Serious Security Breach

[ed84c]

I have just FINALLY sorted out one of my own. I have had both hotmail and eBay hacked (i hope not as a result of your other thread), and more worringly used, everyday, by somebody.

 

I have found his email address, by looking in the "Sent" folder (he said redirect mail to there) and eBay has kidly given the ip address of him/her.

 

Amusingly he has claimed (on eBay) to a seller, who was asking for feedback (he is not english, by the look of his messages, and mistook the seller, to be asking for unpaid debts), that his paypal account has been stolen, LMAO, Thankfully (no, really thanks whoever designed this system) my password for hotmail and paypal were different, as paypal wont allow passwords of <8 letters.

 

Anyway. Can anybody help me get this guy reported, as i say i have his ip and email, and if it wasnt for paypal, he would have had a large amount of my cash.

 

Thanks A lot

Ed

 

Btw, he didnt get into my sfn account

[Cap'n Refsmmat]

Go to arin.net and put in the IP there. It should tell you who is internet service provider is.

 

From there, contact abuse@whateverhisispis.com or the link ARIN gives you.

[blike]

Call, email, and write his ISP after you figure out who it is.

[ed84c]

Thanks for the help guys

[Dak]

what is his email server? most of them have a way to report abuse, so you could report him to his email server aswell.

 

change your passwords for online things, as he could have used the 'i forgot my password' thingy to have your password sent to your email address so he could get it.

[ed84c]

AOL

 

This has taken a turn for the worse. This guy is a pro, he has been selling things in my name, such as horse trailers to other people, and telling them (much to my amusment) that his (my) paypal account has been disabled.

 

However thats where the amusment ends. This guy;'s been doing it a lot and at £750 a time. Maybe its time we called in the cops.

 

He did use the i forgot my password thingy.

 

I dunno how he did it yet, probably one of these eBay email scams. So seriously watch out. Im still searching through emails, he sells things twice, to the bid winner AND a second chance to another bidder (to you ebayers you will know that is a contradiction in terms) telling them that the high bidder could not pay, as they told him

"something about his son being very sick at the moment"

 

He is sick

 

And i will report him to the police, once i have the relevent details off the payers.

 

Thanks for you help again.

[timo]

And i will report him to the police' date=' once i have the relevent details off the payers. [/quote']

Why not now? The police can certainly ask the payers, too. When talking about 750 pounds I don´t think I´d wait long to inform the police.

[atinymonkey]

I'd report it right now, the police will be better at getting details if they get the account fresh. I think they have departments for this sort of thing. Sounds like serious fraud, which is something Police put a lot of effort into preventing.

[ed84c]

hmm yeh, but ive spoken to one allready, and he has not actually paid, he just recieved a random email asking him to, like one of these scams. I need to know if anybody's paid yet.

[Dak]

My advice would be:

 

report his AOL email account to TOSGeneral@aol.com (according to this site)

 

report his ip to his isp, if you havent already.

 

make sure that your automatic forwarding is turned off of your hotmail account

 

Also, id check all the settings on the sites you have accounts with, to make sure nothing has been changed, eg your email address on your accounts, so that any password changes you make dont get emailed to him.

 

Change ALL your passwords for online sites. Make sure that theyre strong passwords: at least 8 didjits long, at least one letter and one number, and not a real word (even in h4x0r, or backwards), so for example 'p455w0rd' would be a week password. Accronyms are good for this: 'db1maayb' is a strong password, but easaly rememberable as an accronym for "dont break into my account again you bastard" with the 'i' of 'into' replaced with a 1.

 

email the buyers and inform them of the conman.

 

inform your bank, and paypal (and any online-thingy which you use which involves money) incase he tries to withdraw your money.

 

go to your local police station and have a chat with them.

 

If your not sure how he got your password, you might want to run a few virus/spyware scan to ensure that you dont have a keylogger on your computer.

[Dave]

Personally I think e-mailing AOL is rather a waste of time. Chances are that it will be ignored at best, or just deleted straight out. I'd pass on any information to the police and leave it at that - there's very little you can do more than that. Also I advise that you run a thorough virus scan and spyware check. If you're not sure about anything at all I'd advise a reformat - you can be fairly certain that'll solve the problem.

 

I would also say that the chances of finding and catching the guy are minimal at best. I'd also say that he's not a "pro", more likely to be some 15 year old kid who's bored.

[ed84c]

15 yr old kids, dont try and hack into paypal accounts and sell non existant items to unsuspecting people and ask them to pay for them with western union credit transfers.

 

As far as i can see, it appears that all those scam ebay spams you've been getting where the email address of the sender is normal, is somebody who has been hacked and emails sent through them, using their eBay user name etc to make it seem more real.

 

This is whats happened here. One guy claims to have lost $1100 in my email address debarkle, but seeing as he says "dont worry about it, their just the kicks", hes either madly rich, or hes lying.

