Hacked? Any advice?

But how do they know my relatives name?

Excuse ignorance ! I’m so jumpy about it all !!!

@Figo, it is completely understandable that you are jumpy; you’re going through a horrible experience.

But you have people here to help.

It might be more helpful to say that the constant attack by spammers worldwide (the vast majority of all Internet trafficis illegal and/or malicious, alas) now includes you.

I doubt that this necessarily means that you have been singled out. Nor that it’s necessarily connected to what happened recently.

The email which the sender apparently sent to you claimed to be coming from tisnet, an ISP in Taiwan (.tw)

Do you know anyone who uses that domain? It may well be that tisnet is a provider of ill repute… there are many of them.

Could Camilla (or do you) use Yahoo for email: Yahoo’s security is weak in this respect: attackers can still gain access to users’ address books?

If your (or Camilla’s) address was in (someone’s) previous recipients etc, it’s trivial for the eco-terrorists (for that is what they are, just like climate deniers, and now SARS-CoV-2 deniers) to target you just because they have your address from her, or vice versa.

The same thing could have happened with btinternet. It’s not unknown.

You can probably just ignore it and concentrate on working through your system-remediation measures as you have been doing. Good luck!

Hi @Figo,

there are various ways those emails can land in your inbox. The most optimistic reason is that one of your relatives/friends have been compromised (computer/webmail…), all her/his contacts have been retrieved and you now get a mail from a robot with the (likely) spoofed (=made up or camouflaged) email pretending to be your member of the family. In your case, the sender did not even bother to spoof the sender’s mail address but simply used first.last@[made up domain]. The goal was not to get you to answer. The goal was to get you to click. You can safely assume that nothing good is behind that link. So, well done to not click! These things are quite successful in families where you recognize the name and apply interfamily trust and click. Damage done… Three recommendations right now:
a) Never post anything with your personal details anywhere. Not here, not in facebook, not in Instagram. I now know your real name, your email and first.last of one relative…. Lots of damage can be done with that information if a bit more evil efforts are applied.
b) Make sure that nobody has access to your webmail account(s). Use another computer where you can be sure that this is not compromised. Change password and activate 2nd factor authentication (I referred to that in my previous post)
c) Continue to do so for everything that you’re using which requires you to log in. Remember: Different strong passwords for EVERY service!

Once you’ve protected your treasures (again referring to my previous post. Backup!!!), go to a trusted Mac Expert to drill through your system to identify any malicious code if there’s any and clean it up. Don’t do anything on your own. This is expert domain.

2 Likes

Brilliant advice, Jürgen!

1 Like

This is a good website I use to check if any of my accounts have been compromised around the world.

Type in the email address you use to login to a website such as Realmac forum and it will tell you if any systems that contain your account details have been compromised.

Have I been Pwned?

4 Likes

WOW! Thanks.

Yes I had 18 times!

Thank you again everyone for your amazing help.

I’ve got 1password

I have changed all logins and passwords.

A weird thing happened the other day … never seen it before. I dont know if it was a computer glitch or … hacker

I have set my mac so that when it sleeps I have to enter password again

I have a macbook pro hooked to a bigger screen and a blutooth keyboard.

I tapped the keyboard to wake up mac.

Then the password dots started appearing in the box for the password!
I was not touching anything ! And no I had no book or anything leaning on either keyboard. It did it a few times! It added many more digits than what my password was. So I guess if it was a hacker they didnt actually know my password.

I have changed the password to something never ever used before and complex … but so so weird.

Does anyone know what rights we have to information about who hacks us?

For example … due to the current crisis it took me many hours waiting over several days to talk to someone at Amazon. When I did… the extent of the hack became apparent to her as we were speaking … starting off with clearing my browser etc … my address did not fit the account … she was really nice and sharp and kind … I was really impressed by her. BUT as the story unraveled as we were on the phone it became apparent that she was impressed by what the hack had managed to do… She was saying things like … wait wow ! ok. hang on.
this is interesting …
I even had the guys burner email address !
But do we have any rights re finding out what happens? Do they look for the guy? Do they find the guy?
I would like to know what happens. I understand that many are 12 yr old brain boxes bored … But it seems that after we call the help line … we never hear anything ever again.

I’d be surprised if someone who might have gained access to your machine(s) is (still) angle to send keystrokes - and execute what appeared to be happening in your password field(s). You might want to install a keystroke logger to see if that can throw any light on what appears to be going on.

Are you 100% sure that your machine(s) have not been infected with some sort of virus, or malware? What you describe about ‘dots’ in your first post today is certainly not usual behaviour. Have you asked on the Agile bits forum to see whether anyone there can explain why 1P could possibly be appearing to autofill? Or the Apple support communities about entering your system password after wake-up?

Good luck!

The short answer to your understandable annoyance at getting information on cybercriminals is: No. As long as laws are inadequate, and not enforced, and as long as technological solutions to such crimes are not deployed, little or nothing will change.

A strong case can be made that the three greatest crises facing the world now are:

  1. the climate catastrophe (speaks for itself)
  2. public health (speaks for itself; and is the result of 1… ecocide and the abuse of animals)
  3. cyber security (not highlighted so often; but could bring the world to its knees with the ‘right’ kind of attack).

Until the élites in power address these issues, malfeasances like the one(s?) which you’ve been unfortunate enough to experience will just go on and on.

Since it doesn’t seem likely that governments will do much about any if these three, the time is probably already here for us all to take matters into our own hands; and that’s fighting’ talk!

1 Like

Thank you so much for all this information. It’s so kind of you to take the time.

The whole thing really stressed me out!

I think things are quiet now. I have changed all passwords and use 1password and am being very careful.
Also using a gmail email just for these endless signup things one has to do.

I had forgotton about my Airbnb account and yesterday received an email from Airbnb about the house I had rented for amonth in France !

So To everyonne out there be careful! Be aware of your online accounts. YES you are on your own! It is frustrating that the information on who did this is there … but their indentity is protected !

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.