This morning, as usual, I checked my mail. This particular email caught my eye because of the content in the excerpt. My first thoughts? OMG! Yeah, obvious. I was too scared to click and open it for two whole minutes. (Yes, I counted them.) I did click eventually. Of course, if I hadn’t I would not be writing this post. Or maybe I would. Anyway, the following are the contents of the email.
Dear Ms. Rabab Khan,
We have been following You very closely and at this point in time know more about You than You are comfortable in acknowledging. However, the purpose of this email is not to threaten or deface Your identity, we would only like to extend a friendly gesture. Since this is our first and only known correspondence, we would hope that You appreciate the risk we are taking.
We are very interested in Your work and have been closely following Your activities for the past month and a half. Suffice it to say that due to the bad publicity that we have been receiving over the past few months we would like to reboot our site design and slowly reorient our activities and reintegrate ourselves into the white-hat community. To this end we would like to contract Your services as a consultant to assist with the new site design and content. You need not worry about Your identity, it is safe with us and You will have our full protection.
We can assure You that You will be compensated handsomely. However, due to the nature of our previous exploits cannot afford risking sending monetary compensation. You will, however, have our complete security, coding and hacking expertise at Your disposal. We only request that You use it judiciously and with care.
We have attached a word file with full details of the contract and the nature of the work and would request that You read and understand the risks associated with such a job carefully before replying. You will have two days to respond fully to our email. Please write an email and save it as a draft to respond as we will carefully be monitoring your email activity. We will delete the draft as soon as we have read Your response and will correspond in like manner.
We request that You try not to change Your email address or Your passwords. We are Lulzsec and we do it for the Lulz, You can’t hide or run – the CIA couldn’t. We will however respect your privacy and your decision, those are Yours and we value them.
–The Lulzsec Team
(My Email Signature was inserted here with the Lulzsec website address)
I checked to see what email they had used and this is what I saw
Well, obviously, when you hack into someone’s email, you email them from THEIR email address, not yours.
Holy Moly! Lulzsec emailed me? Wow! Yes, sadly, that’s what I thought. The thought that my privacy had been compromised did not even cross my mind. I was so excited (exhilarated actually) that Lulzsec had sent ME an email that i did not even think for a second how dangerous it could be. My email was hacked by LulzSec! I didn’t even bother to change my password. Well, they told me not to, how could I let them down? Sigh. I even saved a response in the drafts and waited eagerly for it to be deleted, as “they” had promised.
As i watched my email, my phone rang. That was frustrating because I didn’t want anything to come between me and my email watching. The caller id told me it was my friend. I answered it to hear hoots of laughter at the other end. Perplexed, I asked,
“You actually fell for it!” More laughter.
“Damn it! YOU emailed me as Lulzsec?”
More devilish laughter.
I vaguely remembered days of no internet connection when I had given my Gmail password to my friend to reply to an important email. Never changed it after that. Yes, I know, that was dumb.
By this point, I was not amused. I was heart broken. All my dreams of working with Lulzsec were shattered in the span of a few minutes. Who needs enemies when you have friends like that?
A positive side to this incident, I instantly set up the two-step Gmail verification, changed my Gmail settings to always use https instead of the insecure http and a lot many other things.
Do you think your Email is secure? How would you have reacted to such an email?
If you have no idea who LulzSec is (are you serious??) check out the following links: