Lessons I'm back; experience of a hacked account

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

drrich2

ScubaBoard Supporter
ScubaBoard Supporter
Messages
9,562
Reaction score
7,837
Location
Southwestern Kentucky
# of dives
200 - 499
Some of you know my SB account got hacked and the hacker tried to make a fraudulent sell in my name. The Chairman got my account fixed. I'm posting to let you guys know and explain the course of events from my perspective. Most of this was written 'as it happened,' so my anxiety flavors the narrative quite a bit.

My Scuba Board account got hacked and the hacker tried to make a fraudulent sale via a Classifieds posting using my account. He (?) changed the e-mail address and log in credentials so I couldn’t access the account. No one in my home would’ve done such a thing, and I don’t know who did or how they got the info. I figure it could happen to someone else so it’s worth exploring this incident. I may have overlooked some obvious thing I should’ve done. I’m not sure what can be done to prevent this going forward (other than stronger passwords, though mine wasn’t something one could guess). Scuba Board relies on the unpaid labor of a dedicated team of staff and runs well for the most part.

Saturday morning 5-1-21 I was online debating someone in another forum when my computer popped up notice of an e-mail from Scuba Board.

“drrich2,

Your email at ScubaBoard was recently changed to seqecyxa@thichanthit.com. If you made this change, you may ignore this message.

If you did not request this change, please log in and change your password and email address. If you are unable to do this, please contact an administrator.

Your email was changed by the IP 181.215.176.103.

Thanks.

ScubaBoard”

Oh, crap! That’s not me. I went to Scuba Board, which my computer automatically logs onto for me…and it didn’t. So not only has my account been hacked, the hacker has changed the log in credentials and I’m locked out of my own account.

I look for contact info. and see a Contact Use option, which I use to report the situation. I didn’t see a phone #.

Then I see my e-mail inbox got a couple of earlier e-mails. One from a friend on the forum:

“Hi Richard,

That's a great price on the BC, especially with the Air 2 and the accessories. You should have no problem selling it.

I think you meant the waist straps to use without the weight pockets”

And from another member:

“Hey Rich, does this have the bungee upgrade?”

and

“Whats your paypal address?”

Oh, crap!!! Someone’s committing fraud through my account. Ah, what to do, what to do?!?!? I found the thread where the fraudster was trying to sell something through my account.

If memory serves, I reported it again through Contact Us.

I set up a new Scuba Board account (new username and password), got and answered the e-mail to confirm it, and saw that my account has to be approved. Okay. I subsequently could read threads as a logged in person, but it was noted I had insufficient privileges to post, and I didn’t see any Report This Post button (I’m guessing because my account wasn’t approved yet?).

I searched in my e-mail program to see if I could find any old e-mails directly from Scuba Board members; I got a group e-mail from Cardzard way back so I sent him an e-mail explaining some of this.

Thankfully some other members figured out it wasn’t me. The thread subsequently got locked. I still couldn’t post, such as in Site Support.

Subsequent milling around, I saw a Staff Online Now option. 2 People - Lorenzoid and Capt Jim Wyatt. Great! But can I message one of them? I clicked on Lorenzoid. I can view the profile, but I don’t see an option to Start A Conversation. I went to ScubaDada’s post in a thread and tried to get find a way to start a conversation; saw none. He’s a staff.

As of 6 p.m., still no e-mails, no message to my new SB account, and I went to post a reply to a thread in a Basic Scuba thread…and it still says I have insufficient privileges to reply here. I sent another ‘Contact Us’ hoping to get a response.

Sunday 5-2-21. 7:06 a.m. Got an e-mail from The Chairman (he hadn't been able to get to me faster because my account no longer had my correct e-mail address), responded, got another with log in info. at 10:51 a.m.
———————

Talking Points:

1.) If hacked, you may be locked out of your own account before you know it.

2.) Your account can be quickly used for fraudulent sales. I think of SB as a social media site, but people can do financial transactions. I've bought a few things on but never sold anything through SB.

3.) The hacker tried to get someone to pay through Zelle - which doesn’t offer some of the protection PayPal does. This seems to be a common ploy of fraudsters; last year my wife and I lost our $100 deposit on a pug puppy to a scammer in just this way.

