Piano World Home Page Forums Our Most Popular Forums Piano Tuner-Technicians Forum don't forget to change passwords from time to time....

After years of relative safety on the internet, I finally got hacked.

I was working on a customer's Boston grand, when I got a call from a client saying, "Hey, Dave, you got hacked. You'd better get on it and change your password!" The problem was that my internet was down while I was between services that required an exterior hardware upgrade. Then I got another call, saying the same thing. Then another, and another.

According to the e-mail the hacker sent out to all of my contacts, I was in England and had lost my wallet. Could you please send me $1800?

It went on all day. My wife tried to change my password from her work, but was unable to: my ISP had been sold a couple of times since I first opened the account, and I couldn't even access that setting.

I finally got home, got on the phone with ATT tech support and eventually was able to change the password for that account. I also managed to close the Yahoo account that the hacker was using to siphon off a day's worth of incoming mail, 2 years worth of sent mail, and all of my e-mail contacts.

Sorry if anyone here got spammed. Don't forget to change passwords once in a while.

You were hacked?!!! Does that mean you didn't get the money I sent to you through PayPal to England???
What did you change your password to?




I hope you have it all under control again now.

I have an offshore account set up in Nigeria. Thanks for the cash, Jurgen.

Just about exactly the same thing happened yesterday with a friend of mine -- and I was one of the people who got contacted.

Here's what the e-mail said (eerily similar to yours):

Good Morning,

I'm writing this with tears in my eyes,but i really need your help at the moment,I came down here to Mallorca Spain for a short vacation,unfortunately i got mugged at the park of the hotel i staying ,everything i had on me was stolen including,cash,credit cards and cell phone....I've been to the embassy and the Police here but they're not helping issues at all,I need help to settle the bills and flying back home,I'll surely pay back as soon as we get back home.

Thanks
[friend's first name]


Immediately there were suspicious things about it, like the slightly-incorrect typing, which my friend wouldn't have done quite that way, even under stress, plus the capitalization of "Police" which I thought he never would have done at all. Still, if not for all the publicity about scams like this (including the warnings that have been posted by our members here from time to time), I might not have suspected enough, and even as it was, my first instant thought was that this was real. I replied, and asked if there was a phone number where I could speak to him directly. If the person did answer with a phone number, besides making sure that the person sounded like my actual friend I would have asked some things that only he would have known. But the next e-mail just said there wasn't a phone where he could be reached, and could I please immediately wire him $2500 via Western Union.

Yeah right.

I then did what I probably should have done right away: I called my friend's home phone number in New York, and was glad when he himself picked up the phone.

Hopefully and presumably none of your contacts got fooled to the point of sending money. I would like to think I wouldn't have, even if not for the publicity and warnings I'd seen. But I might have.

Mark,

I was truly grateful for the amount of phone calls I got from clients and friends. Most of them just wanted to let me know what was going on, but some of the people were really concerned and ready to send money!

Things like this cause the worst problems when people are in actual difficulty.

I could rant on this subject. But I'll summarize it as this: if you know a close family member is on vacation, and they contact you to say "HELP!!!! Call American Express's concierge service and help me find a hotel! I'll pay for it, I just need their help finding one. I'm in [this city] in [this developing country] where there's a huge international conference (which I never knew about before), every hotel is booked, no one speaks my language, the place is famous for corruption, and I've been awake for 3 days strait."
Do not, under any condition, reply "why don't you try Travelocity.com?"
It's a developing country, they don't use Travelocity, and the 2 hotels that are listed have been full for weeks and never bother to update their status. I tried that long ago.
For those that don't know, American Express's concierge service can work wonders and find hotels or rooms that otherwise don't exist. They are also very good at conveying the critical information before a cellphone battery dies.

Good reminder Dave. Recently our church email got hacked. The hacker sent out pornographic pictures to the entire congregation!!!! Come to find out, our password had not been changed in 10 years and was a very simple word to figure out.

Folks, as our tech guy instructs us at my school, your password needs to contain the following: a capital letter, a symbol and a number. Even though most of us use the same password for everything, it's really not a good idea. We're instructed to have separate passwords for school and home, so if one get's hacked, the other is not in jeopardy. Just a few things to think about.

Type your password into the box at the top, then hit enter to check the strength.

http://www.passwordscan.com/

If I were a sniffer/hacker/phisher, I would set up such a link to "test" password strength. No thanks, Dan!

edit: Think about it....a site performs a password strength test by associating the password you enter with your ip address. Don't do it!

Someone on the internet has to have your password so as to allow you into things. How paranoid does one have to be?

Testing a password strength does not indicate you are using that password.

No, but trying a tested pw would be a logical place to start. Not paranoid at all, but we ARE talking security and hacking here. And after all, tricking people into entering information is how phisers operate.

Well, don’t have any fun with the password checker if you believe everyone is out to get you.
If you have concerns about password security keep in mind these simple rules;
Change your password once a month.
Insure your password has all the components, upper/ lower case, special characters and numbers.
The last one is keystrokes. I never type them in, but use cut/paste. This way if I have a keystroke logger the characters are not read.

Thanks for the reminder!

On a lighter note, I have to share how ridiculous this is: at work (federal gov.), we are required to change our password every 6 months...to get into...REQUIRED local continuing education "programs".

Unbelievable! OH no, someone ELSE is trying to do my CE, yikes!
leave it to the government....oh, and the requirements for the password are UNREAL. Most of us can't get in and end up on the phone with IT, wasting time.
See how your tax dollars are spent?

ooooops, I digress, sorry.

xkcd has the best stance on password strength:

Nice one ! I take that password !

(but many sites today ask for different characters to be used and will not accept that)

Why would it be harder for hacker to discover my password, let's use Tr0ub4dor&3, if I have changed to it from Tr0mbo^ne%7 three months ago?

Will hackers really spend months and months working on trying to find out one lowly person's email password?

Remind me of a friend who worked in computer security for the military. The zone where missiles where hidden was so secret that no telephone was able to reach the outside normal phone net.

So he had to discuss of the computer security question in a public phone at the nearest village !!

It may not be your password that was hacked. Have you seen one of the emails? The return address is probably not yours.

What probably happened is that either your address book was hacked, which can happen if you keep it on a server like AOL, or that someone got addresses from a carelessly addressed email.

You should use CC sparingly. If you are sending a message to a large group, use BCC instead.

Not at all! They just set up a password checker and lo and behold, you type it in for them.

Absolutely. Are you sure it was your account that was hacked? Lots of times, a random address from the person who was hacked's address book is put into the "from" line to throw people off. The fact that the mail is "from" you doesn't necessarily mean you're the one who was compromised.