Account hacked, threats received

249 views
Skip to first unread message

sha...@gmail.com

unread,
Sep 15, 2006, 7:56:15 AM9/15/06
to Gmail-Users
On September 5th 2006 my gmail account was hacked. I have no idea how.
My password was changed, my secondary email address was changed, who
knows what else. I have not been able to get into it since then. I
followed all of the online procedures at gmail.com to reset
password/recover account but never had any success. Email pleas to
gmail support were never replied to.

I stupidly used the same address/password for my paypal account and had
a lot of fraudulent purchases happen there... including funds
transferred from my checking account that was tied to my paypal
account. A total nightmare.

Anyway, yesterday and today I received emails from the waste of DNA
that hacked my account. This person is now trying to extort rapidshare
subscriptions from me.. if I don't comply he/she threatens to rain more
woe down upon me. Messages appear below.

Does anyone have any suggestions for recourse? I have thoroughly
checked my home and work PCs for any signs of malware that might have
intercepted my gmail password to start this whole mess and found
nothing. In the past month I had checked my gmail account from
friends' machines, internet cafes, etc, so I assume that one of those
machines started this whole mess.

I'm hoping these are empty threats prompted by my noticing and
immediately cancelling the subscriptions this person created through my
paypal account. At this point I'd be satisfied with being able to my
original gmail account completely deleted.


First
message:---------------------------------------------------------------------------------------
Return-Path: <apa...@ss78.shared.server-system.net>
Received: from ss78.shared.server-system.net
(ss78.shared.server-system.net [216.70.92.3])
by qbc.net.local (8.12.11/8.12.11) with ESMTP id k8EK5iCS029709
for <sh...@qbc.com>; Thu, 14 Sep 2006 16:05:45 -0400
Received: from ss78.shared.server-system.net (localhost.localdomain
[127.0.0.1])
by ss78.shared.server-system.net (8.12.11.20060308/8.12.11) with ESMTP
id k8EKVIWD022784
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <sh...@qbc.com>; Thu, 14 Sep 2006 13:31:18 -0700
Received: (from apache@localhost)
by ss78.shared.server-system.net (8.12.11.20060308/8.12.11/Submit) id
k8EKVHDI022768;
Thu, 14 Sep 2006 13:31:17 -0700
Date: Thu, 14 Sep 2006 13:31:17 -0700
Message-Id: <200609142031....@ss78.shared.server-system.net>
X-MT-MESSAGEID:
J8L2hvbWUvdmlydHVhbC9zaXRlNDE2L2ZzdC92YXIvd3d3L2h0bWwvbGVuZGVycmVjb3ZlcnkuY29tL21haWxlci5waHAsL21haWxlci5waHAsMjEyLjIwMC4xMTcuMjUw
To: sh...@qbc.com
Subject: Want your G back ?
From: Officer G <mas...@microsoft.com>
Reply-To: mas...@ss78.shared.server-system.net
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.54 on 10.60.60.100
Status: RO
X-UID: 4371
Content-Length: 308
X-Keywords:


Do you want your e-mail back ?
(Your gmail)
If yes, that will cost you 1 year Rapidshare account & dont try to
cancel it after a few days,
coz i`ll hack you again!
When you buy it send it to these mail: ssaann...@gmail.com
and be smart ;)
Have been lucky coz i didnt wanted to take your server down...

Second
message:-------------------------------------------------------------------------------
Return-Path: <nob...@neutron.liquidweb.com>
Received: from neutron.liquidweb.com (neutron.liquidweb.com
[64.91.243.106])
by qbc.net.local (8.12.11/8.12.11) with ESMTP id k8FAs3qH005637
for <sh...@qbc.com>; Fri, 15 Sep 2006 06:54:04 -0400
Received: from nobody by neutron.liquidweb.com with local (Exim 4.52)
id 1GOBjQ-0000nX-Ep
for sh...@qbc.com; Fri, 15 Sep 2006 07:19:40 -0400
To: sh...@qbc.com
Subject: Hm ?
From: Officer G <Cap...@microsoft.com>
Reply-To: Cap...@qbc.net.local
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id: <E1GOBjQ-...@neutron.liquidweb.com>
Date: Fri, 15 Sep 2006 07:19:40 -0400
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - neutron.liquidweb.com
X-AntiAbuse: Original Domain - qbc.com
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - neutron.liquidweb.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Scanned-By: MIMEDefang 2.54 on 10.60.60.100
Status: RO
X-UID: 4402
Content-Length: 68
X-Keywords:


So, you dont want your gmail back.
Ok, prepare for the next step.

Zack (Doc)

unread,
Sep 15, 2006, 9:12:42 AM9/15/06
to Gmail...@googlegroups.com
Copy the e-mail, headers and all, into an e-mail to:

ab...@gmail.com, ab...@paypal.com, ab...@qbc.com, ab...@microsoft.com,
ab...@liquidweb.com, ab...@server-system.net

I guarantee that these companies do not want to be a party to this,
and will take some action. Also consider contacting the FBI... they
have a cybercrimes division that will possibly look into this.

MrKewlOhio

unread,
Sep 15, 2006, 10:53:17 AM9/15/06
to Gmail...@googlegroups.com
I agree with Zack.....my cousin just happens to work for the FBI in that
same division. He always is encouraging people who have the type of
problem that you have to report it.

Ryan Morehart

unread,
Sep 15, 2006, 3:17:06 PM9/15/06
to Gmail...@googlegroups.com
Ditto here, do what Zack said. Paypal in particular has a mechanism for you take action. (https://www.paypal.com/ewf/f=sa_unauth )
Ryan
Reply all
Reply to author
Forward
0 new messages