I got to work today and as usual, I start up all of my apps. I usually hop into my Gmail too just to cover the bases. At first it would not let me in… I just figured they had a server down or something. But after an hour or so it started to annoy me. How could Google, the monolith that runs Gmail have a server down? I’ve heard stories of people just losing their accounts… everything just gone. That really worried me. I emailed Holly from my work email at 10:56am just to let her know my Gmail was down. I tended to a few work items and tried again and it still didn’t work. I thought I’d try logging in to Facebook and it didn’t let me in either. It was at that second that I figured something was up.
I got out my phone and fiddled with it to see if I could access something… anything. And while it was in my hand, it rang. The time was 11:53am. It was a 703 area code. Nothing out of the ordinary… northern Virginia… where I lived for three years. I answered it and a female voice at the other end asked, “Roger?” I said yes. “Where are you?” I thought that was a weird question… “I’m at work” I told her. She relented, “but where?” “In Austin,” I was really confused at this point. Then she said, “This is Ava.” Then it clicked who she was. It was a former co-worker of mine whom I worked with in Washington DC. She began to explain that someone was chatting with her on Facebook saying that he was me, and he was in London and was mugged and needed $500 wired to him ASAP to catch a flight home. I sat in shock. How did this punk get into my accounts? That’s what confused me. She tried to lead him on for a while and asked him questions. He tried to answer by pulling information about me from my Facebook. After a while he gave up and stopped talking to her. It was at this point that I didn’t really know what to do next. I thought to myself that I need to get a hold of the banks. We talked for a bit longer, I thanked her profusely for calling me and I let her go.
I managed to get on the credit card and bank website and changed their passwords. I called Holly and we began working on changing all of the passwords to our online accounts… utilities and other email accounts. I finally decided to call Citibank, my credit card, and ask them what I should do. I was on hold for quite a bit, which is uncharacteristic for Citibank compared to my past experiences. I was finally connected to an agent and explained my situation the best I could. He then told me that they had been contacted by the VISA and MasterCard companies about an online merchant whose customer database had been breached. Citibank had already cancelled my cards and reissued new ones.
At first I was caught off guard. But then it made sense. Whoever got their data must have gotten the email address I registered with the site and password I registered with. Stupidly, it was the same as my email and Facebook password! It all made sense now. These guys look for credit cards too, but the number they had was worthless. I use a different virtual credit card number every time I make an online purchase – it’s only good for that one time. But I guess they know to see if you use the same password for the purchase for your email too. That’s where they got me.
I immediately went to Gmail’s site and found a page where you can report that your account was compromised. They make you answer questions about your email setup that only you know and then you just submit the form. I had no idea how long it would be until I heard anything back. I tried to do the same for Facebook, but it was a lot harder and I didn’t get very far. It was just after 12:30pm and I was late for a meeting. I really wanted to keep working on changing passwords, but I know Holly was on it and there wasn’t much else I could do.
I sat through that meeting not really paying very good attention. I was bummed but really more worried. I tried to think everything through that we were doing to make sure we were doing everything that we could do to make sure any damage was limited.
I got out of my meeting around 1:15pm and went right back to my desk. And lo and behold there was an email from Gmail telling me that they had locked my account and all I had to do was click a link to reset everything. I did that immediately and changed the password. I was feeling pretty pumped at this point and went to Facebook and clicked a link there to reset my password and reset it there too! What a relief!! I closed both accounts and called Ava again to ask her to see if she could still see me online on either account. She looked and I was offline in both. I was afraid that maybe he still had it open while I reset the passwords and wasn’t kicked out yet. Me not showing up in chat was a pretty good indication that it was over.
It was a little after 2pm when I was able to put a status update on Facebook telling people that my account was hacked and to let me know if someone contacted them asking for money. Then I went into Gmail and looked to see if he emailed anyone but it didn’t look like it. There were a few emails from ebay stating that my account was disabled due to possible fraudulent activity… that was good. Then I remembered that Gmail keeps a log of all chats and I checked those out. It looked like he contacted a few people – six to be exact. All of them looked like a short number of lines… just four or six. But one had about sixty… and it read like this (I have removed my friend’s name):
11:40 AM me: Hey
Friend: what up dude?
