Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Phone/Gmail hacked, anyone familiar with this scam?

  • 13-09-2019 9:31pm
    #1
    Closed Accounts Posts: 945 ✭✭✭Always Tired


    This is a bit of a weird one, I'll try and explain it clear as I can. If anyone can give me some advice, please do. I think I've secured everything now, but it was a bit of a freaky thing and I have some questions about the attack, including whether certain info I have may suggest who is responsible.

    I got 2 'sign in from unrecognized device' emails today in my gmail mobile app. 1 from google, and 1 from facebook. The device was a Mac (which I don't have). The facebook message showed me the profile name and picture, which wasn't me. One of the messages said the location was in Ennis (where I don't live anywhere near).

    I flagged both of the sign in attempts through the emails, clicking on the button that says 'this isn't me' or whatever.

    Then, I noticed that these emails, which were in my inbox along with other ones I recognized, weren't actually addressed to my email address. They were addressed to an email nothing like mine, with no name in the address. it was a gmail address but the part before the @ was just a reference to a recently ended, wildly popular HBO TV show.

    I also realized, which I had never noticed before, that I had a tab that said 'all inboxes' on the left of the gmail app, and when I tapped on it, I had more emails sent to this unfamiliar address. I was usually in 'primary' which just showed my ones, but it seemed I had been receiving emails that were sent to this other address for quite some time.

    I didn't want to open any of them in case they were viruses, but I saw 2 from legit companies and I briefly opened them. One was a purchase order from an online retailer and another from a takeaway: each was addressed to a person with the same name as the facebook profile (a very uncommon name).

    Thinking (naively) that this was just some weird glitch, I made a silly error: I emailed this strange address saying 'Hey, I got these weird sign in attempt messages and flagged them, and then realized I am getting your emails.' Like an idiot, I suggested someone had breached HIS data, not realizing I was the target, and suggested he take steps to secure his accounts. LMAO now that I was so blind, but anyway...


Comments

  • Closed Accounts Posts: 945 ✭✭✭Always Tired


    Within a few minutes my phone started ringing, but no graphic appeared to swipe over to answer it, as (I know now) they were using Find My Device to make it ring. Then they locked the phone using Find My Device and put a password on it so I couldn't get into it and left me a nice message on the lock screen: 'kill yourself'.

    I had to factory reset the phone and once I did that and got back up and running I went into my gmail and found that I no longer had the 'all inboxes' option and all the emails correlating to this strange email address were no longer there. I immediately changed my google account password and put a password onto my phone (which, if I had already done, would have prevented them from locking it on me)

    What I'm wondering is, is this person whose facebook profile came up and who the emails were addressed to likely to be the hacker? Or another victim? Because while the email address didn't have a name, the content of the emails did, it looks like a legit name and it is the same name as the facebook profile, has been used for ebay, etc.

    And I have been looking for info on this particular scam but it seems like while having someone compromise your email is not uncommon, the fact that I had access to this other email is not typical (I was able to send and receive emails from this strange email before the phone was locked and then reset), I actually forwarded one of his emails to the address to show him I was getting them.

    I know it's a confusing thing to read but if anyone is willing to try and unravel what this could be and whether this person in Ennis is responsible. I found them on another social media site as well and its the same person in different photos but it says location Ennis also, same as facebook. I'm wondering if me being able to see his emails was a mistake and when he realized it he locked me out. Basically I'm wondering if there's a chance I have the lads full name and town he lives in and knows what he looks like, and whether I should report it (though the guards are unlikely to do anything I'd say)


  • Registered Users Posts: 2,419 ✭✭✭antix80


    Sounds like the emails were bogus and the links in the emails are also bogus. If you "logged in" using your username and password using those links, that's how they get your username and password


  • Registered Users Posts: 2,419 ✭✭✭antix80


    They used that to log into your google account, lock your device etc.
    If you save passwords in google chrome they have all your passwords... Have a look at https://passwords.google.com/ to see which passwords you need to change.

