Perhaps you have received the e-mail message below. I (Regina) received it about a year ago. After initial concern for the supposed sender, I realized no one I knew would ever e-mail me with such financial demands. The message below was sent to everyone in mine and Gloria’s email contact list one (from us) one morning in February.
Unfortunately, some recipients believed it and followed through on the hacker’s demands.
Here is the beginning of that letter:
Subject: I need your help as soon as possible
How are you doing today? I am so sorry I wasn’t able to inform you about my trip to England to visit my ill cousin today,the news came to me as an emergency yesterday and i had to be there soon enough. I am presently in NHS London with my ill cousin so I decided to write to you from a nearest business depot.She was diagnosed with a critical uterine fibroid. X-ray and scan shows that her condition is deteriorating because the fibroid has done a lot of damages to her abdominal area and an emergency hysterectomy surgery must be carried-out to save her life.I am deeply sorry for not writing or calling you before leaving, the news of her illness arrived to me as an emergency and that she needs family support to keep her going. I had little time to prepare or even to inform people about my trip, I hope you understand my plight and pardon me.
Unfortunately,The money the doctor asked for was more than what i planned for….
The letter goes on to ask for financial help, with instructions on how to wire money directly through Western Union. Obviously the grammar is incorrect, the typing is horrible and the demands outrageous. Financing emergency health care is not a problem in England, a country with socialized medicine. In spite of the poor composition, the email message caused problems and financial loss.
Here are our thoughts on the hacking experience:
How many times have you thought? “It won’t happen to me, I don’t have anything anyone would want”? That was certainly my attitude. I don’t do on-line banking, I shred my mail, I don’t have loans, and only two credit cards. I keep virus control and firewall up to date, and the only place my social security number is written is in my head. It never occurred to me that hackers would be interested in online e-mail and I falsely believed the AT&T server was secure (Not to mention the Hotmail server used by Gloria and her Facebook account.)
All wrong! We suspect the hackers chose our online address books because we had so many entries. I used the opportunity to clean out my address book and email inbox—a long overdue task – and change my passwords. Passwords should be changed regularly. The hackers could also have gotten into my inbox, but it appears they didn’t. Now I keep contacts and incoming emails deleted online and use Outlook for email.
I was lucky; I didn’t have my hard drive hacked, as Gloria did. I could concentrate on notifying contacts, although I really didn’t think that anyone would believe such a poorly written message. Wrong again.. Right after I sent the apology message to my spiritual practice group, I got two calls from friends. One had sent $500 dollars and the other $400. The hackers had played on their emotions during email exchange. My friends were so worried about me and my false situation that they didn’t think rationally. Luckily, most friends called before wiring money. My phone was ringing constantly for the first three days. For a week, I had a sense of dread every time the phone rang or an e-mail was delivered, fearing that someone else had wired money.
I feel blessed to have so many people in my life who care about me. I’m thankful for that and for the fact that the two friends who wired money were able to retract it from Western Union before the hackers picked it up. Besides realizing gratitude and appreciation for friends and family, I learned a lot about hacking and have since taken security measures; they are included in our email message below. It could have been much worse. This was a warning and an opportunity to clean up my act before I got hacked for a lot of money. This is your chance to clean up your act, so that it won’t happen to you. Knowing that makes the experience worthwhile.
Being a victim of the hacking was a frustrating, yet valuable, experience. On the day I heard of the scam email, I spent 15 hours (7 1/2 hours straight) answering phone calls and chatting on Skype, trying to regain control of the stolen accounts, and then emailing retractions. Altogether, I spent about 22 hours resolving the hacking. I got emotional when friends said they were about to send money, especially when I found out that someone actually did. I’ve made up my mind to repay that person. Soon I realized that God was helping me. I only needed to stay in my heart, not in the emotion, following God’s guidance. When I did this, I was able to be much more efficient in resolving the hacking. Another good thing happened: I connected with many people I hadn’t connected with in a very long time. Plus, we’ve documented what we learned from this experience so that others may be better prepared. Everything happens for a reason…everything is a blessing…an opportunity to trust in God.
