And in other inexplicable computer news, this post got published with NO CONTENT, and without me hitting the “publish” button. Argh! (Deep breaths. Deep breaths.)
Here are some things the hacker did that made it harder for me to clean up the mess and that tricked some people into clicking the link:
1. They did it during the night. At 4:30 EDT, when I was asleep. Not that it took them more than 20 minutes to email all 1000 people in my address book, but if I had started getting those bounces when I was awake, I’d have realized something was up sooner.
2. This one is key: They only put in five or six addresses per email. The main reason to do this is because AOL has bulk mailing policies to prevent spamming. If you email more than ten people in one email, it can trip it. If you email many people in a few emails, it will trip it. So, AOL didn’t shut down my account and stop them.
3. Putting only a few addresses in an email also tricked some people who received the email into thinking it was legit, because we are used to spam emails having very long To: lines. Someone even said, “I clicked on the link because it was from you and there were only a few people it was sent to.”
4. They put a different subject line in every post, so I couldn’t just email everyone and say, “If you got an email that says “blah blah blah,” delete it. (I also didn’t want to email everyone because then I would be bulk mailing, AOL would shut down my account, and I would again have over 400 bounces to delete.)
5. They put a signature line in. Not my signature, but every email had some sort of random quote in the signature field, so it looked more authentic, if I was the kind of person who quoted people in my signatures (which I’m not, but a lot of people do).
Moral of the story, kids:
If you get an email with a link, and basically no info as to what the link is about, do not click the link! Email the person whose account it is from to find out if it’s legit or if they’ve been hacked.
This is particularly true for anyone you have not heard from in a long, long time. Someone you interact with frequently, you know what they have in their signature line and you know what they’re involved with. It’s easier to spot a hijacked email. If you get an email from out of the blue from someone you haven’t interacted with for a long time, that is a big red flag right there.
When in doubt, DON’T CLICK ON THE LINK. It doesn’t matter if it’s from someone you know. That’s why hackers steal others’ accounts!
P.S. If you get another fishy email from me, please tell me. There still seems to be the occasional fishy thing happening, and I can’t tell if it’s just delays in certain emails being process, or if my account has been breached again.