4.) I see no way to quickly alert staff or the forum community, or to post in a thread to challenge a fraudulent post. If this happens to you and you use 'Contact Us,' make sure you include contact info. since they may not be able to pull it from your account.

5.) It seems very new members (or accounts) lack fast contact capability we older members take for granted.

6.) I didn’t know how much more to try to do (not that I could think of anything more to do), or what my responsibility might be.

I still figuring out what to make of all this, but it seemed a good topic for discussion.

P.S.: Thanks to @The Chairman for sorting this out of me.
 

Kimela

Contributor
Messages
2,673
Reaction score
3,932
Location
Missouri
# of dives
200 - 499
Wow! I never would have thought of a purpose behind hacking a SB account - but now I see it. I got a notification from gmail saying one of my passwords is floating around out there publicly and I should change it (I have a few gmail accounts). I never know if those kinds of notifications are phishing scams or what.

Glad you got it sorted, and will be interested to find out if they get to the 'how this happened'. Ugh.

I have a few folks here I email with privately - and now am really glad I do, in case something like this were to happen. Thanks for the heads-up.

EDIT: I just went into my profile info and then into 'Contact' info and checked the box to receive emails about new incoming messages - guess I had unchecked it at some point. If you'd had your unchecked you might not have known, as quickly, that you'd been hacked.
 

Bubblesong

ScubaBoard Supporter
ScubaBoard Supporter
Messages
2,613
Reaction score
2,399
Location
Massachusetts
# of dives
50 - 99
Can Scubaboard block any sales for anyone that changes email or password for a week or two?
 

BoltSnap

Contributor
Scuba Instructor
Messages
7,458
Reaction score
3,352
Location
Nomad
# of dives
I'm a Fish!
How do we know it is actually you typing this not a fraudster???????????????


(I am going to report your post to admins)
 
OP
drrich2

drrich2

ScubaBoard Supporter
ScubaBoard Supporter
Messages
9,562
Reaction score
7,837
Location
Southwestern Kentucky
# of dives
200 - 499
A few of you, including the Chairman, Scubadada, Cardzard and WarrenZ have met me in person. Some have met my wife Jami and our daughter Kadence. That's a gray tree frog on her hand; they breed on a broken down hot tub repurposed as a 'pond' for her gold fish on our back deck.
B279C8F1-D012-45E7-A38E-810481D384C9_1_105_c.jpeg
D2FB9C7B-A99E-4FEC-B695-3F2D947F6A66_1_105_c.jpeg
29A255C3-88BE-485A-8ED2-47D0E0DF5E54_1_105_c.jpeg
 

Divin'Papaw

ScubaBoard Supporter
ScubaBoard Supporter
Messages
6,867
Reaction score
4,385
Location
Florida
# of dives
500 - 999
Thanks for sharing your experience!

Be sure and use multi factor authentication (MFA). ScubaBoard offers this now. I do it using the Authy app. Much harder to gain access as it requires a password plus an Authy code as the third factor beyond a username/email & a password.

EDIT: ScubaBoard calls it 'Two-Factor Verification' and it can be turned on via your profile page.

As an IT professional for 30+ years I'd advise you to ALWAYS use MFA anytime it is available. I do.
 

BoltSnap

Contributor
Scuba Instructor
Messages
7,458
Reaction score
3,352
Location
Nomad
# of dives
I'm a Fish!

BoltSnap

Contributor
Scuba Instructor
Messages
7,458
Reaction score
3,352
Location
Nomad
# of dives
I'm a Fish!
What I don't understand really, how did the alleged hacker hacked your account? Did "he" guess your password or something else?
 

jonhall

Contributor
Messages
1,415
Reaction score
830
Location
Indianapolis
# of dives
100 - 199
How do we know it is actually you typing this not a fraudster???????????????

You did pay attention to the length of the post and the detail given! Just kidding - glad you got everything worked out. I never thought about this happening on SB either.
 

Divin'Papaw

ScubaBoard Supporter
ScubaBoard Supporter
Messages
6,867
Reaction score
4,385
Location
Florida
# of dives
500 - 999
What I don't understand really, how did the alleged hacker hacked your account? Did "he" guess your password or something else?

Most like!y not. The hacker probably acquired it via some sort of pfishing scam. Just a guess.
 
https://www.shearwater.com/products/peregrine/

Top Bottom