Re: [SLUG] Hacked email

2011-07-03 Thread Amos Shapira 
On 3 July 2011 16:31, DaZZa  wrote:

> >From what I've read, even if you *do* manage to convince Google you
> own the account, the hacker deletes all the mail in it anyway, and
> harvests the contacts before deleting them too - so you get nothing
> back anyway.
>

That's why it might be worth backing up your google accounts, here is a link
I filed away four years ago so things may have changed since:
http://googlesystem.blogspot.com/2007/12/creating-backup-for-your-google-account.html

--Amos
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-03 Thread Jon and Hannah Hummel 
> there was a lot of it going on. I pointed out that there is a lot of
> speeding going on too, but I still get booked if I speed. Somehow the
> point didn't seem to sink in.
Thats because suckers like us will pay the fine without questioning it.


> I'm getting the impression that authorities think that internet crime is
> not "real" crime and it's a bit too hard. With some simple co-operation
> these guys could easily have been nabbed. You can be sure it's not the
> only time they've done it.
Authorities don't care about anyting unless it means more power or money for 
them.
Get a crying single mother on national TV at the eve of and election and watch 
the response.
These people are (could be) across boarders which to us means nothing, but to 
a beaurocrat is another universe.

Don't forget it wasn't until ust a few years ago that electronic records were 
actually admissable evidence in court

It's crap I know, maybe we at SLUG could rally with the other Aussie Lugs and 
start a petition or lobby the Government to fix this and I don't know... 
Govern.

jon
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread DaZZa 
On Sun, Jul 3, 2011 at 1:55 PM, David Lyon
 wrote:
> well if not for those logic errors, I was close to sending money..

Jesus, I hope nobody else (especially not someone who barely knows me,
like yourself, David!) got close to being caught.

It's a plain scam. Please, please, please, ignore it (unless you're
into scam-baiting).

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread DaZZa 
On Sun, Jul 3, 2011 at 11:38 AM, Matthew Hannigan  wrote:
> On Sun, Jul 03, 2011 at 09:23:14AM +1000, david wrote:
> [ .. ]
>> I'm on Darren's address book, so I got the scam request for cash
>> from his account. It looked perfectly genuine at first although the
>> return address was dagibbs@Ymail instead of gmail.
>
> This is the thing.  Surely all a gmail users correspondents
> can vouch for the user.  This should be enough for them.
> Particularly gmail correspondents who have archived mail.
> That can't be faked.  Or would be very hard to fake.

Apparently, not in Google's books.

> Matt, who knows someone similarly affected.

Your friend is like me - S.O.L.

>From what I've read, even if you *do* manage to convince Google you
own the account, the hacker deletes all the mail in it anyway, and
harvests the contacts before deleting them too - so you get nothing
back anyway.

DaZZa
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread David Lyon 
I'm not scamproof myself.. I've been scammed in europe a few times..

I too got the email..

I was ready to send the cash.. being stuck in europe with no cash and no
cards (doubly bad if you're in a country where they don't/can't speak
english).

Anyway, there were some funny logic problems in the email.. I'm just
pointing
out for entertainment purposes..

"Pay the hotel bill".. well in europe most of the time you have to prepay.
The
hotel takes a swipe of your credit card when you arrive. Even if you lose
your
card, the hotel can still take it's payment.

"Robbed at gunpoint". Like in Australia, it doesn't happen that much in the
UK.

"Going to the airport soon". Well, it costs money to go to the airport like
here.
If the flight is leaving soon, no need to pay the hotel bill. Just make the
flight..

etc..

well if not for those logic errors, I was close to sending money..
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread Matthew Hannigan 
On Sun, Jul 03, 2011 at 09:23:14AM +1000, david wrote:
[ .. ]
> I'm on Darren's address book, so I got the scam request for cash
> from his account. It looked perfectly genuine at first although the
> return address was dagibbs@Ymail instead of gmail.

This is the thing.  Surely all a gmail users correspondents 
can vouch for the user.  This should be enough for them.
Particularly gmail correspondents who have archived mail.
That can't be faked.  Or would be very hard to fake.

Matt, who knows someone similarly affected.


