A couple Wednesdays ago I had just finished a meeting at church when I looked at my phone to find multiple missed calls and an abundance of text messages. Since my cell phone was just over a week old at that point, this meant that pretty much everyone who knew my number plus some other people had called or texted me in the span of less than an hour. After reading all the text messages, listening to my voice mail and making some calls, I got a pretty clear picture of what had happened…my main email account had been hacked.
It was the same old sob story spammed out to my email contacts that I had to have an emergency trip to Scotland for some meeting and everything was stolen and I needed over $3000 to settle my hotel bills and buy a plane ticket home. But to make it even creepier the hacker also took my typical signature and a somewhat believable ending for the email plea. It stated “In His Hands. Joy;-)”.
In some ways I am thankful that this hacking didn’t occur three weeks earlier when I was in England and hopping over to Scotland really would have been a viable option but there is never a good time to have your email hacked. But thankfully most of my email contacts are people who know me well and could read between the lines, despite the signature, and not take the request seriously. But out of concern, this email did spark quite the round of phone calls, emails and facebook messages from my contacts to me, my mother, my best friend, my Santa Barbara church, my Sacramento church and i’m sure a few others as well. Some people unfamiliar with the scam were calling to make sure I was actually ok but most people were just trying to let me know that my email had been hacked so I could deal with it.
Of course many people recognized the email format and scam right away but some people read the email and found other reasons to believe it wasn’t me. Here are some of the best reasons: Lots of people dismissed it right away because they knew I would have just asked my parents for the money if I needed it. Because I do travel a lot, a few people believed the email up until the amount of money asked for. Maybe if the hacker had asked for $300 instead of $3000 they would have been more successful gleaning money from people. A couple ladies from church knew it wasn’t me because I would have asked for prayer in that situation. Many people didn’t believe the wording and how things were phrased. Another friend thought that I would never be that vague in telling what I was doing, ‘a presentation for some seminar’ doesn’t cut it. I am usually more specific. And there were many more but my favorite was my dentist who told me as I was sitting in his chair later that day, “I didn’t believe it because you had an appointment today.”
Because the hacker did a good job changing all my account information, I couldn’t just change my password back but I contacted gmail to start the recovery process. I also called the sheriff to report that it had happened, this got the incident on the record which will be helpful in case of identity theft later on. A couple of people did respond to the message to see where the hacker would tell them to send the money. So once I received that address I contacted Western Union and reported it as well. And now a week and a half later I have my email account sans contacts but otherwise to worse for the wear. So once again I can be contacted at firstname.lastname@example.org.
I still have no idea how this happened or how the hacker got my account information. The whole situation is unsettling for many reasons but just gives me one more incentive to have strong passwords and multiple passwords for different accounts. Gmail even has a new system where your cell phone acts as a go-between to help secure your account. We tend to have our whole lives online now and it is super convenient in many ways but it also opens us up to many more threats. The situation for me could have been a lot worse but I am thankful to have gotten off with only an inconvenient warning. So how about changing your email password now?