|
|
What do you think happened to my friend?
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
A girl friend of mine, a few weeks ago mentioned a random screenname on AIM IMing her, saying she's ugly, somesuch, blah blah blah. A few hours later she got another random IM more of the A/S/L variety. Weird these days, but whatever. She doesn't have her SN listed on any sites or anything.
Then, a few days ago she called me to report that her entire yahoo email inbox had been emptied. 0 messages. Facebook password changed. If I recall correctly her FB wasn't even connected to the email addy that was emptied(edit: yes it was). Since then she's gotten one or two more random IMs from different screennames. I mention the IMs because she doesn't normally get them from out of the blue like this. She's got the screennames written down.
Tonight she called me to tell me her AIM password has been changed. What the crap?
She's out of college, a good girl, certainly shouldn't have enemies. I've been friends with her for years and she's got less shady-ness to her than most anyone I know.
Physical access to her computer would certainly be a way to do much of this, but it sits in her bedroom at her family's house all the time, or is at her work with her on her desk. Her AIM password was pretty weak IMO, and I remember stealing screennames was fun for some sect of nerds at some point.
If this crap happened to me I'd be pretty pissed. What do you all think? I told her I'd look on her computer for key-logging software or something, but yeah.
EDIT: The facebook acct. that she was locked out of WAS in fact linked to the email addy that was emptied. Makes more sense. I also think the IMs are probably unrelated.
(
Last edited by IceEnclosure; Mar 16, 2009 at 09:00 AM.
)
|
ice
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Status:
Offline
|
|
It's probably nothing, and I'm normally not one to be alarmist, but I'd report this to AOL and Facebook as soon as possible. I don't know if it's malicious, but in this instance, I'd take the precautions. It's not a very funny joke.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2008
Location: Standing on the shoulders of giants
Status:
Offline
|
|
Wouldn't hurt to tell her bank either - just in case.
I read a story about a reformed credit card scammer and he said that Facebook, Myspace were THE places to start looking for victims.
She on wifi?
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
|
ice
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: May 2001
Location: Portland, OR
Status:
Offline
|
|
Her email account was likely hijacked. I'm betting she was phished. Once that's done they probably took control of all her other accounts.
|
8 Core 2.8 ghz Mac Pro/GF8800/2 23" Cinema Displays, 3.06 ghz Macbook Pro
Once you wanted revolution, now you're the institution, how's it feel to be the man?
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2004
Status:
Offline
|
|
brother or sister?
You say physical security of the mac makes it an unlikely source, but sometimes co workers or siblings have a strange sense of humour and it's easiest to do all these things using her actual Mac.
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
Two brothers, both living in the house, but she assures me they haven't the desire to do this.
She is going to check out her brothers computers and let me know if she sees anything in the browser history, or if any of her accounts auto log-in or something.
|
ice
|
|
|
|
|
|
|
|
Baninated
Join Date: Mar 2008
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2007
Location: NYC
Status:
Offline
|
|
Wow this is scary. Can't she get access to her accounts by answering the secret questions? Also, if she's on wifi, can't she put a MAC address filter, not broadcast the SSID and a very complex password?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2000
Location: Union County, NJ
Status:
Offline
|
|
I have to agree - phishing. She might have used the same password on all her accounts.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
I agree, phishing is the most likely explanation.
She needs to use better passwords, different for each account.
Best would be to come up with a scheme that can be easily remembered, like a core password + a unique addition based on the domain name.
E.g.: base password: turtle
www.google.com
Unique password: turtle-ge6
Base pwd + "-" (always include special characters to counter brute force attacks) + first and last letter of domain name + number of characters in domain name.
I picked for my own passwords a combination of letters from the domain name and the TLD.
-t
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
I can't believe Turtle just posted his Google password here...
Are there any odd processes running? Odd startup programs? I'm wondering if these passwords were obtained via a keystroke logger...
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
https://www.grc.com/passwords.htm
For all your password generating needs.
For good measure, I generate a large number of them and then subsample. But I'm slightly paranoid.
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
|
ice
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Sorry to hear about your friend, that really sucks.
Probably you should also check her computer and make sure she uses a safe browser (e. g. a recent version of FireFox). Make her use an e-mail client (although some people seem to be allergic).
Also, I agree with the others that she must also use safe password. Most people think that others can't find out that they use the name of their spouse, pet or mother as a password. Seriously, this is probably the weakest link in IT security in many companies.
(
Last edited by OreoCookie; Mar 16, 2009 at 06:50 AM.
)
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
She uses firefox, and allows it to update anytime a new version is released. She DOES NOT use an email client, and I've urged her to before, and now. I believe she will now.
Her password was a word and two digit number. I told her that was not enough!
|
ice
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by IceEnclosure
Her password was a word and two digit number. I told her that was not enough!
She needs to understand one thing: her email password needs to be stronger than any other password.
If someone gets to her email, he/she can reset the passwords of most other websites and have the new PW sent per email.
So if the email PW is compromised, potentially, all other login passwords are compromised.
-t
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jan 2009
Location: Sto Dgo, DR
Status:
Offline
|
|
After reading this, I really think I should change my passwords!!
I have friends that use *iloveyou* as passwords...
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Fort Lauderdale, FL
Status:
Offline
|
|
Through contacting FB, Yahoo, and such she got control back of everything. She's using much stronger passwords now!
|
ice
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2006
Location: California
Status:
Offline
|
|
Did she ask for an IP check to see where the scumbag is located?
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by IceEnclosure
Through contacting FB, Yahoo, and such she got control back of everything. She's using much stronger passwords now!
Also make sure she's paranoid about phishing. Nine times out of 10, that's how people's accounts get hijacked. I just about never enter my password at any site I've entered through a link, just in case it's an elaborate phishing attempt.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Originally Posted by Chuckit
Also make sure she's paranoid about phishing. Nine times out of 10, that's how people's accounts get hijacked. I just about never enter my password at any site I've entered through a link, just in case it's an elaborate phishing attempt.
I'll take those kinds of emails to heart then use my bookmarks to visit the page. Click Here to Pay Bill, O'rly?
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
It's amazing how naive otherwise smart people can be. My dad, a lawyer who I thought has seen it all was asking me (fortunately) about a fishing mail one day. (Actually, he was yelling at my brother for downloading stuff, now he's got an e-mail from the police.)
It's important that `normal' people are reminded they have to think about these things, too.
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by OreoCookie
(Actually, he was yelling at my brother for downloading stuff, now he's got an e-mail from the police.)
That kind of "police" that speaks brocken German and requires money to be sent to Nigeria ?
-t
|
|
|
|
|
|
|
|
|
Moderator
Join Date: May 2001
Location: Hilbert space
Status:
Offline
|
|
Originally Posted by turtle777
That kind of "police" that speaks brocken German and requires money to be sent to Nigeria ?
It was an e-mail `from the police' inquiring about alleged copyright infringements ... back then he didn't know how to use google yet
|
I don't suffer from insanity, I enjoy every minute of it.
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2008
Location: Standing on the shoulders of giants
Status:
Offline
|
|
Originally Posted by IceEnclosure
She uses firefox, and allows it to update anytime a new version is released. She DOES NOT use an email client, and I've urged her to before, and now. I believe she will now.
Her password was a word and two digit number. I told her that was not enough!
I'm not convinced that an email client (Mail or Thunderbird or Outlook) is any more secure than using a web-based email client.
Passwords are a really delicate issue. Make them contain 12 characters with a mix of numbers and letters and people will write them on post-its next to the screen, or under the keyboard. I always liked the idea of having part of the password being 'one time' but this is hard to setup for Joe Public.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|