    Never click links in emails.


  • Closed Accounts Posts: 945 ✭✭✭Always Tired


    Thanks for replying. I don't think I understand though.

    I didn't log in through chrome, though I might have done at an earlier date. I was just in the app. The only things I clicked on in the emails were the 'sign in from unrecognized device's ones which looked legit and were from Google and facebook. I didn't click on any of the links in any of the other emails.

    I was able to forward one of the emails also from this address, basically I opened an email from HTC (the phone manufacturer) that was addressed to strangeemail@gmail.com and hit forward and forwarded it to strangeemail@gmail.com and it appeared again in my inbox.

    Why would all these emails be sent to a guy with the same name who is also on Facebook if they were bogus? And where did they all go after I reset the phone, did he just delete them before I secured the account?


  • Closed Accounts Posts: 945 ✭✭✭Always Tired


    So the plot thickened a bit. I emailed the address again and let the guy know I knew his name, the town he was from, and what he looked like. This time I got a response.

    According to him, his phone was stolen a year or two ago, and it happens to be the same make model as mine. I bought my phone brand new in a Vodafone shop last year. The make and model of the phone would be visible on the find my device app used to lock the phone and send the message, and after I pointed this out to him he admitted he had locked the phone and sent the message as he thought I was the one who stole his phone. Bizarrely, he said he thought doing this might get the phone returned.

    But the emails I sent were polite and helpful, my real name is in the address, and so it makes no sense that the person who stole his phone would do that, or even contact him at all. It makes even less sense for him to respond by locking the phone and sending a message telling me to kill myself. Since he could see the location of the phone by using find my device why didn't he try to report it to the guards? Instead of bricking the phone (which is something hackers are known to do). Or he could have just replied to my emails.

    It doesn't add up to me. And if you could see the photo of this lad, he looks like someone who could easily be cast in a film about teenage hackers. And it just seems odd he didnt reply to my first emails suggesting he might have an issue with his gmail acct. He didn't reply till after I told him I had his personal info and knew what he looked like and where he lived.

    Though on the other hand, how likely is it that someone who hacks your account is also from Ireland?


  • Advertisement
  • Registered Users Posts: 517 ✭✭✭yoke


    Sounds like this guy is some kid who doesn't have a clue, who got lucky with a generic phishing attempt.



    It's hard to answer the questions without knowing the specifics unfortunately - eg. "how likely is it that someone who hacks your account is also from Ireland?" - it depends, if there is anything suggesting the phishing attempt targeted irish email addresses, then it is not at all unlikely.


    I'd probably bet a small amount of money it was actually him, though :) It sounds like a bullsh!t story to me, that he had the exact same model of phone which got stolen a year ago, but he never thought of blocking it before now, and he didnt answer your emails before you told him you knew his name.

    If you have his facebook page, could you see if there are any posts from a year ago saying his phone got stolen?


  • Registered Users Posts: 2,419 ✭✭✭antix80


    Maybe he guessed your password and ended up adding your phone/account to his... I dunno. Can't figure out the logistics.
    Wouldn't trust any excuse this guy gave you or that he's even the person in the photo.
    Most likely it was a successful phishing attempt due to the link you clicked in an email.
    If it was malicious there's a good chance he knows a good bit about you already.. Bank you use, people in your address book, passwords from password manager, etc, so be careful.


  • Registered Users Posts: 1,356 ✭✭✭jaggiebunnet


    Should also report to police and get them to follow up.


  • Registered Users Posts: 2,419 ✭✭✭antix80


    Should also report to police and get them to follow up.

    There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"


  • Registered Users Posts: 1,356 ✭✭✭jaggiebunnet


    antix80 wrote: »
    There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"

    There is a cyber division setup exactly to investigate this type of thing. https://www.garda.ie/en/about-us/specialist-units/garda-national-cyber-crime-bureau-gnccb-/


  • Advertisement
  • Registered Users Posts: 1,576 ✭✭✭Glass fused light


    antix80 wrote: »
    There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"

    I agree that it should be reported.

