Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacker got my sisters number


  • Please log in to reply
29 replies to this topic

#1 Broski899

Broski899

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 08 April 2016 - 01:49 PM

Okay so last night while my sister was on Google docs, someone called her and said that the hacker installed malware on my laptop and they got a hold of her email and said "we're coming for you." Guys even if this is some dumb prank, its not funny and I need help removing whatever it is this idiot installed. Can anyone help me?

BC AdBot (Login to Remove)

 


#2 Broski899

Broski899
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 08 April 2016 - 08:40 PM

I ran malwarebytes and it shows up clean. I'm not sure where else to check. Could it have been only her email was compromised?

#3 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:42 AM

Posted 09 April 2016 - 07:21 AM

Where in the world are you?

Are you and your sister adults or teenagers?

 

This could be some childish prank. But I would not consider an implied threat..."we're coming for you"....the least bit funny.

The email header may give you the IP address of the sender. Depends on how sophisticated the sender was in the sender's

ability to obfuscate/ hide the correct address.

 

Do you have the phone number that the call came from? What type of phone was the call received on and does it have caller ID?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Broski899

Broski899
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 09 April 2016 - 12:41 PM

I'm an adult but my sister is a teenager. I asked her if anyone else knew she'd be working on her report via Google docs and she told me she never told anyone. They got a hold of her phone number and her email but I'm not sure how. The number is an unknown number and we can't call them back. I'm going to try and get the number via her provider to try and track down that number. As for the email all it says is the sender's name which is "jmsully621" and that's all.

#5 RolandJS

RolandJS

  • Members
  • 4,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:42 AM

Posted 09 April 2016 - 01:02 PM

Save everything related to this incident on the hard-drive and be prepared to print out stuff -- if you decide to file with local authorities. I'm guessing somebody at school may be doing mean things.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:42 AM

Posted 09 April 2016 - 02:34 PM

What country or state are you in?

 

You can find more info on the email. Which email client is your sister using....Google....Outlook/ hotmail....Yahoo...?

You can find the sender's IP....though it may be obfuscated by using a proxy etc. I just need to know the client so as

I can give better directions on how to view the header of the email.

 

I should add that the rules are NEVER to open an email from an unknown sender. NEVER open a link in an email before

you are sure where it will take you. NEVER open an unexpected attachment without confirming with the known sender

what is in it.

It is a good idea not to answer a phone call from an unknown caller.

 

Depending on which email client your sister is using, it may be possible to block that email address and the same

goes for the phone number...


Edited by buddy215, 09 April 2016 - 02:40 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Broski899

Broski899
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 09 April 2016 - 11:21 PM

The email strangley doesn't have any email client or IP address. Whoever this is must do this often. If they installed anything on my laptop, how would I be able to take it out?

Oh and to answer your question we live in the U.S., in CA to be exact.

Edited by Broski899, 09 April 2016 - 11:23 PM.


#8 RolandJS

RolandJS

  • Members
  • 4,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:42 AM

Posted 10 April 2016 - 04:28 AM

Does that computer have OS backups before this happened?  If not, the road to malware removal will be a little difficult.  You mentioned Google Docs at school -- is it possible that access rights to documents and directory are being shared?  And, access information may have been passed around?  The point:  person or persons out there making bad decisions [hacking & threatening your daughter] and spoiling the Good Thing for all the others.


Edited by RolandJS, 10 April 2016 - 08:13 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#9 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:42 AM

Posted 10 April 2016 - 07:06 AM

Which email client does your sister use? Does she use Gmail, Outlook, Yahoo or some other email client?

 

Gmail

  1. Open the message in your Gmail inbox.
  2. Click the down-arrow in the top-right corner of the message.
  3. Click the "Show original" link toward the bottom of the options box. The message will open in a separate window with the full message headers at the top.

Microsoft Outlook

  1. Open the message in Microsoft Outlook.
  2. Select "View," then "Options."
  3. You'll see the headers in the "Internet Headers" box.

Yahoo Mail

  1. Open the email message in your Yahoo Mail inbox.
  2. Click the "Full Headers" link located in the lower-right corner of the email message.

If instructions for your email program aren't listed above, please check your program's help information for instructions on viewing message headers.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 Broski899

Broski899
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 10 April 2016 - 11:34 PM

I don't have any OS backups...and I do believe that the doc she was working on was shared. She uses gmail for school. Also clicking on the email will give me a warning that something suspicious is embedded within the message she received. She deleted it and now I can't even investigate any further. Either way, now I'm just concerned about my laptop. The malware scan was clean and there doesn't appear to be any other errors.... But that was when I ran it in safe mode w/o networking. If I try to scan further with the laptop connected to the internet, would that risk them stealing more information as opposed to running without a connection?

#11 RolandJS

RolandJS

  • Members
  • 4,517 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:42 AM

Posted 11 April 2016 - 04:13 AM

Perhaps ensure that she destroys any/all non-school and non-close friends emails and DOCs  that don't "smells" right.  And, encourage she keeps the security software up-to-date, real time protection shields running, and maybe even schedule an antivirus and an antimalware bi-weekly scheduled scan [1 of each].

IF usernames and passwords were shared, encourage her to change her passwords, all of them, real soon, and not to share them.  Her close friends are not to blame, however, downline, somewhere, somehow, somebody got wind of one or more of her shared DOC password[s] and/or her email password -- I'm just guessing about this password thing.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#12 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:42 AM

Posted 11 April 2016 - 05:14 AM

If she only deleted the email and did not delete it from the Trash folder, then it may still be possible to open the email and

find the originating IP address in the header. Open Gmail and check in the Trash folder for the email. Of course, she could have

moved it to the Spam folder...you can check that, too.

 

The suspicious item in the email could be a beacon....invisible to you...that informs the sender that the email was opened.

See rules in my post # 6.

 

If she was connected to the school's servers or downloading documents from the school servers......then she should let

the school know about this incident.

 

When changing passwords that may have been compromised, it is important to change the secret words that are required to

make changes to the email settings or to ask for a lost password.

 

What OS is installed on that laptop....Windows 7...Windows 8.1....Windows 10 ?


Edited by buddy215, 11 April 2016 - 05:15 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Broski899

Broski899
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:42 AM

Posted 11 April 2016 - 11:25 PM

She's since deleted the email out of fright even though I told her not to. I can't look at it any further though I can post a screenshot of it if you'd like to see it and if it helps. Also she's contacted her superiors at school about this and she hadn't received anything since.

I have a windows 10 OS and malwarebytes is the only antimalware I have, as for anti virus software I don't have anything installed at the moment. What else should I do?

#14 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:42 AM

Posted 12 April 2016 - 06:38 AM

When you start up Windows 10 for the first time, Windows Defender is on and working to protect your PC by scanning for malicious software.

It will turn itself off if you install another antivirus app.

 

Verify that Windows Defender is active as shown in image below:

Windows Defender settings are now integrated into Windows 10’s new Settings app. To access it, open the Start menu and select Settings.

Choose the “Update & security” category and select Windows Defender.

img_5585f7a959218.png

 

If you have checked in the Trash and Spam folders in her Gmail and the email is not there, then finding the originating

IP is not possible for you. Good that she has notified the school.

 

For a bit more protection for your account it would be best if she used the built in Guest account when using your computer.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 antoniu200

antoniu200

  • Members
  • 207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:42 AM

Posted 12 April 2016 - 06:53 AM

In this kind of situations, anything will help. And please, trust me and don't delete this comment--moderators and admins. Install Advanced SystemCare from IObit and put it scan for security holes and private data. It will delete all the History of all the browsers and the saved passwords. The security holes scan will update your Windows OS.

And I have to agree with using the Guest account. From now on you should do that and password protect yours, and, if the built-in administrator account is enabled, put a password on that one too.

Edited by antoniu200, 12 April 2016 - 07:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users