Yahoo and eBay accounts hacked, make hackor pay!
My girlfriend's yahoo email account was hacked earlier this month. The password was changed and the 'forgot my password' link wouldn't work. Her eBay account, however, still had the same password. Durring the time when she couldn't enter her email, this person put a GPS system up on eBay and some one 'won' it. The person who won the auction, sent the hacker $1200 some dollars, and of course, did not receive this item.
Now this is the information I have up to tonight. The headers of emails he sent from the hacked account, with ip and time. The account number, routing number, and name and address of the bank the wire transfer was sent to.
I have sent and email to AOL, his service provider assumed from his ip, telling them about this. Is there anything else I should do? Also, her password had letters and numbers, and her security question was a trick question. How did this person gain access to her account? Norton and Ad-Aware have turn up nothing suspicious.
One more question, would I be invading his privacy if I were to post his account and routing number and any other information I find, on here for google and the whole world to see?
Now this is the information I have up to tonight. The headers of emails he sent from the hacked account, with ip and time. The account number, routing number, and name and address of the bank the wire transfer was sent to.
I have sent and email to AOL, his service provider assumed from his ip, telling them about this. Is there anything else I should do? Also, her password had letters and numbers, and her security question was a trick question. How did this person gain access to her account? Norton and Ad-Aware have turn up nothing suspicious.
One more question, would I be invading his privacy if I were to post his account and routing number and any other information I find, on here for google and the whole world to see?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> How did this person gain access to her account?
Any number of ways. By default when you log into yahoo mail, it is done in plain text and anyone running a sniffer on any network along the way can easily grab the password. Even if she checked from home, if someone at her ISP had a sniffer running on a shell on a box that was able to see customers' traffic going to the router then they'd easily be able to sniff it out. Many people use the same or similar passwords on many different sites, so any password a hacker gets will likely also be tried at popular other sites like ebay, paypal, citibank, etc. The AOL account the hacker used is almost certainly a hacked account or a free trial account created with false information...or perhaps a zombied AOL machine that acted as a proxy. If she logged in non-encrypted from anywhere semi-pulic at any time, ever, then there is a chance someone sniffed out the password. If the hacker was stealthy, (s)he could have gotten the password 6 months ago and just sat on it along with however many other ones they snagged...and only using ones they've sat on for a while. Furthermore, if they have a series of compromised machines at their disposal scattered around the globe through countries less than cooperative w/ US authorities on fraud issues, there's basically nothing you can track. It's worth checking, of course, hoping they were ripped off by an amateur, but don't get your hopes up. The best info you have is the routing number...if it's a US or US-friendly bank, then that's a good starting point for authorities.
If there is no evidence of malware on her machine, and she *never, ever* logged into an online service w/ her username/password (ebay/yahoo/whatever) from any other computer ever, then it was almost certainly sniffed somewhere along the line. If she *ever* DID log in on another computer, securely or not, then the password could have been aquired on that machine via keylogger or similar. Also check the date of her virus defs in Norton...there exists malware code that can break Norton's updates and you may never notice. (One of my clients had that problem...by the time I got the machine to fix, the virus defs were 9 months old even though Norton seemed to "go through the motions" trying to update. There were 100+ viruses on that machine that their norton (with the old defs) did not detect). Obviously, be sure you updated AdAware's defs as well....and all current windows updates. Not using internet explorer or outlook.outlook express for web and email will go a long way towards reducing the chance of system compromise as well. Be sure to use a firewall as well...personally I prefer sygate's free personal firewall over popular ones like nortons, McCrappy's, and Zone Alarm...don't bother w/ XPSP2's firewall...it's a joke for malware to bypass once inside your machine.
Does she use wireless? Unless she's set up w/ a wireless access point authenticating to a RADIUS server, the chances are she's running a fairly easy to sniff wireless connection for someone in signal range (which could be someone miles away with a very high gain beam aimed directly at her WAP...don't think because you lose your signal 5 feet from the sidewalk that that's all the farther it can be received!). Even w/ disabling SSID broadcast, MAC address filtering, and WEP, it would be trivial for someone knowledgeable to break that "security". WPA has it's problems as well, especially in some circumstances. If someone was sneaky enough, they could crack your wireless security then run a sniffer and just wait for the passwords sent in clear text. Done.
Sorry for such a long post addressing one part of your question, but the above posters already completely covered everything else ;) 100% agreement with simonenticott and bmedward.
