OnMyOwn Posted July 4, 2016 Share Posted July 4, 2016 Today my dd was checking her email on our mac and she opened something in her spam. We got a warning page that popped up saying there was a virus and to contact apple and it gave a phone number. Well, I closed down the page because I've had something similar happen before an it was just a scam, but nothing came of it. Within an hour, I received an email from my dd in my gmail account on my phone Google prompted me to log in and I did and the email from my dd was some article she said she hadn't sent me. Then, my dd comes rushing upstairs because her e-mail is filling with emails that are bouncing back to her email address. Hundreds of them. Then, I got an email in my verizon yahoo account on my iPad that someone in Louisiana was trying to log in to my gmail account. So, we changed our passwords on my dd's aol account, my google/gmail account, and my bank account just in case. I thought it was all resolved but a few hours later, it looks like more e-mails were sent from my dd's aol account again for about an hour. I don't know how that could have happened since we changed her password and even made it so that every time she goes to login, she also has to retrieve a code texted from aol to my phone. How could someone have gotten into both my dd's aol account and my google/gmail account within such a short amount of time? How could they have gotten back into her e-mail even though we changed the password? 1 Quote Link to comment Share on other sites More sharing options...
purplejackmama Posted July 4, 2016 Share Posted July 4, 2016 Ugh. No idea but this junk stresses me out. It took me 3 weeks to straighten out DS stolen Xbox password and the subsequent $900!!! worth of fraudulent charges. So sorry this happened to you. 1 Quote Link to comment Share on other sites More sharing options...
OnMyOwn Posted July 4, 2016 Author Share Posted July 4, 2016 Ugh. No idea but this junk stresses me out. It took me 3 weeks to straighten out DS stolen Xbox password and the subsequent $900!!! worth of fraudulent charges. So sorry this happened to you. Thanks. I'm almost wondering if they can just get on to the computer when we have it connected to the internet. It doesn't make sense that they still had access to her email after we changed the password, Quote Link to comment Share on other sites More sharing options...
EmseB Posted July 4, 2016 Share Posted July 4, 2016 They may have downloaded her contacts and can still spoof her email address even if they aren't logging into her account. It is very annoying. 3 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 YOUR MAC SHOULD BE DISCONNECTED FROM THE INTERNET AND FROM YOUR HOME LAN, UNTIL IT IS COMPLETELY CLEAR DO NOT COPY ANY FILES ON THE INFECTED COMPUTER TO ANOTHER COMPUTER, THUMB DRIVE, EXTERNAL HARD DISK DRIVE, ETC. AT THIS TIME, YOU MUST ASSUME EVERYTHING ON THE COMPUTER IS INFECTED. Sorry this happened to your family. One basic rule was violated: One should never click on a link in an email they receive. Also, most things that are in the SPAM folder are in fact SPAM and should be deleted, ASAP. Now, how do you recover from this and try to prevent it from happening again? First, each of your accounts should have a different password. I use the FREE version of LastPass to keep track of my passwords. Secondly, each password should have a minimum of 8 characters, including upper and lower case letters, numbers, and special characters such as #$% I am not familiar with Apple products, but if this were a PC, I would suggest that you install the latest free version of AVG Anti Virus, or Avast, or something else, with their latest virus definitions and that you run a FULL scan on every file on your hard disk drive. I would also run a free version of their Malware utility, and possibly other utilities to try to detect and eliminate this. We use IObit utilities on our PCs, Advanced SystemCare, but I don't know if they have that for Apple products. If they don't, I assume other companies have products like that for Apple products. The worst case is that you will need to wipe the hard disk drive, and then reinstall your OS and your Application programs. CHANGE PASSWORDS ON THE ACCOUNTS THAT WERE COMPROMISED, TO UNIQUE STRONG PASSWORDS AS I DESCRIBED ABOVE GL 4 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 Thanks. I'm almost wondering if they can just get on to the computer when we have it connected to the internet. It doesn't make sense that they still had access to her email after we changed the password, YOU MUST, IMMEDIATELY, DISCONNECT THAT COMPUTER FROM THE INTERNET AND FROM YOUR HOME LAN. YOU DO NOT HAVE CONTROL OF THAT COMPUTER. IT HAS BEEN COMPROMISED AND IS UNDER THE CONTROL OF SOMEONE ELSE. 2 Quote Link to comment Share on other sites More sharing options...
