Saturday, May 22, 2010

Email Accounts Hacked!

My 2 email accounts, chiaraazlinquestion AT, and the other one that I reply from, have been hacked.

Any emails from me about my being lost in London blah blah are a scam, and the same one as was used on Susie of Arabia's account.

Because I had 2 accounts communicating with each other, I did briefly get a message, which wouldn't, however, let me delete the new hacker address as the primary.

The hacker address is:

meghan.almaas AT

I am unable to access either of the 2 accounts now, one was deleted it seems, and the other I don't have the "correct" password for.

I was very upset, but am relieved to know it was a scam rather than a more personal action. I would make a joke about sending me funds for Paris, but it really isn't funny.

I have changed the blog address to: chezchiara2 AT yahoo DOT com ****updated (26-05)

If you already have the other email address, add a 2 before @

As I can reconstruct some contact information but not all, please send me an email to either new address so I can find you easily! :)

Please do so, if relevant, with a copy of our correspondence about Personal Stories in progress, as they are now hacked as well.

If you have suggestions about whether it is possible for me to retrieve what was on either original yahoo account from my hard drive I would appreciate it.

Thank you to everyone who left a blog comment to warn me about the scam. Up until I checked for comments I had no idea that is what had happened. I won't publish those comments, but will heed the advice given and include it in a follow-up post.

A special thank you to Aafke. We have had our differences, but it was very kind of you to send me a comment here letting me know about the hacking and the scam.

Thanks to all!

*Part 2 of the scam seems to be another email to have you send your email along to protect you from the hacker. I haven't sent any such email to anyone.

*Part 3 of the scam: I got one too, at a different address, "to", "mailed by", and "signed by" are as copied here in red (for Dante's 8th circle of Hell, the Fraudsters):

from Chiara Alma
date 22 May 2010 08:33
subject HELP NEEDED!!!
Signed by

I'm writing this with tears in my eyes,my family and i came down here to London,UNITED KINGDOM, for spring break to visit a resort and got mugged at gun point last night at the park of the hotel where we lodged.All cash,credit cards and cell were stolen off me.we've been to the embassy and the Police here but they're not helping issues at all,our flight leaves today and I'm having problems settling the hotel bills.

The hotel manager won't let us leave until i settle the hotel bills(1500GBP)now am freaked out.Please reply and let me know if you can have the money wire to me through western union i promise to pay back as soon as i get back home.


*Part 4 of the scam: My Facebook account was involved too. I am deliberately Facebook friendless, and have never left anything on anyone's wall.

*Part 5 of the scam: The scam virus infects the email account hacked with a forwarding scheme that lets it identify new accounts/ passwords. This is detected by a "reply-to" the originally hacked email address added after sending an email from the new account. This "reply-to" is invisible except if you select the option after receiving an email to show all the details of the sending from and to. As a result the new address for the blog contact is chezchiara2 AT yahoo DOT com. All emails sent to the previous one have been forwarded, thanks.

Please feel free to comment on this phenomenon, and to share your own experiences.
Any advice is welcome, as are any other comments, thoughts, experiences.
Don't forget to email the new addresses! :) *to chezchiara2 AT yahoo DOT com


ellen557 said...

Oops, sent you an email but should've checked here! Have you changed your personal email too or just the blog one?

Add said...

Dang hackers !@!#??#!

Susanne said...

For some reason I also had a Gmail address for you so I replied to you there about it. I knew it was that same scam mentioned by Susie previously.

Is the Gmail account valid to use for contacting you? Do you check it regularly? I don't think you had any personal information about me so I won't resend anything, however, you should have my e-mail address at your Gmail account so you can contact me that way if you need to in the future.

How frustrating!! Stupid hackers!

Wendy said...

So sorry, Chiara. It's such an invasion of privacy. After the initial email of your problems in London (yes I knew what had happened as soon as I received it) I received another email saying that someone had access to my accounts and should provide them with info to protect me so everybody here should be aware of this email as it could be associated with Chiara's hacking and email lists.

Chiara said...

Ellen--the one we normally correspond on you should put 2 in front of @.

ADD--I couldn't have said it better myself. When I looked for pics for this post most were either for Glenn Beck or "how to hack an email" sites! I only looked at the sites long enough to be "reassured" that it doesn't matter what email service one is using they can all be hacked.

Susanne--the gmail address you have is because I forwarded to you from Google reader. I don't check it often at all.

