Chiropractor falls victim to hacker

AUSTIN (KXAN) - It was not the way Dr. Don Jackson had meant for his Valentine's Day to start off.

He was drinking a morning cup of coffee and reading the newspaper when a telephone caller brought some scary news: "You've been hacked, my friend!" A quick check of his e-mail confirmed the news: Jackson had received no new messages and all of the over 300 contacts in his account were gone.

More calls quickly followed and the victim, in a panic, called a computer software consultant. The expert looked under the proverbial hood and quickly diagnosed the problem.

"Don made a classic mistake of A) thinking he had a secure password and then B) using that password for everything," said Mike Dempsey, of JMD Consulting. As a result, the hacker, believed to be working in Nigeria, was able to invade the doctor's Facebook page and his e-mail account. He then stole the entire contact list and sent a frightening email to everyone on it. The message said Jackson had been robbed at gunpoint in London and needed money to get home.

Dempsey went to work. He returned the doctor's e-mail account to his own control, devised a more diverse and complicated password system for him and activated a security protocol called the "Secure Sockets Layer" or "SSL" in his email account.

The damage, however, had been done. Jackson was out money, time, hassle and a large dose of embarrassment.

"I had a buddy of mine I went to chiropractic college with, living in San Francisco," said Jackson. "We hadn't spoken in ten years. He had mailed by Western Union, $500, saying, 'Hey, I'm there for you; I've got your back.' And we hadn't spoken in like, fifteen years, so you find out who your friends are. Ironically, I never heard from any of my family as a result of this," he laughed.

Fortunately, the friend had the presence of mind to pose some "security" questions, aimed at verifying the e-mail sender was in fact, Jackson. The hacker, of course, didn't know the answers, so the wire transfer was canceled in time. The perpetrator, though, got bolder. He went to Jackson's Facebook page and started communicating with the doctor's "friends."

"He was on my Facebook page, chatting with people and my friends get on it and start chatting with him," said Jackson. "So he started asking them questions, like, 'Hey, I have a quiz: What's my favorite color? What's the name of my ultimate Frisbee team? Where did I go to school?' He was trying to glean information from them, pretending it's me, pretending, 'Hey, it's a little quiz,' so that he could answer these questions that people were asking him."

Dempsey was not surprised.

"There have been people making $10,000 a day doing a variety of different scams on people; anything from setting up a bogus Web site that's just going to capture your credit card information, to in this case, hoping that maybe they're going to use the same user name and password that they used for their email account on a Facebook page. In the past, it was the same as doing graffiti; it was, you know, 'Look how many machines I attacked,' and there was just the notoriety. In the last five or six years, it's really become an industry."

In this case, the hacker’s job was relatively easy.

"He had a dictionary word and a couple of numbers on the end of it, a word like, 'cucumber,' something you'd find in the dictionary, as opposed to a made up series of letters and numbers." said Dempsey. "We used to think that was secure enough, but that's not the case these days."

Simple steps like using various passwords for different levels of protection. At a minimum, one password for social media sites, another for commerce sites like Amazon, a third for e-mail, and a fourth for online banking. The more sensitive the information at stake, the more complicated and thorough the protection should be.

"I'm less concerned about the lock on the shed in my back yard than I am about the lock on my front door," said Dempsey. "So I'm not as concerned about my Facebook page getting hacked into, but I need to be aware that that might be a back door into something else if I haven't taken the proper steps."

According to the consultant, as scary as all this seems, it is still possible to live safely in an online world.

"You just have to be very diligent about it," said Dempsey.

As for Jackson: Lesson learned. He swears he will never return to Facebook.

"Just too risky," he said.

As for that bogus appeal for money, the doctor says he’s not sure if anyone ever did send some to the hacker.

"To my knowledge, no one has come forth and admitted it, and I don't think I would either," he laughed. "So I really don't know."

To enable SSL on a Mac, watch the instructions below:

To enable SSL on Outlook, watch the instructions below: