I'm the original poster. The site is http://www.fruition.ws/ if you want to take a look at the scam.
I shut down everything properly. All my former clients were well aware that I was no longer in business. Their sites and services were transferred to other companies. In fact, that's how I learned of the scam. One of my former clients tracked me down once she received a new email invoice (with PayPal Pay Now button) for YEARS of services—fraudulent, of course. The thing is that the invoice was exactly what I used to send folks, because they had gained access to my exact account through my old email address. Luckily, no one paid anything before I was able to shut down the invoicing account and alert PayPal.
In hindsight, I should have closed the invoicing account, but since it was free I figured I'd let it sit. That, apparently, was a bad decision.
I thought it was a pretty clever scam as well. They didn't have to break into anything! I think you've explained exactly how they did it. At least, that's the same conclusion I came to.
It's an HTML and image clone of what was a PHP/MySQL site. (Notice that none of the forms function.) I figure Russian hackers because the nameservers point to ns1.firstvds.ru and ns2.firstvds.ru.
It can't be an inside job because the company was a one-man show, and that was me.
Here's how I figured it happened:
1. I let the domain expire.
2. The hackers register the domain.
3. They put up a version of my old site (either form archive.org, or maybe something they saved earlier?)
4. They did some Googling to find my old email addresses, and set up those accounts.
5. They used those emails to request "forgotten" passwords from the major invoicing services that a one-man shop would use.
6. Voila! They're in and invoicing my customers.
Make sense? Can we Slashdot (from the comments) them and take down the site?
Slashdot Mirror
Hi HikingStick,
I'm the original poster. The site is http://www.fruition.ws/ if you want to take a look at the scam.
I shut down everything properly. All my former clients were well aware that I was no longer in business. Their sites and services were transferred to other companies. In fact, that's how I learned of the scam. One of my former clients tracked me down once she received a new email invoice (with PayPal Pay Now button) for YEARS of services—fraudulent, of course. The thing is that the invoice was exactly what I used to send folks, because they had gained access to my exact account through my old email address. Luckily, no one paid anything before I was able to shut down the invoicing account and alert PayPal.
In hindsight, I should have closed the invoicing account, but since it was free I figured I'd let it sit. That, apparently, was a bad decision.
Hi there,
I'm the original poster, now logged it. The site is http://www.fruition.ws/
I thought it was a pretty clever scam as well. They didn't have to break into anything! I think you've explained exactly how they did it. At least, that's the same conclusion I came to.
I'm the original poster! Sorry about the Anonymous Coward status, I got lazy and never thought the story would get picked up.
The site is http://www.fruition.ws/
It's an HTML and image clone of what was a PHP/MySQL site. (Notice that none of the forms function.) I figure Russian hackers because the nameservers point to ns1.firstvds.ru and ns2.firstvds.ru.
It can't be an inside job because the company was a one-man show, and that was me.
Here's how I figured it happened:
1. I let the domain expire.
2. The hackers register the domain.
3. They put up a version of my old site (either form archive.org, or maybe something they saved earlier?)
4. They did some Googling to find my old email addresses, and set up those accounts.
5. They used those emails to request "forgotten" passwords from the major invoicing services that a one-man shop would use.
6. Voila! They're in and invoicing my customers.
Make sense? Can we Slashdot (from the comments) them and take down the site?