08-06-2009, 01:48 PM
Hi,
So we get a phone call early this morning (around 6:30) from one of my wife's friends saying that someone using my wife's facebook account is chatting with him, telling him that my wife and I are in London and were mugged at gunpoint and that we need him (my wife's friend) to send money via Western Union, etc.
My wife's friend realized this was a scam and that's why he called us to let us know that her facebook account appeared compromised.
My wife changed her facebook password immediately and then we googled a bit and found out that this is a very common scam. See here for just one example of many many posts online about this:
http://joewessels.net/2009/07/08/watch-o...chat-scam/
My wife also happened to check her email at the same time this morning and she had received an email from a family friend saying that he was stuck in London, got mugged, etc., etc. I checked my email and I received the same email from the same friend. We thought it was quite coincidental that we got this email at the same time this facebook chat scam was ongoing with my wife's friend.
So, I had my wife check her sent items folder in her fastmail email account and there was an email sent from her account around the same time this morning, addressed to "undisclosed recipients," CC'd to several gmail addresses (of the scammer I assume) and having a subject of, "TESSSTTTT" and some gibberish for the body, "dada;lkdfkd."
Anyway, this really alarmed me. It appears that someone not only hacked into my wife's facebook account (worrisome) but also into her email account (very worrisome).
Unfortunately, my wife uses the same password for almost all of her online accounts (including one of our bank accounts, which I've already changed). So, I'm just trying to figure out how this happened. It appears someone was able to figure out her facebook password, find out her email address from her facebook profile and then maybe try logging into her email account with the same password and got lucky b/c the passwords were the same. Do you think this is the most likely scenario?
Or, I've heard of viruses being able to send out emails from one's email account without actually knowing the password. In this instance, I'm guessing the virus gains access through the Outlook address book or something like that? My wife does use Outlook on her home Dell and keeps it open all day long.
Another thought is a key logger on her computer sending her keystrokes surreptitiously to the scammer/hacker.
All this just seems too coincidental for one morning (ie, facebook hacked, email hacked and email received with similar London mugging story).
What we've done so far is: change her facebook password, change her fastmail password (to something different) and change the one banking account password that was the same.
Does anybody have any thoughts on what happened? Obviously, this has gotten us both a bit worked up!
Thanks.
EDIT: Forgot to mention that the password she was using is NOT easy to figure out, has letters and numbers, etc. So, it's not something someone can just guess out of the blue. Also, she hasn't used any public omputers lately. She was at her sister's house in California for the past 5 weeks, so her sister's computers were the only other computers she's used to access facebook and fastmail that she can remember.
So we get a phone call early this morning (around 6:30) from one of my wife's friends saying that someone using my wife's facebook account is chatting with him, telling him that my wife and I are in London and were mugged at gunpoint and that we need him (my wife's friend) to send money via Western Union, etc.
My wife's friend realized this was a scam and that's why he called us to let us know that her facebook account appeared compromised.
My wife changed her facebook password immediately and then we googled a bit and found out that this is a very common scam. See here for just one example of many many posts online about this:
http://joewessels.net/2009/07/08/watch-o...chat-scam/
My wife also happened to check her email at the same time this morning and she had received an email from a family friend saying that he was stuck in London, got mugged, etc., etc. I checked my email and I received the same email from the same friend. We thought it was quite coincidental that we got this email at the same time this facebook chat scam was ongoing with my wife's friend.
So, I had my wife check her sent items folder in her fastmail email account and there was an email sent from her account around the same time this morning, addressed to "undisclosed recipients," CC'd to several gmail addresses (of the scammer I assume) and having a subject of, "TESSSTTTT" and some gibberish for the body, "dada;lkdfkd."
Anyway, this really alarmed me. It appears that someone not only hacked into my wife's facebook account (worrisome) but also into her email account (very worrisome).
Unfortunately, my wife uses the same password for almost all of her online accounts (including one of our bank accounts, which I've already changed). So, I'm just trying to figure out how this happened. It appears someone was able to figure out her facebook password, find out her email address from her facebook profile and then maybe try logging into her email account with the same password and got lucky b/c the passwords were the same. Do you think this is the most likely scenario?
Or, I've heard of viruses being able to send out emails from one's email account without actually knowing the password. In this instance, I'm guessing the virus gains access through the Outlook address book or something like that? My wife does use Outlook on her home Dell and keeps it open all day long.
Another thought is a key logger on her computer sending her keystrokes surreptitiously to the scammer/hacker.
All this just seems too coincidental for one morning (ie, facebook hacked, email hacked and email received with similar London mugging story).
What we've done so far is: change her facebook password, change her fastmail password (to something different) and change the one banking account password that was the same.
Does anybody have any thoughts on what happened? Obviously, this has gotten us both a bit worked up!
Thanks.
EDIT: Forgot to mention that the password she was using is NOT easy to figure out, has letters and numbers, etc. So, it's not something someone can just guess out of the blue. Also, she hasn't used any public omputers lately. She was at her sister's house in California for the past 5 weeks, so her sister's computers were the only other computers she's used to access facebook and fastmail that she can remember.