The one we usually use is the same only put 2 before @ and use yahoo DOT com. I didn't get your gmail email yet but I will send you one for "THE INFO!" LOL :)

I agree, about the stupidity of hackers!

Wendy--thanks, it is an invasion of privacy and also of research files and drafts.

Thanks for updating us about the 2nd part of the scam. Maybe Add's chat with Meghan scared someone! :)

I have contacted my computer security consultant to see what he can do about retrieving my info and also about reporting "Meghan".

Thanks to all of you for your emails and comments here.

Please keep sending emails to the new accounts, and also updating us here about new scams attached to this one, or others you may be aware of.

Mine was hijacked mid email reply to someone! :(

Usman said...

Oops!, so sorry to hear that. BTW, what ifs somebody hacks the blog too. Have you ever heard such incident? That would be a great mess in that case. Make sure you don't share the same password with your email and blog.

Samer said...

Too late! I already sent you the money! :) Wish you warned us about this before but oh well.

coolred38 said...

You appear to be making the rounds on facebook as well...accepting friendships and commenting on that YOU???

coolred38 said...

BTW..does that mean ur different on yahoo chat as well? Should I delete ur user name that is there or what?

Chiara said...

Usman--good thought. Coolred's blog was poofed but not sure if it was hacked or Blogger ate it.

Samer--:) You knew as fast as I did! Almost!

Coolred--no it is not me. As you know I was aiming to have the longest running friendless Facebook account ever. I have never commented on a wall. Thanks for the reminder.

My chat is now at the new addresses. I saw your orange face earlier from the usual one so I think we are good to chat! :)

Thanks all for the comments here and the emails with the info. I have contacted Yahoo in the hopes that I can retrieve the content of the accounts.

I had better try to do something about the Facebook one.

Add and NidalM gave the scam artist interesting and funny quizzes. Good thing I remember that sort of thing and no one else would know it! :)

Wendy said...

Three weeks ago I deleted my facebook. Totally gone. Waaaaayyyy too many privacy issues for me.

Anthrogeek10 said...

I had a long talk with your hacker today btw!! I put him/her in the place where they belong! :)

Anthrogeek10 said...

OOps Chiara...I sent it to the address you posted and it was returned back to me. :(

Puça said...

How terrible!

Don't they have better things to do?

I've just read both messages, the hacked one and yours...

Shall reply to your right adress with my @

Chiara said...

Wendy--good idea. My Facebook account has always had nothing in it but a fake birth date, which doesn't show either. It is as private as I know how to make it. I originally got it because a friend wanted me to be able to access her pic and tell me if she looked good in it! LOL :)

Anthrogeek--the above should work. Maybe try again. Thanks for giving the hacker what for! I have been enjoying the chats and emails forwarded to me. Makes the hacker look so foolish, and my readers/ contacts look so smart! :)

Chiara said...

Puça--thanks for your email to chezchiara AT yahoo DOT com. I just got it.
It seems they have nothing better to do, and think people are gullible. Very unimaginative answers to my contacts' quizzes I might add.

Wendy said...

Chiara, I had false info on my too. What annoyed me was that every time I looked at profile/settings the rules had changed and I'd have to go and click more boxes to stop retrieval of info. I also started one at the request of a Sudanese nephew who then never used his page. I don't know how often everyone looks at their profile/account page but they certainly should. I can live without it for sure!!!

Chiara said...

Anthrogeek--thanks for trying again! You have the 2 emails confused which is why I didn't post your comment with the one you tried.

Just use this one written the normal email way:

chezchiara AT yahoo DOT com

I will get you the other one from there. I have no email addresses for you currently so please send an email to that one just above! :)

Chiara said...

Wendy--very true. I do check mine about once a week just to make sure I am invisible and friendless! LOL :)
I did find Facebook useful for sending messages to long lost relatives after my Dad died. Amazing who is on there! Many in my extended inlaw family don't bother ever checking though. It seems they enjoyed the novelty of setting up a page and post their pic and ... nada since.

countrygirl said...

yesterday while I checked my email I found the same message and I thought wow those Nigerian are getting smarter no more the usual sobbing stories about being a prince/whatever but a regular Yankee stranded in London....I didn't thought that could be your hacked mail

oby said...


sorry about your hacking problem...they are such a pain. I have a facebook account for the very same reason...friends badgered me but I never use it and I have it locked up as tight as I can...I admit though I love reading about others.

I am wondering if you got my email? I tried what you said in this post. The first two came back to me...the third did not but I am not sure if it got to you or not.

