Kemmeter column: Hackers find ways to disrupt viral world
By Gene Kemmeter
“Hello, How are you doing today,I (sic) hope you are doing well during this unprecedented time.? Please can you do me a favor?”
That little note on an email with a subject line of “Just Checking In” contained grammar mistakes (no space after today and a period before a question mark) spurred a flurry of activity Friday, May 1. Our email address list had been hacked, and hundreds of friends and acquaintances were receiving the request worldwide.
The phone calls started at 1:30 p.m. when a former co-worker called. “I think your email got hacked,” he said, explaining he experienced a similar situation a few years ago when another friend’s email got hacked.
Then came more phone calls. At times friends were calling on both our cellphones and the land line. A cousin who is a professor of African Studies at a New York university said he had replied pressing the “reply” function in the email and received a response saying that I needed help to purchase gift cards for a niece’s birthday, providing a link to make a purchase. He said the language in the response was typical of scams from Nigeria or Malaysia.
Other callers said they suspected a scam, with some even saying they knew the email wasn’t from me because there were too many spelling and grammar errors.
The first thing to do was again change the password to our email address, something that needs to be done periodically. The next step was to contact the email provider.
Before we got to do that, however, a computer technician (we consider him a guru), who got the email, called and said the hack was beyond his scope of expertise. He said anyone replying to the email was redirected to another address the hackers had added to the end of our address. He also said the hacked email came from a time zone six hours ahead of our time zone.
He said he sent me a couple of emails testing my address, but they never arrived in my email inbox. He told me to immediately call my email provider, adding “these guys (the hackers) are really good. And I mean they really know what they’re doing, in a bad sense. Turn your computer off!”
After the customary, lengthy call-waiting period, the technical staff of the email provider responded and walked me through various steps to check on my computer. They uncovered that my mailbox filters had been altered and incoming mail was now directed to trash. That switch was rectified, and the technician said the technical staff would work on the system to see if any other alterations took place.
Refreshed that the situation appeared over, we began sending out emails to those in our email address book, explaining the initial emails were a hoax and we were doing fine.
However, Saturday morning we found the email inbox was empty, and all of the emails transferred from the trash folder to the inbox on Friday were gone, moved back to the trash folder, along with all the incoming mail.
Then periodic emails appearing to be from the email provider began arriving. The first eight recommended keeping the same password because it was due to expire in 24 hours. The next 24 urged that the password be reset. The message inside the email included a button to press that directed you to a fake website to reset everything.
That meant another call to the email provider. Instead of waiting for the next available technician in 40 to 50 minutes, we opted for a callback, which came 110 minutes later (you’re right, I was chronicling everything, both time and information-wise).
After hearing the explanation that the problem of the previous day had returned, the technician consulted with the technical staff several times and asked that the email system not be activated for two or three hours.
Three and a half hours later, the system was functioning in a pre-hack manner. Incoming email was going to the inbox instead of trash, and outgoing mail was delivered. Everything was normal again on Sunday and Monday.
Periodically, we’ve received similar emails to the recent situation we experienced. We’ve usually ignored them or called the apparent sender to alert them. Our friends’ calls definitely alerted us quickly, setting the stage to begin following the recommendations in case of a computer hacking.
The first recommended step from the Federal Trade Commission (FTC) after a hacking is running the anti-virus program for a deep scan on your devices. The second is changing passwords to your email and social networking sites. The third is to contact your email provider. Other steps, such as contacting your friends to alert them not to send money, are listed at the FTC website at consumer.ftc.gov for hacked email.
We were lucky. Hopefully, no one on the list of email addresses lost any money by responding. Rectifying the situation took a lot of time.
During this “Safe at Home” time when computers are needed for school, work, socializing and getting important information, people also need to be on guard for computer viruses and hackers.