Posts Tagged: ‘email hacking’

Scam of the day – February 23, 2016 – Oregon man pleads guilty to hacking celebrity email accounts

February 23, 2016 Posted by Steven Weisman, Esq.

After pleading guilty to a charge of felony computer hacking, 29 year old Andrew Helton of Portland Oregon is facing a sentence of up to five years in prison when he is sentenced on June 2nd. Between March 2011 and Mary 2013, Helton used a phishing scheme to steal the usernames and passwords of 363 Apple and Google email accounts including those of many celebrities.  Once he had access to his victims’ email accounts he was able to access all of the contents of their email accounts including 161 sexually explicit or nude images of thirteen of his victims, some of whom were celebrities.  It should be noted that Helton did not post any of the stolen photos online and his case is totally unrelated to the stealing and posting of nude photos of celebrities including Jennifer Lawrence and Kate Upton that occurred in September of 2014.

Helton obtained the usernames and passwords of his victims through a simple phishing scheme by which he sent emails to his victims that appeared to come from Apple or Google in which his victims were asked to verify their accounts by clicking on a link which took them to a website that appeared to be a login page for Apple or Google.  Once they entered their information, Helton had all that he needed to access his victims’ accounts.


The type of phishing scam used by Helton is one used by many other scammers as well and it is easy to defend.  Always be skeptical when you are asked to provide your personal information, such as your user name, password or any other personal information in response to an email or text message.  Trust me, you can’t trust anyone.  Always look for telltale signs that the communication is phony, such as bad grammar or the sender’s email address which may not relate to the real company purporting to send you the email.  Beyond this, even if the email or text message appears legitimate, it is just too risky to provide personal information in response to any email or text message until you have independently verified by contacting the company that the communication is legitimate.

In addition, you should not store personal data or any photos or other material on your email account. Store such data in the cloud or some other secure place.

Scam of the day – June 8, 2014 – Sentencing of Guccifer

June 8, 2014 Posted by Steven Weisman, Esq.

Guccifer, the alias of an infamous Romanian hacker whose real name is Marcel Lazar Lehel was sentenced two days ago for his hacking activities which involved many famous people including Steve Martin, Colin Powell, George W. Bush, John Dean, Mariel Hemingway, Lorne Michaels, Carl Bernstein, Rupert Everett, Eric Idle, Whoopi Goldberg and Julian Fellowes the writer of “Downton Abbey.”  Guccifer was sentenced to a prison term that could be as long as seven years. Although  Guccifer hacked into the email accounts of many famous entertainers and politicians, he did not exploited his hacking targets for financial gain even though the information he obtained would have allowed him to do so.  Rather his goals, more often appeared to be to embarrass his victims and shake the world up a bit.  Through hacking of his victims’ email accounts he gained access to and made public the final episode of Downton Abbey, months before it was aired.  He also made public embarrassing information he obtained through his hacking efforts of politicians and celebrities on both sides of the Atlantic including allegations that former Secretary of State Colin Powell had an affair with a European Parliament member, Corina Cretu.

One technique Guccifer, a cab driver by trade,  used was to get an email address of someone such as he did with media icon, Tina Brown, who has an extensive email address book.  He then used simple techniques to answer his victim’s security question and change the password to the account whereupon he was able to take over the account and have access to all of the information stored there.  Simple, publicly available information such as birth dates, schools attended and other such information provided the keys to answering the security questions of his victims.  He also apparently used lists of the name of pets to answer security questions as well.  And herein lies the lesson for us all.  Even if you are not a celebrity, there is so much information about us all that is publicly available; sometimes the information is even provided by us through our Facebook pages and other social media, that it is an easy task for a hacker to get at our email accounts and other password and security question protected accounts.


