While I was surfing this afternoon, I got an instant message from a friend in Manila, VV. Although logged into the messenger, I’ve set my status to invisible so nobody could really see that I am online. Her first message asked me if I’m online. I said yes. However, her next message had me worried. She asked for the time! If you’ve read about my previous post about being phished, the con artist also asked me for the time of day.
So when I encountered the question again today, I was wary to answer. Instead of answering, I asked her why she asked. Nothing, she replied. Uh oh, maybe VV’s account has been hacked into too. Then she said that she wanted to call her sister who lives in Sydney and wasn’t sure what the time here would be. To tell you the truth, that was suspicious too because I’m pretty sure VV would know what the time difference is and if she doesn’t she would be resourceful enough to Google for it instead of asking me. This time though, I told her the time difference, not exactly telling her the exact time. Then I asked her about her pending application to migrate to New Zealand. She replied that it’s progressing and that the NZ immigration department has requested additional documents from her. Hmm… not exactly a specific answer and so I still couldn’t tell for sure if I was really conversing with my friend.
I was still thinking up of what to ask her next when she asked me which of my email address addresses was hacked. You see, when my username and password was conned out of me several days back, I promptly informed my friends that someone else is now in possession of my email address and to ignore all communications coming from that account. Apparently, VV forgot which Yahoo account it was. I told her which one it was.
She then told me that someone is using my hacked account at that very moment and that the con artist has asked her to purchase Globe pre-paid cell phone cards and to email the codes to him. She asked the poser for a mobile phone number to send the codes to but he said there isn’t one and just to send it through the messenger. VV told me that alarm bells were ringing in her head by this time and she also noticed that “I” was becoming insistent, as if “I” wanted her to buy the mobile reload charge cards then and there. The poser is saying that I would be selling the recharge cards to other Filipinos here for a profit. VV asked him for the time and he quoted 10AM. By this time, VV has almost confirmed that it wasn’t me she was talking to. It was 1:30 in the afternoon in the Philippines and unless Earth has started spinning in the other direction, the time here in Australia should be later than that, not earlier.
My friend asked me about the phishing incident and I told her all about it. I was really tempted to redirect her to this blog to avoid having to repeat myself and just let her read about my previous entry. However, I wasn’t fully convinced that I was really talking to my friend, who knows it could still be a con artist that has gone through her email before chatting with me. If that’s the case, the poser would know a bit about me and my friend and would thus be more convincing in trying to persuade me to do something. And if it really was someone other than my friend, I wouldn’t want him/her to know more about me than he/she already did.
After narrating the phishing incident to her, she said goodbye and I did the same. It would have been nice to have chatted with her some more but I was busy with something. Besides, it’s difficult to really communicate with someone if you’re trying not to divulge too much about yourself to the other party. Sadly, the time of asking someone what time of day it is where they are has taken on a more sinister meaning and the joy of catching up with friends via instant messaging has been somewhat marred for me. Perhaps this feeling of paranoia would pass in time, but I hope I never forget the importance always being vigilant.
UPDATE: Please see this post for information on how I regained control of my compromised account.
Palabok 
Im thinking that this impostor is actually living in the Philippines because of his/her “Im on SMS” status. On the other hand, maybe if I flooded Yahoo! with a lot of complaints about this password theft from Flickr, then they would listen! :-w
Or Im thinking of sending an FYI to the INquirer Newspaper or to ABS CBN :-w to highlight this issue.
@Mogli: Thanks for the tip but on the other hand, he/she might not actually going to pay. Im thiniking of sending the impostor bogus sim card numbers which are actually phone numbers of Yahoo Security :d/
@WGranada: Yeah, my account would be a goner too since I don’t remember the details I gave when I signed up to it.
By the way, I still have your old YM ID in one of my Yahoo ID’s contact list. The impostor who got your ID has now hooked up his mobile to your account and has the “I’m on SMS” status in YM. Looks like he’s still waiting for those prepaid phone cards he asked from your brother. Hehe…
@Mogli: Looks like these con artists are now getting sophisticated in their game. It’s quite scary that someone out there might actually be using my old account to con someone out of their hard earned money by posing as me.
By the way, someone also proposed trapping this cracker with the Nigerian scam but I’m not sure it would work. But then again, greed could be a terrible thing to resist specially for someone like this con artist who’s after easy money. So who knows, he might just fall for it.
it’s amazing that these scams have perpetuated this far! before they just send links on YM accounts randomly. now they really try to “study” their targets. as you said we just need to be vigilant, and always remember that there’ll always be a weak link in our list of contacts.
@WGranada: how about telling this impostor that you want to send money to Phils via westernunion and that you need him to claim it for you in some branch that you specify. then ipayari mo sa tropa mo pagdating nya dun!
You know I asked assistance from the Yahoo! Security Center regarding retrieving back my email account or terminating it. However, I wasn’t able to remember the answer to the secret question. 😦 So, they wouldn’t help me. My account my setup 9 yrs ago when Yahoo! was just being introduced in my place. I could have just placed anything in there…. huhuhu.
On the other hand, I invited my previous YM ID to my new one. Aba, the impostor accepted the invitation. Hmm.. i have to think of something to trap him/her.
😕
@phenomenonemone: probably not. Just don’t click on any link you are sent. If you do, make sure that you are in a Yahoo address (not Geocities or anything else), particularly if you’re being asked to login to view a photo album.
Most hackers would change your password once they gain access to your account so you could no longer access it. Once they do that, they would most probably contact people in your address book or friends list to try and con them. If you could still access your account but suspects that someone else has your password, best way would be to change it ASAP.
Hmmm…a “friend” asked me yesterday what time it was. The first message was the same as usual, so I didn’t think any of it althought it was odd that he/she asked me whether I had work yesterday. I simply replied, “sabado” and didn’t get any other message. I didn’t get any link, so should I be worried? This may be a dumb question, but how would I know if my account has been hacked into?