My email account was hacked early one morning last week. It was most troubling.
The hacker took the trouble to ask after the well-being of all my contacts. Those who replied would learn I was in Spain “because one of my dear friends had an accident” there. To cut a long story short, the hacker wanted €1,200 and provided his money transfer details.
I don’t think anyone was kind enough to send the money, but my phone very quickly rang hot with people warning me about what happened. I managed to recover the account easily enough, but all my contacts and emails had disappeared and a range of settings had been changed.
The original email from the hacker to my contacts appeared to come from me, but any replies were sent to another – almost identical – address. The hacker had set up a similar account, subtly changing my ‘j’ for an ‘i’ in his chosen username.
Any replies to new emails I sent were redirected to a another different account, presumably to alert the hacker to the fact I had regained access.
With the help of Yahoo, I managed to recover my emails and contacts and eventually corrected the settings on my own account. That still left the hacker with an almost identical email address to my own.
I reported the matter to the police and they referred me back to Yahoo. The police, it seems, will only get involved in these circumstances if money has actually been lost.
By this stage, I already had some detail about the hacker. I certainly knew what email address he or she was using. I also knew what geographical address he was using to receive payments. I have no doubt that further analysis would reveal even more detail.
Despite the fact I was in contact with Yahoo several times already, they took little interest when I suggested further investigation. As a minimum, I insisted the hacker’s email address was closed down, but why not probe further? Why not hunt them down like a dog and make them write 100 lines on the importance of respecting third party email accounts?
Yahoo’s initial reaction was to recommend a new password; like I hadn’t thought of this? I pressed them to investigate and and they responded to request ‘proof’. So I resent the evidence and eventually, a week later, they closed the spurious account. I had to find this out for myself as Yahoo was “unable to disclose the action taken on another user’s account with a third party.”
I don’t suppose Interpol is on the case, but I like to imagine the hacker is now speeding through the streets of Madrid on an underpowered scooter in a vain attempt to escape justice. Like Jason Bourne, he will probably never be caught.
But why not? We hear very little about spammers or hackers facing justice. I receive about 40 spam messages a week. Some of them are just advertising; others are much more sinister. Evidently they prey on the most vulnerable, but they affect us all.
Perhaps Yahoo has little interest in investigating all my spam, or yours. Each message takes time to investigate. But patterns emerge as more messages circulate and I’m sure my own spam box is fertile ground for investigation.
This is a serious worldwide problem, and I fear it is only going to get worse. It was time to do something about it ten years ago. Will someone please crack on with it?