Any number of ways. By default when you log into yahoo mail, it is done in plain text and anyone running a sniffer on any network along the way can easily grab the password. Even if she checked from home, if someone at her ISP had a sniffer running on a shell on a box that was able to see customers' traffic going to the router then they'd easily be able to sniff it out. Many people use the same or similar passwords on many different sites, so any password a hacker gets will likely also be tried at popular other sites like ebay, paypal, citibank, etc. The AOL account the hacker used is almost certainly a hacked account or a free trial account created with false information...or perhaps a zombied AOL machine that acted as a proxy. If she logged in non-encrypted from anywhere semi-pulic at any time, ever, then there is a chance someone sniffed out the password. If the hacker was stealthy, (s)he could have gotten the password 6 months ago and just sat on it along with however many other ones they snagged...and only using ones they've sat on for a while. Furthermore, if they have a series of compromised machines at their disposal scattered around the globe through countries less than cooperative w/ US authorities on fraud issues, there's basically nothing you can track. It's worth checking, of course, hoping they were ripped off by an amateur, but don't get your hopes up. The best info you have is the routing number...if it's a US or US-friendly bank, then that's a good starting point for authorities.
If there is no evidence of malware on her machine, and she *never, ever* logged into an online service w/ her username/password (ebay/yahoo/whatever) from any other computer ever, then it was almost certainly sniffed somewhere along the line. If she *ever* DID log in on another computer, securely or not, then the password could have been aquired on that machine via keylogger or similar. Also check the date of her virus defs in Norton...there exists malware code that can break Norton's updates and you may never notice. (One of my clients had that problem...by the time I got the machine to fix, the virus defs were 9 months old even though Norton seemed to "go through the motions" trying to update. There were 100+ viruses on that machine that their norton (with the old defs) did not detect). Obviously, be sure you updated AdAware's defs as well....and all current windows updates. Not using internet explorer or outlook.outlook express for web and email will go a long way towards reducing the chance of system compromise as well. Be sure to use a firewall as well...personally I prefer sygate's free personal firewall over popular ones like nortons, McCrappy's, and Zone Alarm...don't bother w/ XPSP2's firewall...it's a joke for malware to bypass once inside your machine.
Does she use wireless? Unless she's set up w/ a wireless access point authenticating to a RADIUS server, the chances are she's running a fairly easy to sniff wireless connection for someone in signal range (which could be someone miles away with a very high gain beam aimed directly at her WAP...don't think because you lose your signal 5 feet from the sidewalk that that's all the farther it can be received!). Even w/ disabling SSID broadcast, MAC address filtering, and WEP, it would be trivial for someone knowledgeable to break that "security". WPA has it's problems as well, especially in some circumstances. If someone was sneaky enough, they could crack your wireless security then run a sniffer and just wait for the passwords sent in clear text. Done.
Sorry for such a long post addressing one part of your question, but the above posters already completely covered everything else ;) 100% agreement with simonenticott and bmedward.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, this type of fraud could be due to a phishing scam, and should be reported to EBAY and Yahoo, as well as the FTC
abuse@yahoo.com
abuse@Ebay.com
http://www.ifccfbi.gov/index.asp
http://www.consumer.gov/idtheft
-rich
abuse@yahoo.com
abuse@Ebay.com
http://www.ifccfbi.gov/index.asp
http://www.consumer.gov/idtheft
-rich
ASKER
simonenticott - The first thing she did was have eBay and paypal lock her accounts. Since then they have be reopened, passwords changed. I was thinking about calling the bank, nut they were probably closed at the time I received the information. The one thing I didn't think of was the first thing you suggested, calling the police.
bmedward - Thats actually how we found out. He sent an instant message to her asking if she had the tracking number for the package because he hadn't received his item yet. Poor guy it was his first eBay transaction, probably last.
fixnix - Even if its a free-trial AOL account, could AOL find the phone number he dial in from? The banks address is in New York. I don't know how old the Norton defs are but the Ad-Aware I download and installed 2 nights ago. As for IE, she uses firefox, and doesn't use any local email reader. Firewall, I have a Linux system inbetween her machine and the internet. All software on that is updated regularly.
Casinoguy - I believe she knows better.
Any way I guess I'll call that bank today, and walk across the street to the police station.
bmedward - Thats actually how we found out. He sent an instant message to her asking if she had the tracking number for the package because he hadn't received his item yet. Poor guy it was his first eBay transaction, probably last.
fixnix - Even if its a free-trial AOL account, could AOL find the phone number he dial in from? The banks address is in New York. I don't know how old the Norton defs are but the Ad-Aware I download and installed 2 nights ago. As for IE, she uses firefox, and doesn't use any local email reader. Firewall, I have a Linux system inbetween her machine and the internet. All software on that is updated regularly.
Casinoguy - I believe she knows better.
Any way I guess I'll call that bank today, and walk across the street to the police station.
Its a sad time on the internet these days, the biggest thing to happen globally in a few hundred years and it was 'free' but there are always people looking to make money at the cost of anything and its those people that are turning society in to the way it is today.
But yes, speak with the police
and i'll put a more cheery CD on ;)
But yes, speak with the police
and i'll put a more cheery CD on ;)
Additionally, if you have not done so already, be sure to be completely open with the buyer about this situation. The sooner that they notify their financial institute, the better their chances will be of recovering their money.