Email Hacker Activation Code 31
Sanora Ngueyn
- I tried "forgot password" and it gave me the option of reset via email. BUT, I noticed the email address is NOT mine. So I did not proceed, because the hacker changed the email address saved to my profile.
- I went to facebook.com/hacked, and clicked on "my account is comprised". I tried the current password and 2 old passwords, and each time it only gives me the option of sending the reset code to the email address, which is the hackers email.
- I went to facebook.com/identify, thru a chrome browser that i use for FB, and also thru a new browser. I tried my phone #, email and my name and it couldn't find my profile. I was finally able to find my profile by entering my profile's URL, and interestingly underneath my profile photo, it shows my phone #, even though it couldn't find my profile when i entered the phone #. WEIRD
ALSO, the "do not have access to these (email, ph#)" option does not show up on the app, mobile browser or PC browser. I'm guessing facebook removed that. Will downloading an old version of the FB app maybe show the option?
Alice registers her mobile phone number with Gmail so that if she ever forgets her password Google will send her an SMS text message containing a rescue verification code so she can access her account.
If Malcolm was keen to not raise suspicion, and continue to see every email that Alice receives for the foreseeable future, then it may be that he will reconfigure her email to automatically forward future messages to an account under his control, and then send an SMS to her containing the newly reset password:
However, I wonder how many people when faced with a message that they believe to be from Google or Yahoo would act upon it immediately, with little thinking of the consequences. After all, one of the biggest worries many people might have in this day and age is to be cut off from their email account.
Even a line of text (in bold red) on the website re-iterating that you should not enter any unsolicited verification code. They could start adding the caveat to all their genuine text messages immediately.
"You should only enter a verification code if you requested one. Do not enter your code here if you did not request it. Other than when you first set-up your account we will not send unsolicited messages asking you to verify your account."
Quite an insidious scam and not one I've come across before. I can imaging it fooling many particularly if a hacker intentionally 'locked' a victim's account by entering a number of wrong passwords (queue the account holder trying to access their locked account (using a genuine link)).
It's easy to imagine a situation where bad guy Malcolm instigates Google sending Alice the verification code and then Malcolm *phones* Alice on the number (pretending to be Google) and asking her to verify the number she's just been sent.
This site doesn't write ANYTHING about hacking. Graham & others write about online snoops and vandals, then misapply the word "hacker" to them. And then presumably sometimes "Security Professionals" that keep doing that wonder why some people are so unenthusiastic about helping them as much as possible. What Graham etc. Are trying to do here is good and important, it's a pity he taints it by perpetuating misuse of a word almost sacred to many of my friends. Respect is rarely given to those who won't offer it themselves.
If "hacker" was a term of ethnicity, it would be illegal in many places to abuse the word that way. Which I think is foolish lawmaking, but being inconsistent makes it much worse.
A bonafide user would be expecting the code, use as soon as received, and thereby invalidate for future use.
There would only be a short window for the attacker to request the code and get it before being used, but I guess the user would be more occupied with completing the validation task before replying to the attacker, so I think chances of success for the attacker would be quite low.
Someone not expecting one may not notice a message and attacker's request in time before the code expires.
The good news, at least if you use GMail, is that you can make your email virtually hacker-proof today, provided you own a cell phone. The fancy geek technical term for this is two factor authentication, but that doesn't matter right now. What matters is that until you turn this on, your email is vulnerable. So let's get started. Not tomorrow. Not next week. Right. Freaking. Now.
Once this is enabled, accessing your email always requires the password, and a code delivered via your cell phone. (You can check the "remember me for 30 days on this device" checkbox so you don't have to do this every time.) With this in place, even if they discover your super sekrit email password, would-be hackers can't do anything useful with it! To access your email, they'd need to somehow gain control of your cell phone, too. I can't see that happening unless you're in some sort of hostage situation, and at that point I think email security is the least of your problems.
Your cell phone isn't the only way to get the secondary PIN you need to access your email. On the account page there are multiple ways to generate verification codes, including adding a secondary backup phone number, and downloading mobile applications that can generate verification codes without a text message (but that requires a smart phone, naturally).
Applications or websites that access your email, and thus necessarily store your email address and password, are also affected. They have no idea that they now need to enter a PIN, too, so they'll all be broken. You'll need to generate app-specific passwords for your email. To do that, visit the accounts page.
This effectively creates a list of passwords specific to each application. So you can see the date each one was last used, and revoke each app's permission to touch your email individually as necessary without ever revealing your primary email password to any application, ever. See, I told you, there is a method to the apparent madness.
Either nag your email provider to provide two-factor authentication, or switch over. Email security is critically important these days, and switching is easy(ish). GMail has had fully secure connections for quite a while now, and once you add two-factor authentication to the mix, that's about as much online email safety as you can reasonably hope to achieve short of going back to snail mail.
I know what you're thinking. Yes, this is a pain in the ass. I'll fully acknowledge that. But you know what's an even bigger pain in the ass? Having your entire online identity stolen and trashed by a hacker who happens to obtain your email password one day. Remember that article I exhorted you to read at the beginning? Oh, you didn't read it? Go freaking read it now!
Permit me to channel Jamie Zawinski one last time: "OMG, entering these email codes on every device I access email would be a lot of work! That sounds like a hassle!" Shut up. I know things. You will listen to me. Do it anyway.
I've been living with this scheme for a few months now, and I've convinced my wife to as well. I won't lie to you; it hasn't all been wine and roses for us either. But it is inconvenient in the same way that bank vaults and door locks are. The upside is that once you enable this, your email becomes extremely secure, to the point that you can (and I regularly do) email yourself highly sensitive data like passwords and logins to other sites you visit so you can easily retrieve them later.
If you choose not to do this, well, at least you've educated yourself about the risks. And I hope you're extremely careful with your email password and change it regularly to something complex. You're making life all too easy for the hackers who make a fabulous living from stealing and permanently defacing online identities just like yours.
Second, they activated two-factor authentication. This is supposed to increase the security of a system because you need to enter a code in addition to your password. The problem occurs when, again, it points away from the account owner and to the hackers instead.
When you go through the process of sending a photo of your ID to be verified and you receive the email from Facebook confirming your ID is accepted with a link to reset your password, DO NOT CLICK THE LINK IN THE EMAIL!!!! Instead, follow the instructions further down in the email which says something along the lines of
All of the information I have about the Facebook two-factor authentication problem is listed in this blog post. I will no longer be responding to emails or messages regarding this issue since I cannot provide any further assistance.
I was just wondering if you ever got a reply from facebook/ managed to get back in? Like you, I have about a decade of photos on there, and also just feel really uncomfortable that a hacker still has access to my account!
Hi Elaine,
Did you have any updated tips or info on how to get your account back the fastest based on this problem? Currently experiencing the same issue with them changing the Code generator app and me not being able to get the code. Trying to reach FB to get them to remove the 2FA req. but no luck yet.
Hey Elaine!
Same happened to me about 3 weeks ago! Even though I was able to send my ID and for Facebook to recognized it (also I was able to change the email as the hacker has changed to one of his own) FB did contact me via email, send me a code but this code never worked :(. I regained my password but as the 2F Authenticator was enable by the hacker, I guess they are still getting this second code that I need to log in into my account. I wonder if FB would ever respond my email (as they where the ones initiating the communication) on this email it said: If you have any questions please respond on this email..
I have been off facebook since June 2022 and I finally changed the email and password to the account In July but now this 2FA is turned on I need it to be turned off so I can enter my new phone number!
aa06259810