One woman's escape from a hacked email account

Updated 2/28/2013 10:58 AM

Will the real Kelly Brown please email us back?

Kelly Brown, owner of Four Seasons Redesign in Sleepy Hollow, awoke Monday to find her Yahoo account for her business had been hacked.


Her contact list was gone and so was much of her mail from that day. The culprit then masqueraded as "Kelly Brown," used a couple of fake email addresses and dressed them up with her company logo. Very quickly the phishing emails were unleashed seeking $1,500 because she was supposedly in trouble in the Philippines.

The real Kelly Brown didn't realize the scope of the problem until colleagues and friends told her, she said.

"Now I know why they call it phishing, they throw out a lot of lines and wait for a nibble then hope to reel you in," Kelly said.

Besides trying to reconstruct her contact list and the missing emails, she spent several hours tracking down what happened, trying to correct it, and handling a flurry of emails and calls regarding the incident discovered by others -- all valuable time lost from her business, she said.

Kelly said she investigated and learned her account showed an activity entry from Nigeria at about 7:30 a.m. that day when the trouble started. She reported the trouble to Yahoo, followed the instructions on further protections and also changed her password.

by signing up you agree to our terms of service

Still, after all that, she still has unanswered questions: Is her account fixed? Did she do all that she could? Is important information still floating out there in the wrong hands?

Remember that anything can be hacked, stolen or destroyed so the most important advice is to review the business and see which items, things, contacts and data are important to the business and determine a plan for each in case of hacks, steals or destructions, advised Karl Volkman, chief technology officer of SRV Network Inc. in Chicago.

"The plan can be having a backup, having insurance, or having to create an intense security defense because it cannot be replaced," he said.

Next, make sure that all reasonable attempts are made at protecting the assets, such as using firewalls, changing passwords, creating unusual passwords, and having anti-spam and anti-virus software updated frequently, he said.

"It should be pointed out that these practices stop the majority of threats but not all," he said. "If someone is determined and knowledgeable, they can get around any deterrent."

• Follow Anna Marie Kukec on LinkedIn and Facebook and as AMKukec on Twitter. Write to her at

Article Comments ()
Guidelines: Keep it civil and on topic; no profanity, vulgarity, slurs or personal attacks. People who harass others or joke about tragedies will be blocked. If a comment violates these standards or our terms of service, click the X in the upper right corner of the comment box. To find our more, read our FAQ.