Use advanced navigation for a better experience.
You can quickly scroll through posts by pressing the above keyboard keys. Now press the button in right corner to close this window.


We woke up this morning to find an old email address had been hacked. Someone had gained access and sent out emails to everyone in our contact list, posing as us, stating in desperation that we had been mugged in London and needed money wired to pay for our hotel and plane tickets back home. Not only that, they had searched our email and found an email from Facebook with our account password on it. Overnight, hundreds, if not thousands of friends, contacts, businesses and all the poor souls we have ever emailed about something posted on Craigslist had been spammed. 7am. Started a day of war against the abuse and stealing of private data. The simple act of amassing data on servers and the seemingly ease of cracking passwords tends to lead to corruption. What’s really sad is how lightly the social network controls all your encrypted information. Within minutes, this person had set up email forwarding to another address, changed our secret questions and reset our passwords, locking out access. It took several rounds of us resetting all our information, the perpetrator re-resetting information, us being locked out again, and the process starting all over again. Finally about 1pm we regained control over our Gmail account. Within 12 hours, at least 5 people exchanged communication with this person, either over email, chat and one via phone. 2 people actually wired money (recovered now, thank God).

I know, it could have been a lot worse. We live in an increasingly digital world. Through all of this, the picture of social sites and email that emerges is one of loose internal controls on private data access. Didn’t you hear Facebook thinks we all want our information public? Now it’s no longer trust people for whom you click the ‘friend’ button, but beware of everyone. Public is the new social norm and we should all embrace it. On the Social media sites, not having the option to control certain aspects in some ways is detrimental to the way we interact, it will have a lash-back of behavior. Facebook forges ahead becoming more and more public than ever. There are of course potential upsides (hey I’m a huge Twitter user myself). However, they should continue to keep users accounts in as much control and confidentiality as possible, if not absolutely legally bound to. On the email side, encrypted, password protected accounts should be even more protected. In this case it looks like the original obtaining of the password to begin with was a server-side failure. Far too easy to do, it seems.

Lessons learned. Every. Single. Password- RESET.

One would think, how in the world would people fall for these phishing attempts? But hey, they are based on the human notion that people care for one another, prey on fear and concern and exploit those willing to help. I am both sadly surprised and humored at this. On one hand, our friends could have lost thousands of dollars trying to help us out. On the other hand, we have friends who are willing, at the drop of a hat, give us thousands of dollars to get us out of a pinch. On one hand, there are many people out there right now freaked out by this and hopefully resetting their passwords. On the other hand, I got to talk to a lot of friends I haven’t heard from in a long time. On one hand, I’m overloaded with the number of emails and phone messages I have received letting me know our email account has been hacked to whom I have spent the day explaining the situation to. On the other hand, there is no way to respond to 90% of the people who received the original messages because the perpetrator erased our entire Gmail contact list the last time he had access.

In my mind I have analyzed the fake email over and over. It’s kinda funny to re-read it, knowing myself and not my fake self. There are so many holes. First, anyone who knows us should know that London would not be the first place we would travel internationally if we suddenly had the chance to take a vacation somewhere (gosh, especially this time of year). Second, everyone should know that Matalie is a pseudonym. There is no way that name could be on our Passport or that we could legally receive a money transfer for which we would have to show ID for. Third, IF for any godforsaken reason we would end up in trouble (like getting mugged and not having a way to pay for our hotel), there are about 16 different channels we would go through before emailing people en masse. So if we call you at 3am, then it’s legit. Fourth, we would probably almost never, NEVER have a hotel bill of $1480.00 (we’re the people who spend 85% of our honeymoon CAR CAMPING through Canada in December, remember?). And if we did- geez, it would require a deposit and the hotel would have a credit card on file. And fifth, we actually know people in London and most everywhere we travel, it would be the most logical to contact those people first.

Even better are some of the responses via email and facebook that were received trying to figure out if this request was legit or not. It shows our friends are smart cookies. And because, at the end of the day, we can only laugh at something like this, my list of favorite responses:

“If this is really Natalie, what High School did I go to with you?”

“Have you really been mugged, or have I (almost) been suckered by a Nigerian scam artist?”


“This is ridiculous. My husband talked to “you” yesterday. We know “you” are not in London. I am reporting you.”

“I was so worried about you for about 3 seconds but it’s a pretty obvious fake.”

“Apparently you were mugged at gunpoint in a London park and now cannot pay for your hotel. While sick in Seattle.”

“I hate to have a bad event be the reason I am emailing you after so long. After checking with your blog, I confirmed you are not on vacation.”

“OMG! And I was mugged last night at gunpoint TOO!”

“Can’t wait to see the photos from your trip! :)

Leave a comment