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread david 



DaZZa wrote:

On Sat, Jul 2, 2011 at 7:38 PM, Michael Chesterton
 wrote:

On Sat, Jul 2, 2011 at 3:17 PM, DaZZa  wrote:

My suggestion is to fill this form out ASAP. Any of your online accounts
that use dagi...@gmail.com could reset your password at will.


Done that.
Twice.
Unfortunately, the brd who hacked the account changes all the
password recovery questions - which means I am S.O.L - Google says "We
can't verify who you are" - Christ, it's been 10 years since I started
using Gmail, how am I supposed to remember the date? Or the invite
time and date?

I thought when you (or someone else) changes your recovery email address,
you get sent an email to the old recovery address and can undo the changes
from there?


Apparently, not if you're Google. All you need to do is compromise
someone's Gmail account, and you can change their recovery settings
for *all* their Google services without any additional intervention.


Interestingly, the message I'm replying to was flagged as forged by gmail, I
found it in my spam bin.


I didn't notice that - I know it had a dud "reply-to" header on it,
but it appeared to come genuinely from Gmail for the ones my wife got.



I'm on Darren's address book, so I got the scam request for cash from 
his account. It looked perfectly genuine at first although the return 
address was dagibbs@Ymail instead of gmail.


I started a fun conversation with the scammers (8 emails so far), who 
gave me an address to send the cash (Western Union). I've tried 
desperately to get some official response. Nada, nothing, zero.


abuse@google and abuse@yahoo replied with form responses directing me to 
web forms, which were complicated and confusing. I've dutifully 
completed the Google webform, but haven't got any response - not even an 
automated one.


When I rang the police the operator wasn't sure, but thought that their 
internet crime unit only works 9-5 monday to friday, but they would take 
my details. I haven't heard back. The operator seemed to think that 
there was a lot of it going on. I pointed out that there is a lot of 
speeding going on too, but I still get booked if I speed. Somehow the 
point didn't seem to sink in.


I rang Western Union (since they are the funnel for the scam). They gave 
me an  email address for frauds  so I sent all 
the details including the western union branch in London that I was 
supposed to send cash to. So far I have received nothing back, not even 
an automated response.


I'm getting the impression that authorities think that internet crime is 
not "real" crime and it's a bit too hard. With some simple co-operation 
these guys could easily have been nabbed. You can be sure it's not the 
only time they've done it.



--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread Paul Dwerryhouse 
On Sat, Jul 02, 2011 at 03:17:06PM +1000, DaZZa wrote:
> Unfortunately, the brd who hacked the account changes all the
> password recovery questions 

So, I'm interested ... do you know how this particular person got access to
your account in the first place?

Did you use the same userid/password combination on a different website that
subsequently got hacked? Or did you log in from a virus-laden PC, or perhaps
use the password on a public network in a cleartext exchange?

Cheers,

Paul

-- 
World Wireless Prepaid Internet plans:http://worldmobilenet.com/
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread DaZZa 
On Sat, Jul 2, 2011 at 7:38 PM, Michael Chesterton
 wrote:
> On Sat, Jul 2, 2011 at 3:17 PM, DaZZa  wrote:
>> > My suggestion is to fill this form out ASAP. Any of your online accounts
>> > that use dagi...@gmail.com could reset your password at will.
>> > 
>> Done that.
>> Twice.
>> Unfortunately, the brd who hacked the account changes all the
>> password recovery questions - which means I am S.O.L - Google says "We
>> can't verify who you are" - Christ, it's been 10 years since I started
>> using Gmail, how am I supposed to remember the date? Or the invite
>> time and date?
>
> I thought when you (or someone else) changes your recovery email address,
> you get sent an email to the old recovery address and can undo the changes
> from there?

Apparently, not if you're Google. All you need to do is compromise
someone's Gmail account, and you can change their recovery settings
for *all* their Google services without any additional intervention.

> Interestingly, the message I'm replying to was flagged as forged by gmail, I
> found it in my spam bin.

I didn't notice that - I know it had a dud "reply-to" header on it,
but it appeared to come genuinely from Gmail for the ones my wife got.