Chiara said...

Countrygirl--thanks for your comment. Please do send me an email as I am having trouble finding yours again. Thanks!

Oby--Yes I did get it. Sorry I meant to reply to all of it but I didn't get time so I just sent and acknowledgement for now that I received it. Thanks! Facebook...I must say they responded very quickly!

Wendy--I just got your email too. Thank you. It had gone to spam.

All--Thank you for trying and please continue. I think because it is a new account (they both are) they are rejecting a lot without even sending them to spam. The ones I am sending from my new usual account often put me through a captcha because the email addresses are all new ones to be sent to as well. So please persist, and I will check all spam folders well, too.

The easiest is to send your email to chezchiara AT yahoo DOT com

Thanks again to all for their encouragement, advice, belittling of the hackers, emails, and comments!

Qusay said...

Haha, very funny… is this your way of not wanting to return the money I sent you? I already sent the 1500 pounds + 500 extra for other expenses as you requested! So… you said you will return them as soon as possible, what is going on?

No, not funny at all, I was once hacked… it felt like I was violated, and to make things worse the hacker sent an email to everyone trying to sell them something, and one of the recipients was my new employer. The funny thing is that I saw the emails going out and changed my password before everyone on my list was contacted.

I contacted yahoo and they said it must’ve been some sort of program on my computer since their system was secure, but I do not download things I do not know.

Sorry to hear about it happening to you.

NidalM said...

The thing is that this is a very common hacking attack. Even the wording of the email is the same as numerous other attacks in the past. A quick google search even shows its been reported on CNN.

I did respond to the hacker, and it turns out they didn't seem to know much english (I emailed you my conversation with them to your old + address).

Wendy said...

In the business I'm in there are many letters like the one Chiara got so I knew right away it was a spam. They come out about other business owners in associations and groups, etc. If you have a web site with links it's not hard for these hackers to find people to send similar distress letters to and they are often successful. At least they were in the beginning but not now.

Chiara said...

Qusay--you commented too soon! I was just about to send a thank you note for the funds which arrived so promptly! The extra 500 was just what it took for a restorative side trip to Paris! I am safely back in Canada now, in time for a statutory holiday that Australia seems to postpone/ ignore. Insufficient deference to Queen Victoria, eh? Of course as soon as the banks open tomorrow I will put the funds back in the account of your choice. LOL :)

Thanks for sharing your experience with Yahoo. They have been sloooowww, and methodical in protecting me from MYSELF!!! :)

Good thinking to change your password. I'm not sure if I had had the option if I would have even thought to do that! In my case I just couldn't send the email I had just finished. Thinking it was my email jinn up to his old tricks of freezing all my activity on Yahoo mail, I just reopened it--except by that time "Meghan" had taken over as my primary address on that account, as I found out from the second one just before it went bye bye too.

Thanks for your condolences. I am still a little stunned and only slowly realizing all that is lost. I shall sob and rent my raiment when/if I get the final word from Yahoo that all is truly gone. :(

NidalM--yes, thanks for sharing that info here and with me previously. In a way it makes one feel less targeted to know one is a member of the masses. Too bad we couldn't all be in the London at the same time enjoying a holiday for real!

Thanks, I did get your email discussion with the hacker--hilarious! Good thing I could have answered the questions, including the priors, and of course the twist on "normal" is too memorable to forget! :) :P

I thought I had responded to that one, sorry, but maybe I was too busy sending you another from that email address, and of course the PS to it. Not sure I got around to the PPS--yet! :) Thanks for all your support, advice, and humour!

Wendy--thanks for sharing that. I had no idea really that the phenomenon was that widespread. I hope no one is duped.

Coolred's Bahraini friend, Maryam Sherooki, was insisting to her that I should be helped and rescued from London. She received a scam letter and was wanting to take action even though I sent her one email or 2 only--just because I am Coolred's friend!

It shows she is the wonderful, generous, take charge person that Coolred describes, was unaware of the scam, and maybe didn't pick up the cues because of her English language skills. Fortunately Coolred persuaded her that I was safe and in Canada--after she gave me a security question on our first chat! LOL :) It was ok, I answered her "tell me something only the 2 of us would know" and got the ROFL guy emoticon I like so much! :)

Thanks again for being generous with your experiences here. It helps disseminate the scams and protect others from them.

Fay said...

Congratulations! I have reviewed "Chez Chiara" and I'm pleased to inform you that your blog has been added to Blogging Women.

