HackerPocalypse 2011 - The Lesson

If you would like to start this journey with me by reading part one, HackerPocalypse 2011 - The Story, please feel free.So yesterday, I told you the emotional parts, the sadness and sorrow of the losing 10+ years of email and memories. Today I am going to talk technical. If this has happened to you, here are the things you need to know.First of all, though I am a very savvy web person, I think I was the victim of a spam email. It looked like it was coming from Google. It was identical to their emails. It was about security. They didn't ask for my username and password, just told me about some security features. I checked the reply to address and it looked right. I clicked on the link in the email and it took me to (what looked exactly like) a Google page. It asked me to login to my email and then said I had updated my security settings.Looked totally legit but I think that is the only possible way they got my login information.I jumped out of bed when I was made aware about the situation (more on that here) and took action immediately. When I couldn't login to my account, I contacted Google and reported it. This caused the hackers to not be able to log back in. It is important to read ALL the steps first and try to follow them in order because you may give the hackers a chance to hack again if you don't. Many of these steps may only be Gmail centric since I am not familiar with other programs.

  1. Contact Gmail or your email provider. Get passwords reset and changed. Make it clear that you do not have access and believe you were hacked. The hackers set up my fail safes (security question, default phone number to text password to, and secondary email account) to their information.
  2. Once you gain access, in Gmail there is a little button on the very bottom right of the page. It says this:
    Last account activity: 10 minutes agoDetails
    1. The "Details" is the button. Press that and a record of where you are logging in comes up. Chances are, they are using something to cloak their location. Don't try to catch them here. Just press: This account does not seem to be open in any other location. However, there may be sessions that have not been signed out. Log out from all other sessions. This will force the hackers out if they are still in your account.
  3. The next step is to go to the mail settings. Press the button for Forwarding and POP/IMAP. Most likely they created a new reply to address. It should look a lot like your real address but be on ymail, hotmail, etc. I think they choose ymail since if you are reading fast, it looks like gmail.
    1. IMMEDIATELY disable the forwarding. They set it to forward all incoming mail and delete them from your inbox. Save changes at the bottom.
  4. Now that you have kicked them out of your email, let's do some damage control. Look in the trash folder for all your email that was dumped. I am pretty sure they have written a program to dump all into the trash.
  5. Find the emails they sent to your contacts. They "bcc'd" everyone but you can still see the names. DO NOT USE YOUR CONTACT BOOK YET. Copy and paste those names into an email and let everyone know you are not in Madrid or London, you have not been held up at gun point, and it's your call if you want to tell them to send you money or not... ;)
  6. Once you have sent those, it's time to recover email. In the trash, press the check box at the top of the navigation, you know, so it selects all. Once all 100 emails in the trash are selected, a little piece becomes highlighted under the navigation. It says, All 100 conversations on this page are selected. Select all xxx conversations in Trash. The second part of this is a link. If you click it, you will select all emails in the trash. I highly suggest just doing that to save your emails. I could not save mine, please save yours!
  7. Click the Move To button and move them all to your inbox. If you have utilized filters/folders, you can easily archive those back. You will have to trash some and save others. This will be, most likely, tedious but better than losing everything like me!
  8. You can do all that later, it will take time. For now, you are good. We have more to do.
  9. Be sure you change ALL of your passwords. Do not make them all the same. Sorry, it's for your own good. Change characters, change numbers, change cases... make them different! In my case, they had logged onto my Facebook so I knew they had more information.
    1. Make it a little complicated to be safe. Like your password could be HacKersSucK'2011 or hackersSUCK_2011 or hackerSuck/2011 or hacker$$uck'1969 ... lots of options to use random characters. Get creative but jot it down in a safe, non-web, place.
  10. Now, here is where they really get nasty. Remember in number 5 when I said not to use your contact book yet? Yeah, well there was a good reason. I didn't notice this until 7 or 8 hours into the clean up of my mess. Those jerks messed up my contact list! They used a program to add the tiny word "in" after every email address... all 500 of them! Had I not used the "copy from the BCC" method, I would have sent a bunch of emails and gotten them all bounced back. This is why my instructions to you are important and purposeful.
    1. Gmail has a nice feature where you can restore you contacts to a previous point. I restored mine to the night before the hacking and voila! All fixed. Easy enough but not top priority when you get hacked.
    2. P.S. What I mean by the word "in" appended to your emails, all my contacts looked like this: SuzyQin@blankmail.com when her real email would have been SuzyQ@blankmail.com. Devilish suckers, huh?

I hope this hard earned education of mine is helpful to people out there. Please, leave me a comment and tell me if this information helped you out of a hacking situation. I just think these people are the lowest of the low. Fine, email our friends, they aren't stupid enough to think we went on a surprise vacation to Madrid but to systematically destroy our electronic storage? Unconscionable. So inhumane and truly shows people with a lack of morals and care for anyone but themselves.If you haven't yet, and would like to read the story of my experience (and not just my tips and lessons) please read my blog here: HackerPocalypse 2011 - The Story