OnMyOwn Posted July 4, 2016 Author Share Posted July 4, 2016 (edited) Thanks. I'm going to take it to my dad's today and have him look at it since he is the family expert. In doing some more searching, it looks like her aol account was spoofed instead of hacked since there is nothing in her sent box. So maybe when she clicked on the link in the email, it let the scammers know it was an active email address and they immediately started using it to spoof her account? It just seems odd that the emails stopped almost as soon as we changed the password. Maybe that was coincidence. And that someone attempted to gain access to my gmail account at almost the same time. Edited July 4, 2016 by OnMyOwn 2 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 There are 2 issues here: The first is that someone hacked into the MAC and is using it to send SPAM and possibly to do other things. If that MAC is connected to the Internet or your Home LAN, assume that someone else is using it, to do bad things. The other is that one or more Email accounts have been compromised. THE MAC MUST NOT BE CONNECTED TO THE INTERNET OR TO YOUR HOME LAN UNTIL IT IS COMPLETELY CLEAR. If this was a PC, there are multiple ways that one can use to try to clear these things up, but with a MAC I don't know and until a few years ago, Apple claimed this wasn't possible or frequent. There are probably things you can download (onto another computer) and then move to the MAC on a thumb drive and try to run, to clear this up. The worst case is that you will need to wipe the hard disk drive, and then reinstall the OS and your Application programs and start over with a fresh and clean installation.. You are not the first person to have this happen to them and it is annoying, to say the least. Weak passwords are the easiest way for bad people to get into the computers of good people. GL 1 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 I do not know how one can check for Viruses and Malware and things of that nature on a MAC. I hope your dad knows or can learn how to do that. If it was only someone spoofing your email account, you are very lucky. That is not uncommon and I don't think there is anything one can do to prevent it from happening to them. Hopefully, your dad understands Apple computers and how to work with them. You need to be sure they did not get into that MAC, before connecting it to the Internet or your Home LAN again. GL Quote Link to comment Share on other sites More sharing options...
Mergath Posted July 4, 2016 Share Posted July 4, 2016 It sounds like you might have a keylogger. It basically records everything you type, and collects your passwords and personal info that way. You need to run a good antivirus program on all your computers, and if that doesn't work take them in to a pro. 1 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 (edited) The key here is to first determine whether or not the MAC was compromised, or, if it was only an email account. If it is the MAC, that is far more serious... My VPS (Virtual Private Server, like a Dedicated Server on the Internet) was taken over, by a Chinese Bot Net, 2 years ago. so they could use it as a Drone.. They brute forced the password. That is the most common way to get into a computer, email account, or some other account. So, it was no longer "My" VPS, it was "Their" VPS. The VPS was wiped, re installation of the OS and Security measures. No problems since then. :hurray: If the MAC was compromised, then it will need to be wiped and the OS and Applications reinstalled. Serious passwords for all accounts and all accounts have their own password. Passwords should not be used on more than one account. As I wrote upthread, I use the free version of the LastPass Password Manager. ETA: Hopefully the OP's dad can find information on the Apple web site or on some web site dedicated to supporting MAC users, about how to clean them up after they are compromised. Edited July 4, 2016 by Lanny Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 This might be a place for the father of the OP to begin looking: https://support.apple.com/en-us/HT202225 There are probably many other links on the web that might be helpful to MAC users with compromised machines. Quote Link to comment Share on other sites More sharing options...
melmichigan Posted July 4, 2016 Share Posted July 4, 2016 (edited) I would wipe it and reinstall. I do this to our own apple products on a semi-regular basis. It's also why I run Time Capsule on my iMac. Edited July 4, 2016 by melmichigan 1 Quote Link to comment Share on other sites More sharing options...
StephanieZ Posted July 4, 2016 Share Posted July 4, 2016 FWIW, my brother, who is in IT, told me not long ago that "Chinese hackers will own your computer within a few minutes of being online w/o solid protection . . ." Makes me nervous, lol. Until you are 100% confident that the computer is "clean", I'd be sure not to use it for anything sensitive. (I..e., don't log in to any sites from it . . .) And, I'd change *all* my PWs everywhere, and I'd re-change them every week or so for a while. 1 Quote Link to comment Share on other sites More sharing options...
Lanny Posted July 4, 2016 Share Posted July 4, 2016 (edited) DBAN is for PCs. I would find something like DBAN, for MACs, and then I would wipe the hard disk drive and then I would start over. Unless the OP is positive the MAC was not compromised, the OP must assume that the MAC is compromised. Wipe it with something like DBAN, to DOD standards, and do a Clean/Fresh install of the MAC OS and start over. I know that's a PITA, but it is necessary. http://www.dban.org/ ETA: If the OP has a "System Image" of the hard disk drive, she can restore the latest image she made and get back to where the MAC was on the day that "System Image" was made. I use "Clonezilla Live" to make "System Images" Edited July 4, 2016 by Lanny Quote Link to comment Share on other sites More sharing options...
melmichigan Posted July 4, 2016 Share Posted July 4, 2016 (edited) DBAN is for PCs. I would find something like DBAN, for MACs, and then I would wipe the hard disk drive and then I would start over. Unless the OP is positive the MAC was not compromised, the OP must assume that the MAC is compromised. Wipe it with something like DBAN, to DOD standards, and do a Clean/Fresh install of the MAC OS and start over. I know that's a PITA, but it is necessary. http://www.dban.org/ Apple provides the instructions on how to erase the hard drive and reinstall. https://support.apple.com/en-us/ht204904 If you use time capsule you can erase the hard drive, and restore to a date prior to the compromise. Edited July 4, 2016 by melmichigan Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.