Once upon a time, I got hacked. Here is my story.
So...yesterday was kind of a crappy day.
It started off as many days do: waking up to the stirring of Bitty Bug (aka Baby #2). I went to get her and nursed her as I watched reruns of Boy Meets World.
I love that show.
After Little Chica got up, we all went downstairs for breakfast. I grabbed my laptop to check up on Facebook. When I logged in, I was told that I misspelled my password and, oh, by the way my password had been changed at 5:03 am
I was asleep at 5:03 am.
That was when the real fun began.
Confused by this error, I go to log into my Gmail account to see if I'd received an email saying something to the effect that my password had been changed. Surprise! I got a red error message at login saying my password was incorrect.
I knew this was not good.
As I continue trying to log in, a bad feeling begins to creep into my stomach. I try to log into Facebook again, and a different email for my account is registered in the username space. The email looked like my email, with ONE letter changed. After several failed attempts to change my Facebook password, I turned my efforts to resetting my Gmail password. After a few tries I was successful, only to be immediately locked out again.
I knew then that I was dealing with a hacker.
And hackers are super turds.
Not long after my realization, the phone calls and text messages start:
"Hey, I think your email got hacked."
"Hey, you sent me a really weird email. Are you ok?"
"I think someone is using your account to phish."
"You got hacked."
"You got hacked."
"By the way, in case you didn't know...you got hacked."
Like, times a thousand.
The contacts of my email account had been sent an email from "me" stating that Hubby and I were vacationing in the UK, had been mugged, and cannot leave until we settle our hotel bill. All of our money, passports and cell phones had been taken. "I" then requested/begged that people send me money via Western Union so we can get out of the UK and head home.
Vacationing. In the UK. With a 3 month old? Yeah. Right.
But, the email was eerily authentic, from using my name and Hubby's name, right down to the usual way I sign my emails. Friends and family alike were confused and concerned, as the email seemed legit.
And I had no way to stop it.
In this age of technology, there is nothing more unsettling than to be completely cut off from your electronic forms of communication. I felt so helpless, as my friends worried about me and attempted to contact me. I had no way of letting them know via an email or a Facebook status that IT'S A SCAM and I AM OK.
Talk about feeling violated. Someone had been IN my email. Snooping around and gathering information about me. As these thoughts bounced around my irate head, I realized that I had no idea what other information these people could have gotten from my emails. Was my bank information there? Addresses? Tax information?
I had no idea.
So in a total panic, I researched everything I could about getting my accounts back. I have a good friend who knows more than he should (ahem) about such things, and he was well informed about this present "Need Help" phishing scam. After completely frightening me about the worst-case scenarios (my identity being stolen, every account I have online getting hacked into, and for all intents and purposes ceasing to exist a la The Net), he directed me to get virus scan going on my computer. He then helped me to understand how to log out ANY other sessions that were running my email, and encouraged me to heighten security bank account (just in case).
Not long after, I had regained control and security of my Gmail account. I was dismayed to find that EVERY ONE OF MY CONTACTS had been erased, as well as ALL my emails. As happy as I was to have my email account back, I was totally overwhelmed at the thought of trying to rebuild my contacts list, and grieving any important emails that were forever lost. Despite this set back, I spent some time undoing some of the fiddling the hackers did, and my account was generally straightened out
Facebook, though, was another story.
As I said earlier, the hackers attached another email to my Facebook, which gave them primary control of the account. I tried and tried to reset my password, but I was unable to. I reported the problem to Facebook, which involved filling out forms.
Tons and tons of forms. Over and over again because the attempts to report the problem were unsuccessful.
Later in the evening, I receive an email saying that my account has been deactivated because Facebook (correctly) believed it had been taken over by scammers who were using a money scam via my Facebook account.
I spent the better part of last night trying to reactivate my account, which involved (you guessed it!) tons and tons of forms.
By 8pm, I was exhausted.
At the end of yesterday, I had accomplished the following (see tips on What To Do If Your Account is Hacked by Scammers at the end of this post):
- regaining control of my Gmail
- restoring my Gmail contacts ::yay!::
- recovering ALL my emails ::double yay!::
- becoming incredibly versed in how to handle being hacked by scammers
- emailing all of my contacts apologizing profusely for the email, explaining it was a scam
- confirmed to all the worried souls in my life that I was a) not in the UK and b) completely and totally fine
- filled out a ton of forms for Facebook to reactivate my account with zero success
- felt terribly guilty that a few of our friends had been taken by the scam and had given their financial information to the scammers believing it was me.
Did I mention my girls didn't nap well yesterday?
Today I woke with motivation to regain my Facebook account back. From some of the reading I had done, I knew this could take a lot of time and energy. I was worried that there was a chance I might never get my account back. Not that I am addicted to Facebook or anything, but like many, I have information and pictures on my account that are important to me.
I spent this morning doing more research and (you guessed it!) filling (and refilling) out forms. Around lunchtime, when hope was all but lost, I received the most precious email ever that started with the following line:
"I have reset your password. You will be able to access your account with the following new information."