Since protecting your email address is an impossible task, the key to protecting your account from being hacked is to have strong security questions and the key to that is to provide a question to which the answer can never be guessed by a hacker.  So if your security question is “What is my favorite vegetable?” you should make the answer “electronic clock” or some other totally illogical response.  Don’t worry about remembering it yourself because if the question and answer are as ridiculous as this, you will remember it.

Scam of the day – November 5, 2013 – Email hacking

November 5, 2013 Posted by Steven Weisman, Esq.

Two close friends of mine had their email accounts hacked this week and they are not alone by any means.  Email hacking is a common occurrence and it can represent a serious security threat or a benign inconvenience, however, in either event, it is important to act promptly to remedy the situation. Sometimes your email is hacked and used as part of a botnet, which is a zombie network of computers used by scammers to send out spam.  Other times, however, when you are hacked, malware is installed on your computer without your becoming aware of it. One particularly troublesome type of malware is keystroke logging malware that can steal all of the information from your computer and make you a victim of identity theft.  Often you only become aware that you have been hacked when someone on your email list informs you that that you have received an email that appears to have been sent by you, but is strange and arouses suspicion.


Here are some tips for what to do if you have been hacked.  For more detailed information, check out my book “50 Ways to Protect Your Identity in a Digital Age.”  You can order it by clicking on the link on the right hand side of this page.

1.  Change your password on your email account.  If you use the same password for other accounts, you should change those as well.

2.  Change your security question.  I often suggest that people use a nonsensical security question because the information could not be guessed or gathered online. For instance, you may want the question to be “What is your favorite color?” with the answer being “seven.”

3.  Report the hacking to your email provider.

4.  Contact people on your email list and let them know you have been hacked and not to click on links in emails that may appear to come from you.

5.  Scan your computer thoroughly with an up to date anti-virus and anti-malware program.  This is important because the hacker may have tried to install a keystroke logging malware program that can steal all of the information from your computer.

6.  Review the settings on your email, particularly make sure that your email is not being forwarded somewhere.

7.  Get a free copy of your credit report.  You can get your free credit reports from  Some other sites promise free credit reports, but sign you up for other services that you probably don’t want or need.

8.  Consider putting a credit freeze on your credit report.  You can find information about credit freezes on my blog



Scam of the day – January 5, 2013 – Email hacking

January 5, 2013 Posted by Steven Weisman, Esq.

Today’s scam of the day is prompted by a friend of mine having her email account hacked into.  In her particular situation, it was not as bad as it could have been.  It was hacked into and then used as a part of a botnet to send out relatively harmless advertising spam.  However, hacked email accounts can also subject you to more sinister problems such as identity theft as when your computer becomes infected with a keystroke logging malware program that can steal all of the information from your computer.  For many people the first sign that their email account has been hacked is when friends start calling or emailing telling you that they have received a suspicious email that appears to come from you.


The first thing you should do is make sure that your Firewall and security software are current and operative.  You should not take any further steps until you are sure that your computer is secure and that is not infected with a keystroke logging malware program because if it is, you are merely continuing to communicate with your hacker.  Send out an immediate blast email to everyone on your email list to let them know that your email account has been hacked and that despite what they might have been told in an email that appeared to come from you, you are not marooned in London and in need of cash.  That needy traveler scam is one that hacked email accounts are often used for.  Using a clean computer, log into your email account and make sure that your settings have not been changed such as where your email is being forwarded to another email address.  If any of your settings have been changed, delete those changes and put your own settings back into effect.  Set new a new password for your email account and make sure it is a secure one.  You can find more detailed information about this in my book “50 Ways to Protect Your Identity in a Digital Age.”  Finally, do a little soul searching.  Most likely, you invited the hacker in by clicking on a tainted link or downloading tainted material.  Remember my motto, “trust me, you can’t trust anyone.”  You should never download material or click on a link unless you are absolutely positive it is legitimate and not infected.  Merely because something appears to come from a friend does not mean it is legitimate.  After all, your friends are receiving links in emails that appear to be from you because your account was hacked.