11:41 AM me: Not too good
How are you
11:43 AM Friend: couldn't be better. What's wrong?
11:45 AM me: I Was mugged at gun point in london lastnight
Friend: What?! you on vacation?
11:46 AM me: Yeah
Those muggers took my wallet and bank card with my cellphone
Friend: did you get hurt?
me: Am stuck here at the moment and i need help with my flight ticket back home
11:47 AM Friend: you alone?
11:48 AM me: Am with my wife here
Friend: is she ok?
11:49 AM me: She is not
We need help right now cos we need to leave here in the next two hours
11:50 AM Friend: what do you need bro?
11:51 AM me: My Flight would be leaving in the next two hours i need $700 to complete my flight ticket back home
11:52 AM Friend: how would i get it to you?
me: You can wire the money online to me Via www.westernunion.com
11:53 AM Friend: How do i know this is really roger, tell me something only you and i would know
11:56 AM me: I Am Roger and Married to Holly Mommaerts
11:57 AM my high school X High 'xx
employer United States Army
Friend: k, let me talk to my wife really quick
12:03 PM me: Are you there
Friend: yeah, waiting for my wife to call back
shes at work
12:05 PM convincing her it's not a scam
me: Well am more than these
12:06 PM I Would refund the money back as soon as i return
12:07 PM Friend: i need a recieving country
im on the website
12:08 PM Wire it to roger mommaerts
12:10 PM Did you get the message
Friend: Yeah, im registering with the website
12:11 PM me: Ok
12:14 PM Are you through
12:15 PM Friend: sending right now
gave me a number to call to complete transanction, hold on
12:16 PM me: You want to call western union
12:18 PM Friend: im on the ohone right now, she just has to verify everything for security purposes
12:19 PM me: Ok
12:20 PM Friend: she's saying she has to validate my identity
12:22 PM me: Ok
Friend: almost these
12:23 PM she said the soonest you will be able to pick it up will be after an hour from now
is that alright?
12:24 PM Give me the MTCN NUMBER
12:25 PM now get your ass back home
12:26 PM me: Alright
12:33 PM Friend: I'll stay online, if you can let me know when you get on the flight
12:34 PM me: Ok i would talk to you
That was it. He had a victim. I immediately chatted with my friend…
2:32 PM me: Friend - you there?
you got scammed
some guy hijacked my gmail and facebook
2:33 PM call western union back asap and tell them it was a scam
Friend: yes im here
me: it was a scam
Friend: what the hell
2:34 PM me: call western union back
i am so sorry
what is your hopne number?
i will call you
2:36 PM me: sorry man
I called him and explained what had happened. I urged him to call Western Union immediately and call me back. He called me back at 2:52pm and WU said they already picked up the money. They also advised him to contact the local police where he lives and also the London Metro Police. I asked my friend how he paid and he said credit card. I told him to call the credit card company to see what they could do.
Another friend from DC called me at 3pm to ask me if everything was okay because she was being asked for money earlier in the morning. I assured her all was well.
I was away from my desk and saw that my friend called me at 3:30pm and I missed it. I called him back at 3:45pm and he said he had talked to both police departments and his credit card. And that his credit card company said it would not be charged against him since it was fraud – what a blessing!
Holly and I did place a fraud alert on our credit too just to be on the safe side.
It was nearing 4pm and I had not had a bite to eat since just a banana around 12:30pm. I finally ate my lunch and got some work done. I hung around the office with a splitting headache until around 7:30pm.
The only pending issue I have now is that Facebook has decided to disable my account due to fraudulent use. No duh. I got an email from them earlier and it asked me a security question that I thought was correct. I just got an email that it was not correct and that my account will remain disabled. I replied with what I am sure it really must have been, so we’ll see if they give me another chance. I think it’s a bit weird that they don’t have any other way to reset your account and they just disable it. But that is not a life stopper. Life without Facebook isn’t a biggie. I really haven’t had much time to spend on there recently anyway.
Well, it has been a long mentally and emotionally exhausting day. I guess if there is one lesson I have learned from this it is to make sure all your important accounts have a unique password. Especially different from the ones you use to purchase anything online. I am very thankful that Holly and I were able to keep our wits about us, stay cool and hop on top of everything to regain control. Be very wary about anyone asking you for money, even if it is someone you think is your friend.