Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
 
Thread Tools Search this Thread
13-09-2019, 22:31   #1
 
Join Date: Sep 2018
Posts: 931
Phone/Gmail hacked, anyone familiar with this scam?

This is a bit of a weird one, I'll try and explain it clear as I can. If anyone can give me some advice, please do. I think I've secured everything now, but it was a bit of a freaky thing and I have some questions about the attack, including whether certain info I have may suggest who is responsible.

I got 2 'sign in from unrecognized device' emails today in my gmail mobile app. 1 from google, and 1 from facebook. The device was a Mac (which I don't have). The facebook message showed me the profile name and picture, which wasn't me. One of the messages said the location was in Ennis (where I don't live anywhere near).

I flagged both of the sign in attempts through the emails, clicking on the button that says 'this isn't me' or whatever.

Then, I noticed that these emails, which were in my inbox along with other ones I recognized, weren't actually addressed to my email address. They were addressed to an email nothing like mine, with no name in the address. it was a gmail address but the part before the @ was just a reference to a recently ended, wildly popular HBO TV show.

I also realized, which I had never noticed before, that I had a tab that said 'all inboxes' on the left of the gmail app, and when I tapped on it, I had more emails sent to this unfamiliar address. I was usually in 'primary' which just showed my ones, but it seemed I had been receiving emails that were sent to this other address for quite some time.

I didn't want to open any of them in case they were viruses, but I saw 2 from legit companies and I briefly opened them. One was a purchase order from an online retailer and another from a takeaway: each was addressed to a person with the same name as the facebook profile (a very uncommon name).

Thinking (naively) that this was just some weird glitch, I made a silly error: I emailed this strange address saying 'Hey, I got these weird sign in attempt messages and flagged them, and then realized I am getting your emails.' Like an idiot, I suggested someone had breached HIS data, not realizing I was the target, and suggested he take steps to secure his accounts. LMAO now that I was so blind, but anyway...
Always Tired is offline  
Advertisement
13-09-2019, 22:31   #2
 
Join Date: Sep 2018
Posts: 931
Within a few minutes my phone started ringing, but no graphic appeared to swipe over to answer it, as (I know now) they were using Find My Device to make it ring. Then they locked the phone using Find My Device and put a password on it so I couldn't get into it and left me a nice message on the lock screen: 'kill yourself'.

I had to factory reset the phone and once I did that and got back up and running I went into my gmail and found that I no longer had the 'all inboxes' option and all the emails correlating to this strange email address were no longer there. I immediately changed my google account password and put a password onto my phone (which, if I had already done, would have prevented them from locking it on me)

What I'm wondering is, is this person whose facebook profile came up and who the emails were addressed to likely to be the hacker? Or another victim? Because while the email address didn't have a name, the content of the emails did, it looks like a legit name and it is the same name as the facebook profile, has been used for ebay, etc.

And I have been looking for info on this particular scam but it seems like while having someone compromise your email is not uncommon, the fact that I had access to this other email is not typical (I was able to send and receive emails from this strange email before the phone was locked and then reset), I actually forwarded one of his emails to the address to show him I was getting them.

I know it's a confusing thing to read but if anyone is willing to try and unravel what this could be and whether this person in Ennis is responsible. I found them on another social media site as well and its the same person in different photos but it says location Ennis also, same as facebook. I'm wondering if me being able to see his emails was a mistake and when he realized it he locked me out. Basically I'm wondering if there's a chance I have the lads full name and town he lives in and knows what he looks like, and whether I should report it (though the guards are unlikely to do anything I'd say)

Last edited by Always Tired; 13-09-2019 at 22:35.
Always Tired is offline  
13-09-2019, 22:37   #3
antix80
Registered User
 
antix80's Avatar
 
Join Date: Sep 2016
Posts: 2,040
Sounds like the emails were bogus and the links in the emails are also bogus. If you "logged in" using your username and password using those links, that's how they get your username and password
antix80 is offline  
Thanks from:
13-09-2019, 22:41   #4
antix80
Registered User
 
antix80's Avatar
 
Join Date: Sep 2016
Posts: 2,040
They used that to log into your google account, lock your device etc.
If you save passwords in google chrome they have all your passwords... Have a look at https://passwords.google.com/ to see which passwords you need to change.

Never click links in emails.
antix80 is offline  
13-09-2019, 22:55   #5
 
Join Date: Sep 2018
Posts: 931
Thanks for replying. I don't think I understand though.

I didn't log in through chrome, though I might have done at an earlier date. I was just in the app. The only things I clicked on in the emails were the 'sign in from unrecognized device's ones which looked legit and were from Google and facebook. I didn't click on any of the links in any of the other emails.

I was able to forward one of the emails also from this address, basically I opened an email from HTC (the phone manufacturer) that was addressed to strangeemail@gmail.com and hit forward and forwarded it to strangeemail@gmail.com and it appeared again in my inbox.

Why would all these emails be sent to a guy with the same name who is also on Facebook if they were bogus? And where did they all go after I reset the phone, did he just delete them before I secured the account?
Always Tired is offline  
Advertisement
14-09-2019, 02:40   #6
 
Join Date: Sep 2018
Posts: 931
So the plot thickened a bit. I emailed the address again and let the guy know I knew his name, the town he was from, and what he looked like. This time I got a response.

According to him, his phone was stolen a year or two ago, and it happens to be the same make model as mine. I bought my phone brand new in a Vodafone shop last year. The make and model of the phone would be visible on the find my device app used to lock the phone and send the message, and after I pointed this out to him he admitted he had locked the phone and sent the message as he thought I was the one who stole his phone. Bizarrely, he said he thought doing this might get the phone returned.

