Jump to content

Menu
Giving You and Your Child a Road Map to the Best Possible Education
The Well-Trained Mind Community

Computer Hacked? Help!

OnMyOwn

By OnMyOwn,
in The Chat Board

 Share

Recommended Posts

OnMyOwn

OnMyOwn

Posted
Posted

Today my dd was checking her email on our mac and she opened something in her spam.  We got a warning page that popped up saying there was a virus and to contact apple and it gave a phone number.  Well, I closed down the page because I've had something similar happen before an it was just a scam, but nothing came of it.

 

Within an hour, I received an email from my dd in my gmail account on my phone  Google prompted me to log in and I did and the email from my dd was some article she said she hadn't sent me.  Then, my dd comes rushing upstairs because her e-mail is filling with emails that are bouncing back to her email address.  Hundreds of them.

 

Then, I got an email in my verizon yahoo account on my iPad that someone in Louisiana was trying to log in to my gmail account.

 

So, we changed our passwords on my dd's aol account, my google/gmail account, and my bank account just in case.

 

I thought it was all resolved but a few hours later, it looks like more e-mails were sent from my dd's aol account again for about an hour.  I don't know how that could have happened since we changed her password and even made it so that every time she goes to login, she also has to retrieve a code texted from aol to my phone.

 

How could someone have gotten into both my dd's aol account and my google/gmail account within such a short amount of time?  How could they have gotten back into her e-mail even though we changed the password?

  • Like 1
Link to comment
Share on other sites
OnMyOwn

OnMyOwn

Posted
  • Author
Posted

Ugh. No idea but this junk stresses me out. It took me 3 weeks to straighten out DS stolen Xbox password and the subsequent $900!!! worth of fraudulent charges.

 

So sorry this happened to you.

Thanks. I'm almost wondering if they can just get on to the computer when we have it connected to the internet. It doesn't make sense that they still had access to her email after we changed the password,

Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted

YOUR MAC SHOULD BE DISCONNECTED FROM THE INTERNET AND FROM YOUR HOME LAN, UNTIL IT IS COMPLETELY CLEAR

 

DO NOT COPY ANY FILES ON THE INFECTED COMPUTER TO ANOTHER COMPUTER, THUMB DRIVE, EXTERNAL HARD DISK DRIVE, ETC. AT THIS TIME, YOU MUST ASSUME EVERYTHING ON THE COMPUTER IS INFECTED.

 

Sorry this happened to your family. One basic rule was violated: One should never click on a link in an email they receive.  Also, most things that are in the SPAM folder are in fact SPAM and should be deleted, ASAP.  Now, how do you recover from this and try to prevent it from happening again? First, each of your accounts should have a different password.  I use the FREE version of LastPass to keep track of my passwords.  Secondly, each password should have a minimum of 8 characters, including upper and lower case letters, numbers, and special characters such as #$%

 

I am not familiar with Apple products, but if this were a PC, I would suggest that you install the latest free version of AVG Anti Virus, or Avast, or something else, with their latest virus definitions and that you run a FULL scan on every file on your hard disk drive.  I would also run a free version of their Malware utility, and possibly other utilities to try to detect and eliminate this. We use IObit utilities on our PCs, Advanced SystemCare, but I don't know if they have that for Apple products. If they don't,  I assume other companies have products like that for Apple products. 

 

The worst case is that you will need to wipe the hard disk drive,   and then reinstall your OS and your Application programs.

 

CHANGE PASSWORDS ON THE ACCOUNTS THAT WERE COMPROMISED, TO UNIQUE STRONG PASSWORDS AS I DESCRIBED ABOVE

 

GL

  • Like 4
Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted

Thanks. I'm almost wondering if they can just get on to the computer when we have it connected to the internet. It doesn't make sense that they still had access to her email after we changed the password,

 

YOU MUST, IMMEDIATELY, DISCONNECT THAT COMPUTER FROM THE INTERNET AND FROM YOUR HOME LAN.  YOU DO NOT HAVE CONTROL OF THAT COMPUTER. IT HAS BEEN COMPROMISED AND IS UNDER THE CONTROL OF SOMEONE ELSE.

  • Like 2
Link to comment
Share on other sites
OnMyOwn

OnMyOwn

Posted
  • Author
Posted (edited)

Thanks. I'm going to take it to my dad's today and have him look at it since he is the family expert. In doing some more searching, it looks like her aol account was spoofed instead of hacked since there is nothing in her sent box.

 

So maybe when she clicked on the link in the email, it let the scammers know it was an active email address and they immediately started using it to spoof her account?

 

It just seems odd that the emails stopped almost as soon as we changed the password. Maybe that was coincidence. And that someone attempted to gain access to my gmail account at almost the same time.

Edited by OnMyOwn
  • Like 2
Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted

There are 2 issues here: The first is that someone hacked into the MAC and is using it to send SPAM and possibly to do other things. If that MAC is connected to the Internet or your Home LAN, assume that someone else is using it, to do bad things.  The other is that one or more Email accounts have been compromised. THE MAC MUST NOT BE CONNECTED TO THE INTERNET OR TO YOUR HOME LAN UNTIL IT IS COMPLETELY CLEAR.  If this was a PC, there are multiple ways that one can use to try to clear these things up, but with a MAC I don't know and until a few years ago, Apple claimed this wasn't possible or frequent.  There are probably things you can download (onto another computer) and then move to the MAC on a thumb drive and try to run, to clear this up.  The worst case is that you will need to wipe the hard disk  drive, and then reinstall the OS and your Application programs and start over with a fresh and clean installation..  You are not the first person to have this happen to them and it is annoying, to say the least.  Weak passwords are the easiest way for bad people to get into the computers of good people.   GL

  • Like 1
Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted

I do not know how one can check for Viruses and Malware and things of that nature on a MAC.   I hope your dad knows or can learn how to do that.  If it was only someone spoofing your email account, you are very lucky. That is not uncommon and I don't think there is anything one can do to prevent it from happening to them.  

 

Hopefully, your dad understands Apple computers and how to work with them.  You need to be sure they did not get into that MAC, before connecting it to the Internet or your Home LAN again.

 

GL

Link to comment
Share on other sites
Mergath

Mergath

Posted
Posted

It sounds like you might have a keylogger. It basically records everything you type, and collects your passwords and personal info that way. You need to run a good antivirus program on all your computers, and if that doesn't work take them in to a pro.

  • Like 1
Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted (edited)

The key here is to first determine whether or not the MAC was compromised, or, if it was only an email account.  If it is the MAC, that is far more serious...   My VPS (Virtual Private Server, like a Dedicated Server on the Internet) was taken over, by a Chinese Bot Net, 2 years ago. so they could use it as a Drone.. They brute forced the password. That is the most common way to get into a computer, email account, or some other account.  So, it was no longer "My" VPS, it was "Their" VPS.   The VPS was wiped, re installation of the OS and Security measures.  No problems since then.   :hurray:

 

If the MAC was compromised, then it will need to be wiped and the OS and Applications reinstalled.  Serious passwords for all accounts and all accounts have their own password. Passwords should not be used on more than one account. As I  wrote upthread, I use the free version of the LastPass Password Manager.  

 

ETA: Hopefully the OP's dad can find information on the Apple web site or on some web site dedicated to supporting MAC users, about how to clean them up after they are compromised. 

 

 

Edited by Lanny
Link to comment
Share on other sites
StephanieZ

StephanieZ

Posted
Posted

FWIW, my brother, who is in IT, told me not long ago that "Chinese hackers will own your computer within a few minutes of being online w/o solid protection . . ." Makes me nervous, lol. 

 

Until you are 100% confident that the computer is "clean", I'd be sure not to use it for anything sensitive. (I..e., don't log in to any sites from it . . .) And, I'd change *all* my PWs everywhere, and I'd re-change them every week or so for a while. 

  • Like 1
Link to comment
Share on other sites
Lanny

Lanny

Posted
Posted (edited)

DBAN is for PCs.  I would find something like DBAN, for MACs, and then I would wipe the hard disk drive and then I would start over.  Unless the OP is positive the MAC was not compromised, the OP must assume that the MAC is compromised.  Wipe it with something like DBAN, to DOD standards, and do a Clean/Fresh install of the MAC OS and start over.  I know that's a PITA, but it is necessary.

 

http://www.dban.org/

 

ETA: If the OP has a "System Image" of the hard disk drive, she can restore the latest image she made and get back to where the MAC was on the day that "System Image" was made. I use "Clonezilla Live" to make "System Images"

Edited by Lanny
Link to comment
Share on other sites
melmichigan

melmichigan

Posted
Posted (edited)

DBAN is for PCs.  I would find something like DBAN, for MACs, and then I would wipe the hard disk drive and then I would start over.  Unless the OP is positive the MAC was not compromised, the OP must assume that the MAC is compromised.  Wipe it with something like DBAN, to DOD standards, and do a Clean/Fresh install of the MAC OS and start over.  I know that's a PITA, but it is necessary.

 

http://www.dban.org/

Apple provides the instructions on how to erase the hard drive and reinstall.

 

https://support.apple.com/en-us/ht204904

 

If you use time capsule you can erase the hard drive, and restore to a date prior to the compromise.  

Edited by melmichigan
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...