I've enjoyed reading through your blog post (still have more to go through) and look forward to future post.

Welcome aboard and continued success with this blog.

Chiara said...

Fay--Thank you so much! This is great news at a propitious time! I hope all will check out your blog which does such a great service of evaluating, collating, and featuring high quality blogs by women in a number of categories. Both men and women interested in feminine, feminist, or just interesting views on specific topics would be well advised to check out your blog as a resource for other blogs. Thank you very much for this honour!

Chiara said...

Countrygirl-you were right. My security person traced the source of the scam to Nigeria.

All-I will update about the whole process in a future post, but keep sharing here, and I will include the recommendations and experiences in the update post! :)

coolred38 said...

Maryam is so quick to jump and help..without even checking first if the person is legit or not. Wouldnt be the first time she got burned...but she still never hesitates.

single4now said...

Dang, I just noticed this entry. I replied to the email just now offering condolences. Should I be worried about being hacked as well? :/

Chiara said...

Single4now--Thanks for your condolences! I don't think you need to worry about being infected. As I understand it this virus infected my computer and that is how it got into my accounts.

Check the emails you have sent since, ie the sent copy, by looking at the "show details" for the information about the sent from and to. If it has an added "reply-to: with that hacked email address" then yes it is more likely infected.

I think emails sent to it just capture new contacts to send more emails to, but I could be overly optimistic and wrong.

Hopefully someone with more computer knowledge will tell us the answer.

However, don't use that account which was mine and is now hacked again.

Thanks again, and I am sorry for the worry! :(

single4now said...

I'm not sure if I'm understanding you correctly. It just has a from and a to. The to states your email address. Doesn't seem to have any additional field. Too bad gmail doesn't allow blocking of particular email addresses.

I could forward you the email I replied. I've already replied to 2 of the email addresses you mentioned. One in this blog entry. The other in your comment on my blog.

I'm sorry you had to go through this. I hope yahoo is able to retrieve your account for you. Although I wouldn't count on it too much. They don't seem to care much about these things.

Chiara said...

Single4now--a friend just told me you won't be infected, from sending an email to that old hacked account. The hacking is random usually and they just try random emails until they get one.

I think the firewall was off on the computer I was using when it was hacked, and the Avasti Anti-virus that was on the computer didn't catch it.

Malwarebytes Anti-virus did subsequently catch a virus on 2 files which I removed.

Then a "safely remove hardware" program was run.

You weren't hacked by sending me the email though! :)

Still, be sure to delete that email from your contact list and substitute the same one with 2 before the @. Or use chezchiara2 AT yahoo DOT com, and I will reply from the new one!


Chiara said...

Single4now--I just saw this second comment. Your email is fine.

The one I originally sent you in a comment to your blog may be changed. The most reliable is:

chezchiara2 AT yahoo DOT com

Or the one we usually use with 2 before the @.

Yes Yahoo seems to be only concerned with making me use a captcha every time I send an email from my new accounts. They have been slow about the idea of retrieving content from the hacked emails, and seem to die every Friday evening, like tonight! :(

Thanks for persisting. I will get your 2nd email I'm sure.

NeenahPete said...

I have not read all of the other comments but did anyone else suggest that you contact Yahoo? My son had his Yahoo account hacked in the same way and he contacted Yahoo who got, I believe, his account straightened out. Good luck.

Susie of Arabia said...

I hope you've gotten things straightened out. I am actually still discovering little things here and there, like email addresses that were deleted or blocked. The wording of the email the hacker sent out is just about word for word what mine said - so sorry it happened to you too.

Chiara said...

Coolred--way up there, just saw this. She needs to be a bit more cautious! LOL :) Good thing she consulted with you on this one!

NeenahPete--Welcome to my blog, and thank you for the suggestion. It reminded me to follow up with Yahoo, and gave me encouragement that they may actually do something. I hope you will comment on older and newer posts of interest to you! :)

Susie--thank you for all your support and advice by email and here. Since I have new accounts I am more away of what has been lost, and remember gradually works in progress, file updates etc. Of course the more personal exchanges are also gone, and that is sad, too.
On a funny note, judging by the keyword searches that bring readers to this post, there is the exact same scam which substitutes "Italy" for "London" in emails sent to the UK! :)
I will do an update post, when things seem to have settled a little more. I would like to share some of what I have learned along the way.
Thanks again! :)


Related Posts with Thumbnails