> And to respond to Scotts post, putting a condom on after the baby is born is
> leaving it a bit late.

I've done it now - and would have done it before if I'd known about it
(yeah yeah, I know, mea culpa for not keeping up with the latest in
Google world) - but yeah, it's shutting the gate after the horse has
bolted.

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-02 Thread Michael Chesterton 
On Sat, Jul 2, 2011 at 3:17 PM, DaZZa  wrote:

> > My suggestion is to fill this form out ASAP. Any of your online accounts
> > that use dagi...@gmail.com could reset your password at will.
> >
> > 
>
> Done that.
>
> Twice.
>
> Unfortunately, the brd who hacked the account changes all the
> password recovery questions - which means I am S.O.L - Google says "We
> can't verify who you are" - Christ, it's been 10 years since I started
> using Gmail, how am I supposed to remember the date? Or the invite
> time and date?
>

I thought when you (or someone else) changes your recovery email address,
you get sent an email to the old recovery address and can undo the changes
from there?

Interestingly, the message I'm replying to was flagged as forged by gmail, I
found it in my spam bin.

And to respond to Scotts post, putting a condom on after the baby is born is
leaving it a bit late.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-01 Thread Scott Sinclair 
On Sat 02 Jul, 2011 at 15:17:06 +1000, DaZZa wrote:
> This is a common problem, apparently
> (http://www.google.com/support/forum/p/gmail/thread?tid=448bef23d1e8f4f9&hl=en),
> and Google's security measures, quite frankly, SUCK. You set a
> password recovery mechanism, and then let it be *changed* without the
> criteria being met - so if someone hacks your password, they can
> simply *change* everything which might identify you - and then they
> say "We can't verify who you are", and you are 100% screwed.

Time to start using Two Factor Authentication?

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

can be turned on from Account Settings.

Scott
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-01 Thread DaZZa 
On Sat, Jul 2, 2011 at 3:07 PM, Jeremy Visser  wrote:
> On Sat, 2 Jul 2011 12:23:18 +1000, Darren Gibbs 
> wrote:
>> My old email account, dagi...@gmail.com, has been hacked and stolen -
>> unfortunately, the mongrel who stole it also changed all the recovery
>> information so I can't recover it.
>
> My suggestion is to fill this form out ASAP. Any of your online accounts
> that use dagi...@gmail.com could reset your password at will.
>
> 

Done that.

Twice.

Unfortunately, the brd who hacked the account changes all the
password recovery questions - which means I am S.O.L - Google says "We
can't verify who you are" - Christ, it's been 10 years since I started
using Gmail, how am I supposed to remember the date? Or the invite
time and date?

This is a common problem, apparently
(http://www.google.com/support/forum/p/gmail/thread?tid=448bef23d1e8f4f9&hl=en),
and Google's security measures, quite frankly, SUCK. You set a
password recovery mechanism, and then let it be *changed* without the
criteria being met - so if someone hacks your password, they can
simply *change* everything which might identify you - and then they
say "We can't verify who you are", and you are 100% screwed.

If Hotmail didn't suck so badly, I'd move to that.

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Re: [SLUG] Hacked email

2011-07-01 Thread Jeremy Visser 

On Sat, 2 Jul 2011 12:23:18 +1000, Darren Gibbs 
wrote:
> My old email account, dagi...@gmail.com, has been hacked and stolen -
> unfortunately, the mongrel who stole it also changed all the recovery
> information so I can't recover it.

My suggestion is to fill this form out ASAP. Any of your online accounts
that use dagi...@gmail.com could reset your password at will.



Cheers,
Jeremy.
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

[SLUG] Hacked email

2011-07-01 Thread Darren Gibbs 
Admins/etc

My old email account, dagi...@gmail.com, has been hacked and stolen -
unfortunately, the mongrel who stole it also changed all the recovery
information so I can't recover it.

Could whoever has admin rights to the list please unsubscribe
dagi...@gmail.com - I can't remember my password to the admin page,
and because I can no longer access the account I can't recover it.

Apologies to anyone who received a spam saying I was trapped in the UK
after being mugged and asking for money - I'm not now, nor am I likely
to be, in the UK needing money.

DaZZa
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html