Was I Hacked?

My autoresponder message after I was hacked

Posts appearing today about a recent phishing scam for Google and Google Drive made me stop and remember an incident that happened to me about one year ago, which scared me enough to file a police report.

Yes, a police report. Here’s what happened.

It was a routine work day for me, which involves using dozens of websites, apps and tools, many of which require a password. I thought I was cautious about my passwords because I change them often and I don’t use the same one everywhere.

Step One: Not Paying Attention

One day, I am doing what I call “kamikaze” through my Gmail — click and delete, click and delete. Instead of deleting, I clicked on something which took me to what was obviously a scam-style website. I leave right away and think nothing of it.

Step Two: How Did That Happen?

Two days later, I am in my email again and I am asked to sign in with my password, which fails. But I hadn’t changed my password???  I reset everything and think nothing of it.

Picture of a Canoe hanging on a fenceStep Three: WTF?

Not long after, I get a longish email from someone about a wire transfer for the sale of a boat which, when I click on this link, will authorize the final transfer. I may not be paying attention some days, but I don’t own a boat.  Okay, well, I have a canoe but seriously, would you need a wire transfer to own THIS?  I do not click, but I delete.

Step Four: Oh, Crap!

Within hours, I was getting emails generated from a list of 35 people, all claiming that I sent the email and what about the boat? At least one of them was actually selling or buying a boat and demanded to know who I was and how I got his banking information.  One kept sending an email saying “Hey, Fran, I need to hear from you. Are you okay?” What sent red flag signals for me is that I could see all the addresses in the email and none of them were people I know or have ever done business with. Usually, someone hacks YOUR address book.

Step Five: Get A Hat and Dark Glasses

The author with a hat and dark glasses to hide her identitySince all these people had my email address, and like a good business person, all my contact details are in my signature line, next I started getting phone calls, including one so threatening “I’ll come down to Texas and pop you if you email me again…” that I filed a police report. I immediately put an autoresponder on my account and screened my emails extra carefully for a few days.

What Should I Have Done Differently?

I asked myself that question at the time and even asked some of my techie friends, who couldn’t figure out the source of the scam.  It was only at the “oh, Crap” stage that I reconstructed the first two steps in which I was not paying attention and moving so quickly through sites and clicks that I inadvertently went somewhere which allowed my information to be compromised somehow.

Here are some other tricks I have seen since that incident.

The display name in the email looks like someone you know, but you hover over it and it’s a horribly weird email in a domain that sounds gibberish.  I caught this one quickly when I realized the name was from a relative who I know doesn’t even own a computer.

A recommendation from something in an email:  Your friend Susie just joined The Blah Network….and you should too. This then activates an email targeting all the contacts in your email domain.  This happened to me when I wasn’t paying attention and it’s a pervasive thing that angers all your friends and certain CEOs who might have been your boss at one time and are still in your address book.

What Should You Do?

I don’t even know if you should call it hacked, but somebody was acting in my name. The whole thing was scary and frustrating. I wish I could say I have a complete laundry list of things I do differently. But I don’t. I do, however, PAY ATTENTION. And maybe you will too.