The Essay is a daily personal piece submitted by readers. Have a story to tell? See our guidelines at tgam.ca/essayguide.
About a month ago, a message went from my e-mail account to many of my 636 contacts (including my husband) advising them that I was in Manila and had lost my passport and wallet. It said I needed $1,850 to help me return home.
I received a half-dozen phone calls from friends and associates wanting to confirm my whereabouts – but no one, as far as I know, sent money.
The message was a hoax. I’d been hacked. I am wondering, however, whether everyone who was contacted realized this.
My husband and I travel often and have spent a significant amount of time in Asia. It was somewhat plausible that we could have been in the Philippines. Also, the fact that the Philippines was in dire straits after the recent destructive typhoon made it credible that we might have been victims of theft.
However, there were clues that the message was fake. There are very few people I would approach for a loan of $1,850, and my hairdresser, my tennis instructor and my former work colleagues are not on that short list. The only people who would remotely consider sending money would be my relatives and close friends, and they would likely know or could easily verify my whereabouts.
So who would put up the money? Perhaps the hacker was hoping an elderly relative or a Good Samaritan would respond.
Several weeks before the plea went out for my rescue from Manila, I received a similar e-mail, supposedly from a former colleague who had lost his wallet and passport in Rome. The message stated that the Canadian embassy was replacing his passport and would be putting him on a plane home. In the interim, I was asked to contribute $2,500 to tide him over until he got his new passport.
This man travels to Europe frequently, but I knew immediately that it was a bogus request because we were not close and he would never ask me for money. I also wondered why he would need so much money if embassy staff were working on his behalf.
What made my hacking experience so painful was the fact that the hacker laid the foundations to receive the money and essentially crippled my cybercommunications. He (or she) set up a shadow e-mail account almost identical to mine, except that one letter was missing from the fake address. Somehow he managed to divert all my incoming messages to the fake account. Presumably the hacker was hoping to intercept inquiries asking how and where to send the money.
It took several message-less hours before I realized my mail was going to another account. Withdrawal symptoms set in as I stared at an empty mailbox and fumed.
It took me a day, and a 45-minute wait, to get through to the help line of the e-mail provider. Once I explained the situation, the help line was able to get into my account and eventually to disable the fake one. My helpful “geek” reported that the hacker was very sophisticated and was busy erasing messages and evidence even as she was working to resolve my problem.
Deleting the fake account meant I also lost two days’ worth of e-mails that had been diverted from my e-mail. I even lost my copy of the “save me” letter, and I lie awake nights worrying that valuable messages were also lost. Maybe I won a contest. I will never know.
And this wasn’t the first time I have been hacked. Several months ago, part of my contact list received an e-mail ostensibly from me, promoting the health and diet benefits of green coffee beans and asking them to purchase said beans. That message did not draw much of a reaction and was almost immediately recognized as a hacking. I’m not sure what the tipoff was: Perhaps I’m not viewed as a diet or health advocate.
It is disturbing that I have been hacked twice in one year, and it’s probably just a matter of time before it happens again. Hackers represent the ugly side of the cyberworld. At best they are a nuisance. At worst, they invade privacy and are engaged in fraudulent activity and identity theft.
I worry that people will begin to block me from their accounts (I mysteriously disappeared from my book club’s contact list shortly after the Manila letter).
My husband and children urge me to stop using my current account and to open others. The Internet advises that in order to avoid hacking I should use multiple e-mail accounts, adopt two-factor authentication when signing in, and should back up constantly.
I’m now in the process of moving to another e-mail account provider. Like when you move house, it’s tedious adjusting to a different way of doing things. I’m also updating my contact list to ensure that those on the list can be trusted to detect and respond to real threats of kidnapping or theft.
And while I know it’s irrational, I’m still trying to overcome my disappointment that I was valued at only $1,850, and that no one sent money.
Elaine Peebles lives in Ottawa.