Yahoo and eBay accounts hacked, make hackor pay!

Posted on 2005-04-25
Last Modified: 2010-04-11
  My girlfriend's yahoo email account was hacked earlier this month.  The password was changed and the 'forgot my password' link wouldn't work. Her eBay account, however, still had the same password. Durring the time when she couldn't enter her email, this person put a GPS system up on eBay and some one 'won' it. The person who won the auction, sent the hacker $1200 some dollars, and of course, did not receive this item.

   Now this is the information I have up to tonight. The headers of emails he sent from the hacked account, with ip and time. The account number, routing number, and name and address of the bank the wire transfer was sent to.

   I have sent and email to AOL, his service provider assumed from his ip, telling them about this. Is there anything else I should do? Also, her password had letters and numbers, and her security question was a trick question. How did this person gain access to her account? Norton and Ad-Aware have turn up nothing suspicious.

  One more question, would I be invading his privacy if I were to post his account and routing number and any other information I find, on here for google and the whole world to see?
Question by:Jonman364
    LVL 5

    Accepted Solution

    you should contact the police and/or any other relevent authority in your country and ask them to investigate.  
    You should also contact the bank where the money was sent to let them know what you suspect has happened, they will most likely have an internal investigation team.
    Have you contacted ebay ?  they'll have server logs for all transactions and may help.

    You shouldn't post any info publicly because chances are it isn't going to be the criminals real details it'll most likely be another innocent persons details that have been hijacked, and who know what trouble that will get you in...
    LVL 6

    Expert Comment

    agreed 100%

    Additionally, if you have not done so already, be sure to be completely open with the buyer about this situation. The sooner that they notify their financial institute, the better their chances will be of recovering their money.
    LVL 9

    Expert Comment

    >> How did this person gain access to her account?

    Any number of ways.  By default when you log into yahoo mail, it is done in plain text and anyone running a sniffer on any network along the way can easily grab the password.  Even if she checked from home, if someone at her ISP had a sniffer running on a shell on a box that was able to see customers' traffic going to the router then they'd easily be able to sniff it out.  Many people use the same or similar passwords on many different sites, so any password a hacker gets will likely also be tried at popular other sites like ebay, paypal, citibank, etc.  The AOL account the hacker used is almost certainly a hacked account or a free trial account created with false information...or perhaps a zombied AOL machine that acted as a proxy.  If she logged in non-encrypted from anywhere semi-pulic at any time, ever, then there is a chance someone sniffed out the password.  If the hacker was stealthy, (s)he could have gotten the password 6 months ago and just sat on it along with however many other ones they snagged...and only using ones they've sat on for a while.  Furthermore, if they have a series of compromised machines at their disposal scattered around the globe through countries less than cooperative w/ US authorities on fraud issues, there's basically nothing you can track.  It's worth checking, of course, hoping they were ripped off by an amateur, but don't get your hopes up.  The best info you have is the routing number...if it's a US or US-friendly bank, then that's a good starting point for authorities.

    If there is no evidence of malware on her machine, and she *never, ever* logged into an online service w/ her username/password (ebay/yahoo/whatever) from any other computer ever, then it was almost certainly sniffed somewhere along the line.  If she *ever* DID log in on another computer, securely or not, then the password could have been aquired on that machine via keylogger or similar.  Also check the date of her virus defs in Norton...there exists malware code that can break Norton's updates and you may never notice.  (One of my clients had that the time I got the machine to fix, the virus defs were 9 months old even though Norton seemed to "go through the motions" trying to update.  There were 100+ viruses on that machine that their norton (with the old defs) did not detect).  Obviously, be sure you updated AdAware's defs as well....and all current windows updates.  Not using internet explorer or outlook.outlook express for web and email will go a long way towards reducing the chance of system compromise as well.  Be sure to use a firewall as well...personally I prefer sygate's free personal firewall over popular ones like nortons, McCrappy's, and Zone Alarm...don't bother w/ XPSP2's's a joke for malware to bypass once inside your machine.

    Does she use wireless?  Unless she's set up w/ a wireless access point authenticating to a RADIUS server, the chances are she's running a fairly easy to sniff wireless connection for someone in signal range (which could be someone miles away with a very high gain beam aimed directly at her WAP...don't think because you lose your signal 5 feet from the sidewalk that that's all the farther it can be received!).  Even w/ disabling SSID broadcast, MAC address filtering, and WEP, it would be trivial for someone knowledgeable to break that "security".  WPA has it's problems as well, especially in some circumstances.  If someone was sneaky enough, they could crack your wireless security then run a sniffer and just wait for the passwords sent in clear text.  Done.

    Sorry for such a long post addressing one part of your question, but the above posters already completely covered everything else ;)  100% agreement with simonenticott and bmedward.
    LVL 2

    Assisted Solution

    Did she by chance revieve and open an email claiming to be from ebay. I've gotten a few saying account suspension and saying there had been suspiciouse activity and to please click on the link which looks like an ebay link\blahblah.html but actually if you click on it a javascript is opened launching you to a different page that is not ebays and which gathers information. Crap asking for account confermation usernames and passwords is ALLWAYS a scam. Remember the question isnt are you paranoid? Its are  you paranoid enough?
    LVL 9

    Assisted Solution

    wow...can't believe I forgot to mention phishing scams!  </brainfart> thanks for picking up my slack, Casinoguy :)
    LVL 38

    Expert Comment

    by:Rich Rumble
    Yes, this type of fraud could be due to a phishing scam, and should be reported to EBAY and Yahoo, as well as the FTC

    Author Comment

    simonenticott - The first thing she did was have eBay and paypal lock her accounts. Since then they have be reopened, passwords changed. I was thinking about calling the bank, nut they were probably closed at the time I received the information. The one thing I didn't think of was the first thing you suggested, calling the police.

    bmedward - Thats actually how we found out. He sent an instant message to her asking if she had the tracking number for the package because he hadn't received his item yet. Poor guy it was his first eBay transaction, probably last.

    fixnix - Even if its a free-trial AOL account, could AOL find the phone number he dial in from? The banks address is in New York. I don't know how old the Norton defs are but the Ad-Aware I download and installed 2 nights ago.  As for IE, she uses firefox, and doesn't use any local email reader. Firewall, I have a Linux system inbetween her machine and the internet. All software on that is updated regularly.

    Casinoguy - I believe she knows better.

    Any way I guess I'll call that bank today, and walk across the street to the police station.
    LVL 5

    Expert Comment

    Its a sad time on the internet these days, the biggest thing to happen globally in a few hundred years and it was 'free' but there are always people looking to make money at the cost of anything and its those people that are turning society in to the way it is today.

    But yes, speak with the police

    and i'll put a more cheery CD on  ;)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now