October 03, 2013, 4:40 PM —
Image via Schill/Flickr
Note: This post is going to venture out from the fields of mobile and wireless topics into the dense, dark forest of personal data breaches. It's inspired by an email from a good friend. They found a lot of advice on the web on how to prevent privacy breaches, and posts that claim to offer post-breach advice but go on to espouse mostly preventative measures. Let's get into it.
A friend writes me an email, stating that her roommate's Gmail account has been compromised.
A message went out to all of the roommate's contacts, purporting to ask for people to send money because they lost their wallet while traveling in Nigeria. If someone replied, they were replying to a disposable address on another email system, and likely asked to wire some money. The "relative in need of urgent money overseas" scam is far from new, but often effective. Travel is cheaper than it once was, and many can relate to finding themselves lost without their wallets.
The account is recovered and the password changed, but now the concern is what information was gleaned and copied out of the account—what is "out there" now, as the friend puts it. The intruders tried to delete all of her current email, likely to cover their tracks, but it could be easily restored to the inbox (Gmail holds items in "Trash" folders for around 30 days). But, as often happens, there was a new job, and an upcoming move, that an identity theft could really jinx. What do you do next?
It's a really good question, because while many email hackers are similar in methodology, some are more hit-and-run, and some are aiming at long-con impersonation and turning out every account and line of credit they can find. I've helped out about a half-dozen friends and relatives with email intrusions, including my wife. I am not an information security expert, a lawyer, an officer of the law, or someone who has a time machine you can borrow. But here is what I tell people who want to know what to do next, after their email has been opened up and sorted through.
One more note: A significant portion of the text below was included in the original email to the friend with the unlucky roommate.