But the emails I sent were polite and helpful, my real name is in the address, and so it makes no sense that the person who stole his phone would do that, or even contact him at all. It makes even less sense for him to respond by locking the phone and sending a message telling me to kill myself. Since he could see the location of the phone by using find my device why didn't he try to report it to the guards? Instead of bricking the phone (which is something hackers are known to do). Or he could have just replied to my emails.

It doesn't add up to me. And if you could see the photo of this lad, he looks like someone who could easily be cast in a film about teenage hackers. And it just seems odd he didnt reply to my first emails suggesting he might have an issue with his gmail acct. He didn't reply till after I told him I had his personal info and knew what he looked like and where he lived.

Though on the other hand, how likely is it that someone who hacks your account is also from Ireland?
Always Tired is offline  
14-09-2019, 03:43   #7
yoke
Registered User
 
Join Date: Jul 2008
Posts: 359
Sounds like this guy is some kid who doesn't have a clue, who got lucky with a generic phishing attempt.



It's hard to answer the questions without knowing the specifics unfortunately - eg. "how likely is it that someone who hacks your account is also from Ireland?" - it depends, if there is anything suggesting the phishing attempt targeted irish email addresses, then it is not at all unlikely.


I'd probably bet a small amount of money it was actually him, though It sounds like a bullsh!t story to me, that he had the exact same model of phone which got stolen a year ago, but he never thought of blocking it before now, and he didnt answer your emails before you told him you knew his name.

If you have his facebook page, could you see if there are any posts from a year ago saying his phone got stolen?

Last edited by yoke; 14-09-2019 at 03:50.
yoke is offline  
14-09-2019, 08:10   #8
antix80
Registered User
 
antix80's Avatar
 
Join Date: Sep 2016
Posts: 2,040
Maybe he guessed your password and ended up adding your phone/account to his... I dunno. Can't figure out the logistics.
Wouldn't trust any excuse this guy gave you or that he's even the person in the photo.
Most likely it was a successful phishing attempt due to the link you clicked in an email.
If it was malicious there's a good chance he knows a good bit about you already.. Bank you use, people in your address book, passwords from password manager, etc, so be careful.
antix80 is offline  
Thanks from:
14-09-2019, 08:49   #9
jaggiebunnet
Registered User
 
jaggiebunnet's Avatar
 
Join Date: Nov 2003
Posts: 1,320
Should also report to police and get them to follow up.
jaggiebunnet is offline  
Thanks from:
Advertisement
14-09-2019, 08:57   #10
antix80
Registered User
 
antix80's Avatar
 
Join Date: Sep 2016
Posts: 2,040
Quote:
Originally Posted by jaggiebunnet View Post
Should also report to police and get them to follow up.
There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"
antix80 is offline  
(3) thanks from:
14-09-2019, 09:19   #11
jaggiebunnet
Registered User
 
jaggiebunnet's Avatar
 
Join Date: Nov 2003
Posts: 1,320
Quote:
Originally Posted by antix80 View Post
There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"
There is a cyber division setup exactly to investigate this type of thing. https://www.garda.ie/en/about-us/spe...bureau-gnccb-/
jaggiebunnet is offline  
14-09-2019, 09:20   #12
Glass fused light
Registered User
 
Glass fused light's Avatar
 
Join Date: Aug 2016
Posts: 1,547
Quote:
Originally Posted by antix80 View Post
There's no point. You're lucky to find a computer in a garda station and I'd reckon any of their technical IT people are busy with child pornography offenses and serious fraud rather than a phishing attempt that resulted in a lock screen that said "kill yourself". They'd probably file that alongside "i got 5 calls from a hidden number" and "i gave my 12 year old a smartphone and now someone is bullying him online"
I agree that it should be reported.

( The kill yourself message is a breach of the law from the old P&T days and if memory services me can be punished by the removal of service, that reminder to most teens would stop some of the online bullies or at least get their parents attention )

While the Garda may not be able to put this in as a priority if the person is doing this to multiple people and no one reports they get away with it and learn how to do it better the next time. Just flagging a person gives the Garda soft information that could be beneficial at a later date.
Glass fused light is offline  
(3) thanks from:
14-09-2019, 10:25   #13
InstaSte
Registered User
 
Join Date: Dec 2013
Posts: 3,334
Report it, was defo that guy.
InstaSte is offline  
14-09-2019, 14:08   #14
smuggler.ie
Registered User
 
Join Date: Oct 2015
Posts: 1,859
Rise Q with google, they should have record of this activity.
smuggler.ie is offline  
14-09-2019, 14:23   #15
riclad
Registered User
 
Join Date: Nov 2011
Posts: 6,168
Go to a pc ,open firefox, if you can log in to gmail ,
and set up 2 factor security,
see gmail setting,s security, it,ll ask you to put in a phone no,
so if your password is changed you will get a txt message on your phone.
You can also use the 2 factor security, to change your password in the future,
It will send a pin code to your phone in a txt message .
put in code , in order to change your password .


https://www.google.com/landing/2step/

this will protect you in future if someone wants to hack into your gmail,
they,ll need to acess your phone and read the text from google
,which is unlikely.
If you are at a web cafe or using a friends pc,
always log out from gmail and youtube .
click sign out from youtube.

You can set it up from a phone or a pc,
i prefer to use a pc .
riclad is offline  
Thanks from:
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet