I am looking out the window of a nice room in a nice hotel in Colorado. I am hacked off. partly in panic and partly in despair. The ducks and the swans on the pond seem unaffected. The mountains are stoic, and the white puffs of clouds drifting across the peaks aloof.
I opened the email account on the iPad while I was still abed. This is a sort of Spring Break, after all, even if it is a latter day version that collides with the last trimester of life. Coffee rather than a cold beer for breakfast, that sort of thing.
I was astonished- no, forget it. There is nothing that is purely astonishing these days, considering the enormity of what we are supposed to accept as matters of fact.
Bemused, maybe, is the better term. Perhaps, having come so recently from the land of dreams, this was just another phantasm. I blinked at the seventy-odd messages, apparently from me, reading: “Undeliverable.”
I found several of them, all the discouraging ones that sooner or later have grabbed us all- a note from a trusted pal, with a link. The ones from me went like this:
Hi!
Have you already seen it? http://battle.blip.crap.eat me.php
I checked the outgoing folder to see if I had been sleep-typing. I certainly was not going to click on the link- and for your protection, I have scrambled the real one that appeared. Nothing in my record indicated I had sent anything, but going back to the in basket, I saw non-deliveries to addresses that have not been current in a few decades.
OK, OK. I know it is time to lose the AOL account. I joke about it when I give it out these days- my usual line is “Yes, I am that old.”
Still, I was appalled when one of my heroes, General Colin Powell got phished on his private AOL account and some jerk downloaded reams of his personal electronic correspondence. As are we mortals, he is guilty of occasionally acerbic commentary, which perhaps he might have tempered if he knew they were going to be in the papers one day. I kept the stupid account because it is easier to embed pictures of cats doing impossibly cute things.
Or something.
I scrambled around to immediately change the password to the account, the digital equivalent of closing the barn doors after the horses have escaped. Then I tried to figure out what to do.
Naturally, I ran the virus scan again. Nothing there that my software program recognized as a threat. Then came the embarrassing- no, humiliating- series of notes began to come it, clueing me to the obvious: “Hey, looks like you have been hacked.”
It is about the same as being paraded naked through the digital village on a cart. I did some research to see what might have happened. The logical one was that someone was reading along with me, looking invisibly over my shoulder, or perhaps looking at my scowl through the remotely-activated camera on my laptop.
That this should have happened so rapidly on the heels of the disclosure of the HeartBleed security vulnerability made me queasy. If you had not had that heart-stopping moment when you realized that your transactions on many services had been vulnerable to undetected monitoring for nearly two years, you have been living in la-la land.
The watchdog website Mashable compiled a list of the ones that were thoroughly penetrated:
F Facebook, Instagram, Pinterest, Tumblr, Google/Gmail, Yahoo, GoDaddy, Netflix, YouTube, Soundcloud, USAA, Dropbox, WordPress, Health.gov
Whew. What a relief! I was only vulnerable on nine of them. I spent several hours frantically changing passwords to new, stronger ones that I will never remember.
This latest breach made me queasy enough to contact AOL. Perhaps the geriatrics who run the service were aware of a vulnerability that might have permitted someone to access my address book, but in a way that meant only NSA was actually looking at my ravings. I clicked on the “live chat” icon to talk to someone offshore about it. I wondered if the help desk was in the same internet café with the guys who keep telling me that my internet address had been personally selected by Bill Gates for a massive prize, which would be delivered to my bank account if I provided my routing and account numbers.
I waited a long time, long enough to realize that someone had done it to me again, after I changed the password on the account . Either the internet café was short on terminals, or there were more people in trouble than usual. I toggled between accounts to kill time, and eventually the “your inquiry is very important to us, so just sit there like a deer in the headlights and maybe we will get to you.”
Eventually they did:
“Thank you for choosing AOL Live Help. My name is Aljay R. and I’ll be assisting you today.I apologize for the long wait. I appreciate your patience for waiting on the line. Before we start, can I have your full name first?
Jay Are303
Sure. Vic Socotra.
Aljay R.
Pleased to meet you, Vic.
Jay Are303
Thanks, Pleasure is mine. Someone has accessed my complete address book twice today. I changed passwords after discovering each breach, one last night, Mountain Standard time and once this afternoon at around 1500.
Aljay R.
Let me see if I’ve got this right. As I understand, that someone is using your email address to send spam mail. Is that correct?
Jay Are303
Correct.
Aljay R.
Thank you, Vic. I appreciate all the information you have provided . I’m sure we can take care of this. This is not the experience we want you to have. I will do my best to resolve the issue for you.
Jay Are303
Hope so. I will have to deactivate the account if we cannot fix this.
Aljay R.
Did check your Sent Mail box to see if you can locate any outgoing email that you don’t recognize sending from your AOL account?
Jay Are303
I have. There is nothing that appears to be multiple attempts to send spam.
Aljay R.
Perfect! If you DON’T find any spam emails in your Sent Folder. Your account has most likely been spoofed.
Jay Are303
So what do I do about that?
Aljay R.
Email spoofing is a technique that spammers use to send spam without it seeming like the message was from them. The spammer is sending out messages and entering your email address in the From: field. This makes it seem like the spam email is coming from you, even though it isn’t coming from your account or from AOL servers. It’s actually being sent from their email account.
Jay Are303
Then how are they accessing my complete contact list? Some are ancient addresses.
Aljay R.
Contact can be captured in a different way like compromised account, forwarded mails, social media like facebook. Unfortunately, this won’t stop whoever is spoofing your account right now, but it will help secure your account from being compromised in the future.
Jay Are303
Not much help if they already have everything. Looks like I have to shut down AOL, which I have had since the 1980s. That is when it was sort of edgy. Probably before you were born.
Aljay R.
We are instructed not to give out personal information or our physical whereabouts. We recommend that you change your password as soon as possible at account.aol.com to help prevent your account from being compromised or spoofed in the future.
Jay Are303
I have changed it twice today. So what you are saying is that they have all my contacts and can continue to do this indefinitely, right?
Aljay R.
Yes, Vic. We need your help to gather more information about the spammer who impersonated your email address.
Jay Are303
What do you need?
Aljay R.
Please forward us one copy of the email to aol_phish@abuse.aol.com. This helps to ensure that future email from this source will go to your spam folder. Rest assured that by reporting the email as spam you are not blocking or reporting yourself! You are helping us identify the source of the spoof email.
Jay Are303
OK. It will be on the way shortly.
Aljay R.
Those are the steps that you need to perform. You should be all set.
Jay Are303
Thanks, Out here.
Aljay R.
You are most welcome. I enjoyed talking to you and it has been a pleasure assisting you!
Yeah, I thought to myself as the text box shut down. A pleasure for sure. Horses are gone, barn is empty, and this completely sucks. This is what I do most of the day, and someone is screwing around with it besides the NSA. I thought about looking at some YouTube videos or posting something the Tumblr, or maybe checking my account balances on USAA, which I suddenly realize has an auto-deduct from my bank account.
And that was how I paid for my taxes. Oh, crap.
Copyright 2014 Vic Socotra
www.vicsocotra.com
Twitter: @jayare303