    ( The kill yourself message is a breach of the law from the old P&T days and if memory services me can be punished by the removal of service, that reminder to most teens would stop some of the online bullies or at least get their parents attention )

    While the Garda may not be able to put this in as a priority if the person is doing this to multiple people and no one reports they get away with it and learn how to do it better the next time. Just flagging a person gives the Garda soft information that could be beneficial at a later date.


  • Closed Accounts Posts: 3,502 ✭✭✭ Noor Mysterious Lecturer


    Report it, was defo that guy.


  • Registered Users Posts: 4,058 ✭✭✭smuggler.ie


    Rise Q with google, they should have record of this activity.


  • Registered Users Posts: 8,184 ✭✭✭riclad


    Go to a pc ,open firefox, if you can log in to gmail ,
    and set up 2 factor security,
    see gmail setting,s security, it,ll ask you to put in a phone no,
    so if your password is changed you will get a txt message on your phone.
    You can also use the 2 factor security, to change your password in the future,
    It will send a pin code to your phone in a txt message .
    put in code , in order to change your password .


    https://www.google.com/landing/2step/

    this will protect you in future if someone wants to hack into your gmail,
    they,ll need to acess your phone and read the text from google
    ,which is unlikely.
    If you are at a web cafe or using a friends pc,
    always log out from gmail and youtube .
    click sign out from youtube.

    You can set it up from a phone or a pc,
    i prefer to use a pc .


  • Closed Accounts Posts: 945 ✭✭✭Always Tired


    Thanks guys, I do still strongly suspect it was him, though it seems quite clumsy to hack someone in a way that allows them to see your own emails, though maybe he didn't realise that.

    I have put on the 2 step verify and changed my passwords.

    I am still considering whether or not to report it, I have generally found reporting things to the gardai to be useless and stressful, like they interrogate you before they do anything.

    But in general the things that make me think he was spoofing about the phone being stolen are:

    the my device app used to lock the phone shows the make and model, so he thought he could use that to make up that story.

    Didn't lock the phone until I contacted him despite it supposedly being stolen years ago (and of course it happened in Limerick, to make it more believable ad Limerick has a bad rep for being rough). My phone was bought brand new so it would be unlikely to be his phone it wasnt from a CEX or something. I asked him did he have the imei of the phone, of course then he said no, that he bought it secondhand from his girlfriend.

    Didn't contact me when I sent the emails which were polite and helpful, other than to tell me to kill myself and lock the phone.

    Then, once I sent an email letting him know that I had his personal info, suddenly he gets in touch.

    What makes me want to report it though, is that the unrecognized device sign ins sent to his email could suggest he is hacking into other people's devices or accounts. When I reset the phone and got my account back up and running, I no longer had inboxes other than primary and all the emails to this other address were gone, so he covered his tracks quickly but I had already found his name and facebook profile.

    Still can't find anything online where someone was able to basically merge two email addresses like that, it doesn't seem to be a popular hack. But locking people out of their stuff is popular and the message is very much like something a troll hacker would send.

    When I asked him why he didn't lock his phone after it got stolen, or why did he think anyone who stole his phone would send helpful emails ages later, he had no answer.

    I have several emails now from this guy as we messaged back and forth a good few times, which show his full name now that match the other emails sent to him, but no longer have the emails that I was able to view that were sent to him like the sign in attempts, so not sure how much proof I have, but in the emails he does admit to sending the message and locking the phone. Luckily I don't really have any online banking acts and my passwords are all different.

    I'm going to try and see if google can help but I find it can be hard to get any joy with these big companies.


  • Closed Accounts Posts: 945 ✭✭✭Always Tired


    Also in one of the emails he says "now that you have my info I won't hit that phone anymore".

    IMO only a hacker who knew he had been caught would say that.


Advertisement