Here is the message we sent to our contacts sharing precautionary measures to prevent hacking and what to do if you are a victim:
We were both victims of hackers one morning. Gloria’s hacker seemed more aggressive (or at least caused more trouble) than Regina’s hacker. Both hackers sent similar emails to all our contacts giving the stranded in England with no money’ story. Gloria had her Hotmail, then Facebook passwords, changed, with the hacker working directly out of those accounts. Regina had her address book in AT&T taken, with the hacker working out of his account. What follows is what we learned from this experience.
- Verify suspicious emails/chats immediately. The sooner you call or e-mail the victim, the faster others can be notified of the scam and money recovered. Be wary of all e-mail and chat solicitations. Don’t wire money without first talking it over with someone.
- It’s not easy to reset passwords for stolen accounts. You can’t call Hotmail or Facebook to report the theft and regain control of your account. To change passwords set by the hacker, you must complete a form for Hotmail at https://support.live.com/eform.aspx?productKey=wlidvalidation and a form for Facebook at https://ssl.facebook.com/help/contact.php?show_form=419_scam2
- Have two or more email accounts with different passwords. You’ll need a second secure email address to receive a Password Reset email for the stolen account. Don’t use the same password for all accounts…this makes it too easy for hackers.
- Empty your cache (temporary internet files, cookies, forms, etc.) BEFORE you reset your password. Go to Internet Options in Control Panel. In the General tab, select “delete” under Browsing History. When this wasn’t done, the hacker hacked into Hotmail again.
- Use another computer to complete the forms. When the form was completed on the infected computer, the information was deleted instead of submitted. The typed information was picked up by the hacker.
- Check the reply email address to make sure it isn’t a phony account. The hackers are very tricky and relentless. A contact who sent money received additional emails soliciting more money, even after Hotmail was recovered. Scam email from the “Facebook Team” was sent to the secure email address requesting credit and electronic copies of government issued identification. A while after regaining control of Hotmail, it was discovered that all its emails were being forwarded to a phony account. Scam emails keep coming to the Hotmail account.
- Remove the hacker’s email address on the server if you are a victim of hacking and the hacker uses a reply email address other than your own. It is usually under Email/Options/Accounts/”reply to.”
- If possible, store your address book on Outlook or another email program on hard drive and back up regularly. That way you will still have your addresses if they are hacked online. Keep your online address book, inbox, etc as empty as possible so that the hackers won’t have anything online to hack. We suspect that we were selected for hacking because our online address books contained many entries.
- Send out warnings to everyone as soon as possible. Without access to contact email addresses, a quick retraction to everyone was impossible. Phone calls were made. Contacts online were warned through Skype. Friends were asked to send emails warning mutual friends, warning posts were placed in Skype chats and in the victim’s message box. Skype enabled those chatting with the hacker on Facebook to verify the solicitation with the victim. Once Hotmail was recovered, retraction emails couldn’t be sent because the hacker had reached the maximum number of sent emails per day. Contacts had to be cut and pasted into the secure email account and retractions sent from there.
- Those who wire money should contact Western Union as soon as possible to cancel the wire. 1-800-325-6000 Two people who sent money successfully canceled the order because it was sent in the middle of the night in England. Unfortunately, one person wasn’t able to cancel before the hacker picked up the money. More information on scams using Western Union can be found at http://www.westernunion.com/info/fraudIndex.asp?country=global
- Contact the Federal Trade Commission to report the identity theft. Their phone # is 877-382-4357 and their website is http://www.ftc.gov/opa/2004/07/newspamemail.shtm Consumers may forward unwanted or deceptive spam to the FTC at the email@example.com address.
- Contact one of the nationwide credit reporting agencies to place a fraud alert on your credit file. This will make it difficult for hackers to open new credit accounts. Contact Experian at 888.397.3742 (www.experian.com) or. Equifax at 800.525.6285 (www.equifax.com) or TransUnion at 800-680.7289 (www.transunion.com). You can also receive a free copy of your credit report.
- Contact your local police department to file an incident report. .This will be needed if you choose to apply for an extended fraud alert. Unfortunately, because of the international nature of the theft, the likelihood of the crime being solved is nil.
- Stay in your heart and not the emotion. Everything happens for a reason. Staying calm within your heart, instead of emotions like anger and grief will enable you to work more efficiently on resolving the identity theft. Realize that God is always helping.
Know that if either of us were ever in a situation needing funds, we would talk to you personally. Thanks for being understanding and compassionate. We hope that this information is useful…and that you never have to use it.
With our gratitude and love,
Gloria and Regina