After more than 24 hours of panic, creating new passwords, upping my security on online accounts and filling out forms, I can (hopefully) put all this behind me. For me, after confirming that our financial information was secure, this was more of a nuisance than anything. Sure, I spent plenty of time panicked and frustrated, but in the end, everyone involved was OK. I can only imagine how much worse it would have been to have money taken or my identity stolen. It stinks that there are people out there who are able to not only destroy someone's day, but someone's financial and personal security.
Many people (myself previously included) have no idea what to do if they were hacked by scammers. Since I learned a lot of stuff really fast yesterday, I thought I'd compile the information, should you ever find yourself in the same situation:
What To Do If Your Account is Hacked by Scammers
(NOTE: these items are specific to Gmail, as that is the email I have - if you have information on how to check/change the following items in hotmail, yahoo or other email servers, PLEASE leave a comment below explaining the steps, or leave me an email so I can update this post)
1. First and foremost, say a swear word or punch something. It will make you feel better.
2. As quickly as possible, reset your email password. Make sure to make a STRONG password, using letters, numbers and characters. My friend suggests having 3 different passwords for online accounts: 1 for low-level security items, 1 for mid-level security items, and 1 for high-level security items (email, facebook, credit cards, bank - anything that has personal information).
3. Contact your credit card company and financial institution (ie: bank) and alert them to the breech of security, especially if your email contains any information on these items (or they share the same password as your email). Most credit card companies and banks have a fraud department that can heighten security on your account until the situation is cleared up. Don't settle for talking to a low-level employee. Go straight to a manager or the fraud department - and take notes on WHO you spoke to (name? badge number?), WHEN you spoke to them (date and time), WHAT was discussed.
4. (This is personalized for Gmail) When you are able to get back into your email, scroll to the bottom of your screen. Here you will find some turn on/off options, as well as a line that discusses your "account activity." It may even say that "this account is open in 2 other locations." PRESS THE DETAILS LINK. You might see that your account is open not only in the US, but places like the UK, France or Nigeria. Take the option to "SIGN OUT ALL OTHER SESSIONS." This will sign out anyone else who may be logged onto your account. If you've changed your password, they should not be able to get back in.
5. I'd say, just to be safe, change your password again at this point.
6. RUN A VIRUS SCAN ON YOUR COMPUTER. Make sure it checks for viruses AND keyloggers.
7. Immediately go to your Mail Settings, which can be accessed in Gmail at the top right hand of your screen. It looks like a cog. Go to "Forwarding and POP/IMAP." Make sure that the hackers did not put a forwarding address. If they did, REMOVE IT. Disable your POP and IMAP for now until things are cleared up.
8. Next, go to "Accounts and Imports." Make sure that the hackers did not put a different "reply-to" address. If they did REMOVE IT.
9. If your address book is empty, you have an option to restore your contacts (YAY!). To do this, go into your Contacts link. Along the toolbar there is a "More Actions" tab. Click the arrow, and at the bottom, there is the option to Restore Contacts. Restore to a time before your account was hacked (I did 1 week).
10. If your emails have been erased, first check your Trash. I found that all of my emails had been put into Trash, but Trash had not been emptied. So I was able to Move All back to Inbox.
11. ALWAYS make sure that your are browsing SECURELY whenever possible. When you are logging into your email or facebook, your web address should start with "https," not just "http." Many browsers will also show a "lock" type icon when the server is secure.
Facebook is another story all together, as it involves a lot of forms and is not as straight-forward. I will update this post when I can gather links to all the correct forms. In the meantime, I can encourage you the following:
1. If you are unable to access Facebook at all because your account has been taken over, it is difficult to find the correct forms or search the Help Center. If you have a trusted friend (spouse? relative?), ask them to do the research for you on their account. They can forward you the correct forms. I found that having Hubby use his account to look for things was helpful, as he could access the Help Center and other forums that I could not because I could not log in.
2. Make sure your email is straightened out/secured BEFORE you work on Facebook, especially if your hacked email account is the one you log into Facebook with. It is more difficult to have Facebook verify you as the account holder if you cannot use the log in email. They find it fishy, I think, if you are using a secondary email address (even if it is legitimate because your primary email is compromised)
3. If you find the forms you are looking for and fill them out, you may have to be patient for them to email you back. Sometimes they don't email at all. KEEP AT IT - fill out the forms over and over again. Try verifying your account as often as Facebook will let you. I kept getting an error message when I almost completed verifying my account, saying the verification process could not be completed, and that I had to contact some other department in Facebook. So I kept contacting that department and filling out the form. I also kept filling out the form that allowed me to verify my account.
4. Don't give up!
Again, when I can link up to the correct forms (Reactivating your Account, Compromised Account, Resetting Account, etc), I will try to update this post.
In the meantime, I hope you learn from my mistakes: SECURE YOUR ONLINE ACCOUNTS! Run virus scans! Browse securely! Don't give passwords to anyone! Don't click links that look suspicious!
And, should you ever meet a hacker that scams, PUNCH THEM IN THE FACE.