It’s been a bit of a paranoid time for me, helped in no small part by the deviousness of PC World columnist Geoff Palmer, who used me and my colleague Aimee Whitcroft as guinea pigs in a phone number spoofing demonstration.
Geoff had flagged with us we might receive some unusual text messages, but the warning was soon forgotten. I was getting into the shower the other morning when my mobile beeped. I picked it up to see the following message displayed on the screen:
I’ve had it with your crumby job. I’ve found a better one. I quit!
The text message appeared to be from Aimee’s phone number. Around the same time, I later found out, Aimee received the following message, apparently from me:
Don’t bother coming in today. In fact, don’t bother coming back at all. You’re fired.
For 60 seconds or so I stood in the gathering steam of my bathroom puzzling over what could have caused my usually even-tempered colleague to throw in the towel – via text message. Then Geoff’s warning came back to me. Aimee, unfortunately didn’t click as quickly and it took a few follow up messages to avoid a fully-fledged employee relations meltdown.
I had to chuckle, but it could have been very different if the prank was pulled on a totally unsuspecting party. As Geoff outlines in his blog post, spoofing a person’s mobile phone number so it appears that a message was sent from you, is relatively straightforward. Imagine the personal and professional chaos you could cause!
I was recovering from the spoofing incident when I discovered that someone had hacked into my seldom-used Hotmail account and had sent the following message to everyone in my Hotmail contact book:
Subject: Dear !k!
Hey! how are you today ?
I found a good website last week: ( http://www.ec-b2b.com )
One of my friend bought a notebook and he got the product in one week. Its quality is very good and the price is competitive.
Now , the Christmas day is coming, this website will be a good choice for you. I am sure you will get many surprise and benefits. please forgive me for this email if you are not interested in anything upon them
They also sell Laptop,TV,Games,Phones,Camera,Motorcycles and so on.
their product are fully with original quality
I was pretty annoyed by this as I imagined all of my colleagues and friends, past and present opening a bizarre, badly-worded piece of spam appearing to come directly from me. I’m still getting to the bottom of it – (Geoff own up now if it was your doing!) but this one isn’t a spoofing trick. My account was used to send out dozens of spam emails – I know this because there are dozens of delivery failure notifications in the inbox – bounce-backs from accounts that no longer exist.
So someone gained access to my Hotmail account and sent out dozens of spam messages, obviously as part of some automated spam program. It seems I’m not alone in being hacked in this way.
“…these are coming from the Hotmail website and have nothing to do with my PC. I’ve changed my Hotmail password and will cross my fingers that this doesn’t happen again. It’s something Hotmail needs to fix, because other than changing the password, there’s nothing I can do on this end.”
This appears to be a fairly common (of late) exploit in Hotmail or the Windows Live/MSN network allowing unauthorised access to the contact books of MSN users. As such it is pretty shocking. Like those writing in the Windows forum, I’m pretty sure my computer is virus and malware free. I’ve since changed my password and so far so good, but Microsoft needs to get to the bottom of what went on here – and tell its users about it.
Xtra account hacked?
Just today I received the following bizarre message, apparently from a scientist we have had regular contact with at the SMC:
Subject: Swift response
Sorry I didn’t inform you about my traveling to the UK. I’m presently in Royal Victoria Dock, England. And am having some difficulties here because i misplaced my bag on my way to the hotel where my money and other valuable things were kept.
Presently my passport and my things are been withheld by the hotel management pending when i make payment.
At the moment am not my self and I cant even think straight but I will appreciate it, if you can loan me $3,325 to sort-out my hotel bills and to get myself back home and I will refund it upon my return.You can help me wire the money through western union money Transfer to my personal details and to the hotel address bellow.
Name: [name removed]
Address: 2 Festoon Way, Royal Victoria Dock,
As soon as you get it done,send me the Transfer details Including the (money Transfer Control Number).Get back to me as soon as you can.
Now we haven’t been able to get in touch with the scientist whose account this email was sent from – he is based overseas much of the time, but it looks very much like a scam to me and one that uses in several place the first name of the account holder, suggesting this is no automated fraud attempt. Now that’s slightly worrying.
All of this serves to remind us how important keeping our digital identity secure is. The problem is, hacking and spoofing efforts seem to be getting more sophisticated all the time – how long before we have a hack attack of epic proportions affecting the hundreds of millions of webmail users around the world? A slightly worrying prospect indeed…