[Dave]

15 yr old kids, dont try and hack into paypal accounts and sell non existant items to unsuspecting people and ask them to pay for them with western union credit transfers.

 

Perhaps not 15, but a lot of scammers are people who are either bored or aren't particularly well off. They're not involved in organised crime (which is what I suspect you refer to as a "pro").

 

This is whats happened here. One guy claims to have lost $1100 in my email address debarkle, but seeing as he says "dont worry about it, their just the kicks", hes either madly rich, or hes lying.

 

Fair bet he's telling some porkies to get some money out of someone.

[Dak]

Perhaps not 15, but a lot of scammers are people who are either bored or aren't particularly well off. They're not involved in organised crime (which is what I suspect you refer to as a "pro").

 

actually, most email scams are from nigerian-based organised criminal gangs, although i think they generally stick to "hello. me dadda wasa oil murchant, let me put money ina you account, you send me £2,000 ill give you 2.4million £, magu" rather than hacking into accounts.

 

 

its worth emailing AOL, even if theyll probably ignore it. there are people stupid enough to fall for scams, even of the "give me £x and ill give you £xxx" variety, so its a fair bet people will fall for scam your talking about, so its worth a shot at closing down the account hes operating from.

[ed84c]

Well it was hacked into again.

 

Thankfully the secret password allowed me to change the password quickly and easily. But before that I clicked; "Send me a password reset email", it did not arrive at my yahoo account, and hence i am now concerned he may have changed this alternate email to his email address and hence will soon be able to change it back.

 

How exactly can i access the page where it says choose alternate email address, if i have already got one? Or is that one permanant and unchangeable?

 

Finally, i remember reading in some security document, you can add a pin to the hotmail account to make it extra secure, how do i do this?

[Dak]

if you go to options > password, then it should ask you for your old and new password and then, after clicking ok, it should take you to a 'secret question' and 'alternate email address' section.

 

make sure that your 'secret question' s answre is secure aswell.

[ed84c]

No, it doesnt. Does this mean i can never change my alternate email address ?

[Spyman]

How to Change Your Hotmail alternate e-mail address:

 

- Log In

- Click "Options"

- Click "My Profile"

- Click "Help"

- Click "Providing an alternate e-mail address"

- Click "Change your alternate e-mail address"

- Click "Go to the MSN Account Services home page"

- Click "Credentials"

- Add or change your alternate e-mail address

- Click "Continue"

[ed84c]

Thanks alot thats really helpful. However unfortunately it WAS set to the hackers email, and hence he will probably soon be able to hack in again.

[Dak]

what a sneaky bugger!

 

well, my advice would be to change the alternate email address back to your yahoo account, check all the other bits in options to make sure he isnt getting your emails forwarded to him etc, change the secret question/answre thing, then change your password again.

 

that should do it. also, check your settings on your yahoo account to check he hasnt got in their.

[Dave]

actually, most email scams are from nigerian-based organised criminal gangs, although i think they generally stick to "hello. me dadda wasa oil murchant, let me put money ina you account, you send me £2,000 ill give you 2.4million £, magu" rather than hacking into accounts.

 

I should have been more specific in my phrasing. I wasn't referring to general scams, rather scams of this sort (the entire hotmail/eBay hacking thing). Personally I'd say that the most prolific scams are the illegal meds stores that I seem to get e-mails from every day. I'm pretty sure some people are rather gullible in that respect.

 

ed84c: How did this play out? Is this now sorted, or has he re-hacked everything? My advice would be to get eBay to close the account, this is probably the easiest way of sorting the problem.

 

You should all take solice from this - it's rather amusing.

[quantum.INF]

I would report it to the police asap but if he is really a pro then he will have used a public IP or he will have stolen or masked it behind a proxy. btw what is your screen name on eBay?

[Dak]

I should have been more specific in my phrasing. I wasn't referring to general scams' date=' rather scams of this sort (the entire hotmail/eBay hacking thing). Personally I'd say that the most prolific scams are the illegal meds stores that I seem to get e-mails from every day. I'm pretty sure some people are rather gullible in that respect.

 

[...']

 

You should all take solice from this - it's rather amusing.

 

I like this site

 

(419 is nijerian police code for fraud)

 

personally, i keep on getting invitations to view women 'nekkid' on their webcams.

[Evangelante]

Interesting. Recently I've noticed that there were many recent attacks into my paypal. I just ignored it since I didn't have any cash in there. Since my password couldn't be cracked the account was locked up.

 

Heh, alphanumerical crackers don't work too well on my most important stuff.

 

By the way, even 15 year olds are scammers. I've read many interesting stories about 15 year olds taking trips with their friends to extravagent places.

[quantum.INF]

By the way' date=' even 15 year olds are scammers. I've read many interesting stories about 15 year olds taking trips with their friends to extravagent places.[/quote']

 

In a way similar to the 15 year old Iraqi teenager who snuck into Iraq because he

wanted to experience the struggles of his people supposedly.