked email was pretty funny. I just pictured you in the UK with your family, feeling "embarrassed" after being robbed at gunpoint. I knew it wasn't legitimate when it was signed "Jeffrey."
Steve Gibson December 01, 2011 at 02:49 AM
Congrats to my fellow Geneva Patch blogger Jeff Ward on navigating the complex path to getting his hacked email account back under his control. Here's a link to a list of the top 25 passwords in use for 2011 - http://splashdata.com/splashid/worst-passwords/index.htm - if you see your password on this list, or one very close to yours, you may want to be a little proactive and change your password NOW instead of later. And if you do find yourself in trouble, feel free to call your friendly local Geneva computer repair shop - CompleTek Computer Repair (owned by yours truly) at 630-492-1275, or stop by our website at http://completek.biz for more information. We're located in the same building as Huntington Learning Academy (825 W State St, Suite 103D). We'll give you a free estimate before we begin any work.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »