Nearly every day, we read scary stuff regarding the Yahoo email hack last December. In these pages, we try to be careful about “crying wolf” and being overly sensational. However, this story resonates because it could happen to any of us and involves a friend.
Last Friday, a business owner and friend of mine in another part of the US in a non-technology business told me a tale of how an innocuous mistake has spun out control and is threatening the existence of his business.
The mistake was simple – one that many of us could make even though there are plenty of warnings out there. Last Monday, his company sold a multi-thousand dollar item to an individual in Minnesota. Payment had been arranged to be made via wire-transfer. My friend emailed the buyer the wiring instructions including the bank, routing, and account numbers.
A couple of days later, the business owner (fortunately) gets a phone call from the buyer in Minnesota asking why did an east-coast business wish several thousand dollars be wire-transferred to a bank in Spain? Dumbfounded, my friend asks that the email be sent back to him and yes, the original email had been altered. The email was identical except that Bank Name, Routing # and Account # had been changed. And guess what – the password to his email account had also been changed. He could connect from his existing devices, but when he tried to login from another computer or to his administrative account to change his password, he couldn’t.
Not only was his email hacked it’s now being scanned for keywords like “account” or nine digit numbers that could be bank routing numbers. This group is sophisticated enough to intercept all his emails, pull out the ones of interest, make the appropriate changes (in this case bank routing and account # info) and send the email along to its intended recipient all while looking like the original sender.
Now my friend is in full-on scramble mode!
He contacted his bank (a “big bank”, so the customer service was less than stellar, which is another story), and was finally able to setup a new checking account, freeze his existing account and transfer funds. What’s still in progress is the changing of dozens of ACH, direct deposit, government, direct payment, along with notifying everyone that had connected to his main checking account. And the “big bank” wouldn’t freeze his existing account or allow him to manually authorize all payments.
Trying to fix his captured email account: This is not so simple. You see, his email account started out life many years ago with a small local internet service provider (ISP). That ISP was sold to AT&T. Sometime after, Yahoo began managing and operating AT&T’s email system. And depending on the exact transactions, even Verizon and AOL might be involved. On top of all that, it’s a free account – hence there’s no one to talk to. Since he can’t get into his administrative account regaining control of his email or even shutting it down is going to be extremely difficult if not impossible.
Along the way, my friend did contact the local police to see if they or the FBI working with the help of Spanish authorities might be able to trace the owners of the bank account where the funds were supposed to go. He was told that even with the information he supplies, it's unlikely to reach the perpetrators, because the Spanish bank account is most likely hacked as well.
As my friend told me, nearly everything in his business’s financial life rolls through his email and his main bank account. His business life has been upended. Every time, he tries to work on something else within his business, he keeps coming back to how vulnerable he and his business is right now. This is going to take time, patience, and perseverance to get through.
OK, I know you've heard this, but please pay attention:
- NEVER NEVER NEVER send unencrypted email containing any bank, credit card, social security, or other business account number information. Don’t use unencrypted texting or messaging either. Call that information in and make sure you only call known phone numbers and speak with known individuals.
- If you have or think you have an email address that involves Yahoo in any way, IMMEDIATELY, change the passwords. If you can’t login to your administrative account, you are likely already compromised.
- Scan back through your old emails, particularly sent emails. If you see any account numbers or other important identification information, get to those accounts and at least change your passwords. For important accounts like bank accounts, consider closing out those accounts and opening new ones.
- Seriously consider adding email encryption or creating a fully encrypted email system for your organization.
- We can help you with any of this. Our staff is well-trained and have become a very suspicious group. If you suspect anything, contact us.
The Yahoo hack last December exposed over 1BILLION email addresses and mobile phone numbers. The people who did this are sophisticated and are interested in your money.
As we learn more about my friend’s situation, we will update this entry.