[IceEnclosure]

A girl friend of mine, a few weeks ago mentioned a random screenname on AIM IMing her, saying she's ugly, somesuch, blah blah blah. A few hours later she got another random IM more of the A/S/L variety. Weird these days, but whatever. She doesn't have her SN listed on any sites or anything.

Then, a few days ago she called me to report that her entire yahoo email inbox had been emptied. 0 messages. Facebook password changed. If I recall correctly her FB wasn't even connected to the email addy that was emptied(edit: yes it was). Since then she's gotten one or two more random IMs from different screennames. I mention the IMs because she doesn't normally get them from out of the blue like this. She's got the screennames written down.

Tonight she called me to tell me her AIM password has been changed. What the crap?

She's out of college, a good girl, certainly shouldn't have enemies. I've been friends with her for years and she's got less shady-ness to her than most anyone I know.

Physical access to her computer would certainly be a way to do much of this, but it sits in her bedroom at her family's house all the time, or is at her work with her on her desk. Her AIM password was pretty weak IMO, and I remember stealing screennames was fun for some sect of nerds at some point.

If this crap happened to me I'd be pretty pissed. What do you all think? I told her I'd look on her computer for key-logging software or something, but yeah.


EDIT: The facebook acct. that she was locked out of WAS in fact linked to the email addy that was emptied. Makes more sense. I also think the IMs are probably unrelated.

[Synotic]

It's probably nothing, and I'm normally not one to be alarmist, but I'd report this to AOL and Facebook as soon as possible. I don't know if it's malicious, but in this instance, I'd take the precautions. It's not a very funny joke.

[mattyb]

Wouldn't hurt to tell her bank either - just in case.

I read a story about a reformed credit card scammer and he said that Facebook, Myspace were THE places to start looking for victims.

She on wifi?

[IceEnclosure]

yes she's on wifi

[goMac]

Her email account was likely hijacked. I'm betting she was phished. Once that's done they probably took control of all her other accounts.

[Andrew Stephens]

brother or sister?

You say physical security of the mac makes it an unlikely source, but sometimes co workers or siblings have a strange sense of humour and it's easiest to do all these things using her actual Mac.

[IceEnclosure]

Two brothers, both living in the house, but she assures me they haven't the desire to do this.

She is going to check out her brothers computers and let me know if she sees anything in the browser history, or if any of her accounts auto log-in or something.

[lexapro]

Aliens.

[Hg2491]

Wow this is scary. Can't she get access to her accounts by answering the secret questions? Also, if she's on wifi, can't she put a MAC address filter, not broadcast the SSID and a very complex password?

[starman]

I have to agree - phishing. She might have used the same password on all her accounts.

[turtle777]

I agree, phishing is the most likely explanation.

She needs to use better passwords, different for each account.

Best would be to come up with a scheme that can be easily remembered, like a core password + a unique addition based on the domain name.

E.g.: base password: turtle

www.google.com

Unique password: turtle-ge6

Base pwd + "-" (always include special characters to counter brute force attacks) + first and last letter of domain name + number of characters in domain name.

I picked for my own passwords a combination of letters from the domain name and the TLD.

-t

[besson3c]

I can't believe Turtle just posted his Google password here...

Are there any odd processes running? Odd startup programs? I'm wondering if these passwords were obtained via a keystroke logger...

[turtle777]

Oh snap

-t

[Cipher13]

https://www.grc.com/passwords.htm

For all your password generating needs.

For good measure, I generate a large number of them and then subsample. But I'm slightly paranoid.

[IceEnclosure]

Thanks guys.

[OreoCookie]

Sorry to hear about your friend, that really sucks.

Probably you should also check her computer and make sure she uses a safe browser (e. g. a recent version of FireFox). Make her use an e-mail client (although some people seem to be allergic).

Also, I agree with the others that she must also use safe password. Most people think that others can't find out that they use the name of their spouse, pet or mother as a password. Seriously, this is probably the weakest link in IT security in many companies.

[IceEnclosure]

She uses firefox, and allows it to update anytime a new version is released. She DOES NOT use an email client, and I've urged her to before, and now. I believe she will now.

Her password was a word and two digit number. I told her that was not enough!

[turtle777]

Originally Posted by IceEnclosure 

Her password was a word and two digit number. I told her that was not enough!

She needs to understand one thing: her email password needs to be stronger than any other password.

If someone gets to her email, he/she can reset the passwords of most other websites and have the new PW sent per email.

So if the email PW is compromised, potentially, all other login passwords are compromised.

-t

[lyanma]

After reading this, I really think I should change my passwords!!
I have friends that use *iloveyou* as passwords...

[IceEnclosure]

Through contacting FB, Yahoo, and such she got control back of everything. She's using much stronger passwords now!

[brassplayersrock²]

Did she ask for an IP check to see where the scumbag is located?

[Chuckit]

Originally Posted by IceEnclosure 

Through contacting FB, Yahoo, and such she got control back of everything. She's using much stronger passwords now!

Also make sure she's paranoid about phishing. Nine times out of 10, that's how people's accounts get hijacked. I just about never enter my password at any site I've entered through a link, just in case it's an elaborate phishing attempt.

[Cold Warrior]

Originally Posted by Chuckit 

Also make sure she's paranoid about phishing. Nine times out of 10, that's how people's accounts get hijacked. I just about never enter my password at any site I've entered through a link, just in case it's an elaborate phishing attempt.

I'll take those kinds of emails to heart then use my bookmarks to visit the page. Click Here to Pay Bill, O'rly?

[OreoCookie]

It's amazing how naive otherwise smart people can be. My dad, a lawyer who I thought has seen it all was asking me (fortunately) about a fishing mail one day. (Actually, he was yelling at my brother for downloading stuff, now he's got an e-mail from the police.)
It's important that `normal' people are reminded they have to think about these things, too.

[turtle777]

Originally Posted by OreoCookie 

(Actually, he was yelling at my brother for downloading stuff, now he's got an e-mail from the police.)

That kind of "police" that speaks brocken German and requires money to be sent to Nigeria ?

-t

[OreoCookie]

Originally Posted by turtle777 

That kind of "police" that speaks brocken German and requires money to be sent to Nigeria ?

It was an e-mail `from the police' inquiring about alleged copyright infringements ... back then he didn't know how to use google yet

[mattyb]

Originally Posted by IceEnclosure 

She uses firefox, and allows it to update anytime a new version is released. She DOES NOT use an email client, and I've urged her to before, and now. I believe she will now.

Her password was a word and two digit number. I told her that was not enough!

I'm not convinced that an email client (Mail or Thunderbird or Outlook) is any more secure than using a web-based email client.

Passwords are a really delicate issue. Make them contain 12 characters with a mix of numbers and letters and people will write them on post-its next to the screen, or under the keyboard. I always liked the idea of having part of the password being 'one time' but this is hard to setup for Joe Public.