SMS Account hijacked

Queries, errors or glitches regarding Member facilities
linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 2:47 pm

:shock: Help. Our SMS account has been hijacked. We normally send about 5 SMS messages a month. Now someone has logged in to our account, requested our daily limit to be raised to $500, sent over $500 worth of SMSs, and changed our password (Somehow we can still log-in, but we are unable to change our password).
I have tried to ring, but only to be told by the machine to send an email. (I can understand it is holidays, but the account cannot be re-set).
I sent an email about it, but my account remains at risk.
I contacted the police, but they want to hear from exetel first (even though viewing the messages gives them the name of the company, an email address and a phone number).

How can this be stopped?
Why wasn't a reply required from us before such an outrageous increase was allowed.
Why is there no way to turn the SMS for our account off? (I'd rather not have it than to have such an experience).
Could there be an emergency number to contact under such circumstances?

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: SMS Account hijacked

Post by CoreyPlover » Sat Dec 27, 2008 3:48 pm

linuxlover wrote:Could there be an emergency number to contact under such circumstances?
You can try (02) 9927 1000 or 1300 788 141 and select the option to talk to an engineer.

I will send an email to Exetel support right away. Can you PM me your service number?

James D

Re: SMS Account hijacked

Post by James D » Sat Dec 27, 2008 4:03 pm

I have looked at the account and locked out your password (I have also changed it) Please call Exetel on 02 9927 1000 and select option 2 to get the passwords and have them reset.

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 5:04 pm

Thank you.
Passwords have now been re-set as follows (I had foolishly made them the same before).
1. Password for the account has been changed.
2. Password on the modem to access the account has been changed to match.
3. Email password has been changed (different to account).

I have also checked our account. There doesn't seem to be anything else that is different than I would expect. (I hope there is nothing I have missed).

The one area I do not seem to be able to access though is webmail. Should it be accessed using our account password or email password?
We do not seem to be able to access it. Could this have been changed somewhere where we do not have access?

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: SMS Account hijacked

Post by CoreyPlover » Sat Dec 27, 2008 5:07 pm

linuxlover wrote:Should it be accessed using our account password or email password?
Full email address (@exemail.com.au) as username and email password as password. You can check / change the password or re-configure the email account via your Member facilities

jayday
Posts: 118
Joined: Thu Nov 06, 2008 9:10 pm

Re: SMS Account hijacked

Post by jayday » Sat Dec 27, 2008 5:08 pm

I would also suggest to change the contact email address of your account if you haven't done so..

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 5:33 pm

Thanks again.
I was getting mixed up with all the different passwords. Access to web mail is now OK.
Email address has also been changed. Thanks for the tip.

My final concern is regarding the huge SMS bill.... ?

James D

Re: SMS Account hijacked

Post by James D » Sat Dec 27, 2008 5:40 pm

Please email voice@exetel.com.au with the details and the bill will be assessed offline, as it is not something that we can do in the forums for you.

vk3xem
Posts: 910
Joined: Wed Apr 23, 2008 6:45 pm
Location: HEALESVILLE
Contact:

Re: SMS Account hijacked

Post by vk3xem » Sat Dec 27, 2008 10:17 pm

I would be reviewing your security practices, exactly who has had access to your computers? Where did you store the passwords, who could have accessed them?

How your account was compromised, is not the intention of my reply. All potential exploits need to be considered, not only using strong passwords to minimise the risk of hacking but also physical security for your computers. If for example you have your passwords written in a book that is kept near the computer then it isn't secure.
The views I present are that of my own and NOT of any organisation I may belong to.

73 de Simon, VK3XEM

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 10:57 pm

The password was reasonably strong (text and numbers).
The pieces of evidence that I can see are as follows:
1. The first 3 SMS messages were to Nigerian mobiles. The messages were not the SPAM sms sent by the other thousands of messages.
2. I have a friend in Nigeria (no I mean they are Australians over there at the moment). I have emailed them in the past. I suspect that my email address has been leaked out because of that, as the request for the increase in credit limit even included my signature from my emails.
3. I had been having trouble with accessing web SMS, so I looked for a messages from exetel, and at that time a SPAM email came asking me to log-in and confirm my details. I clicked and it looked like the exetel site, but clearly it wasn't. The address instead was: http://exetel-upgrade.bluechiphosting.com/ and so I was taken for a ride.

Problem
What disturbs me now is that I have again been locked out of Member Facilities again. I am not sure if it is that my password is so strong that I cannot repeat it, or that they have been able to access our log-in again, and so change the password again. I am afraid to ask for a password to be sent to me in case it is sent to the thieves rather than to us. I wish there was some way to be sure.
Could there be a way of just checking what the default emails are?

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 11:00 pm

I really want the SMS turned off and unable to be turned on so that I can be confident this does not happen again.
How can I sleep tonight knowing that someone is racking up an enormous SMS bill for us and we can do nothing about it.

vk3xem
Posts: 910
Joined: Wed Apr 23, 2008 6:45 pm
Location: HEALESVILLE
Contact:

Re: SMS Account hijacked

Post by vk3xem » Sat Dec 27, 2008 11:22 pm

linuxlover wrote:SPAM email came asking me to log-in and confirm my details. I clicked and it looked like the exetel site, but clearly it wasn't. The address instead was: http://exetel-upgrade.bluechiphosting.com/ and so I was taken for a ride.
Looks like you need to be filing a crime report with the Australian Federal Police. Probably a good idea to talk to James D or one of the other staff members to help you put together information for the crime report.
The views I present are that of my own and NOT of any organisation I may belong to.

73 de Simon, VK3XEM

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sat Dec 27, 2008 11:25 pm

The Live support link at the top of the page allowed us to chat to confirm that the password and email has not been changed, and that it may be the account is locked to protect our account.
Looks like you need to be filing a crime report with the Australian Federal Police. Probably a good idea to talk to James D or one of the other staff members to help you put together information for the crime report.
How quick should this be done?
Should I talk to James first or the AFP first?

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: SMS Account hijacked

Post by jokiin » Sat Dec 27, 2008 11:32 pm

linuxlover wrote: 3. I had been having trouble with accessing web SMS, so I looked for a messages from exetel, and at that time a SPAM email came asking me to log-in and confirm my details. I clicked and it looked like the exetel site, but clearly it wasn't. The address instead was: http://exetel-upgrade.bluechiphosting.com/ and so I was taken for a ride.
certainly rubs salt in the wounds to have your account used like this when you inadvertently gave them access by falling victim to the scam in the first place, an expensive lesson I guess :(

vk3xem
Posts: 910
Joined: Wed Apr 23, 2008 6:45 pm
Location: HEALESVILLE
Contact:

Re: SMS Account hijacked

Post by vk3xem » Sat Dec 27, 2008 11:33 pm

There probably isn't a great deal you can do with the AFP over the weekend. The crime has already been committed and measures are in place to prevent it from continuing, so best to start collating information now.

From what I have seen Exetel are very helpful in all matters so I'm sure they will assist you with at least enough information to put together a crime report. In the mean time you need to collate what information you have. Starting with that email that tricked you into giving out your details, the more information you can get the better. Good Luck.
The views I present are that of my own and NOT of any organisation I may belong to.

73 de Simon, VK3XEM

Locked