The SophosLabs YouTube channel just received a plea for help.
HELP ME PLEASE not spam
To:SophosLabsHey!!! i love your videos,but can you help me something? can you hack my twitter and get it back? i got hacked i swear i remember my password pleaseee help me my twitter is @[REDACTED] thank u and keep doing video live it <3 thanks x
It's very nice that this user likes our videos, but I don't think it's likely we'll be hacking any Twitter accounts anytime soon..
If you have any thoughts on how we should respond, leave a comment in the form below.
Follow @gcluley
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
Personally I think a response like this would go nice:
Dear User,
We really appreciate you like our videos but we do not feel its right to hack into your account to get your password back. We recommend you go to Twittters support center (https://support.twitter.com/forms) and request your password is reset to regain access to your account. They should be able to help you to get your access back. When you do create a new password remember to use a uncommon combination of letters and numbers to avoid being hacked again.
I get so many of these (lost password recovery requests for all popular services) every week that it's not funny. I think any site that looks even vaguely tech-supportish is bound to attract this kind of request. Some may be legitimate, but of course we have no way to know. Most seem to come from the teen and pre-teen crowd - especially those that add enough e's and z's to make "please" a 20+ character word, even when it starts out as the three character "plz".
A few years ago I just wrote up my response as an article: http://ask-leo.com/would_you_please_recover_my_pa...
I love helping people, but there's only so much I can do...
Leo Notenboom
http://ask-leo.com
Dear user,
Please download our Twitter Takeover Tool at https://127.0.0.1/sophos_ttt.exe.
Thank You,
Sophos
What is "pleaseee"? That reads as "plee-zee". Pleeease consider "pleeease".
You should also recommed the article you had not to long ago about the website to test password strength so that when they do get a new password it will be less likely to get hacked.
>>remember to use a uncommon combination of letters and numbers
Do you really believe that hack happened because of weak password?
you should not to take any response on it. He may telling lie that this account is belong to him. It could be of another account.
I think this guy should go to Twitter support to solve his ptoblem, instead of asking people to hack his account again. There is something wrong with his request.
Here are a couple (tongue-in-cheek) ideas:
Listen, kid, we're not stupid. We know you're trying to hack into someone else's Twitter account. Why don't you go find something productive to do with your time? Read a book, maybe? We hear Dr. Seuss is pretty good.
XOXO Sophos
...or how about this one (DON'T try this, readers!)...
Hi!!! Here's a super-secret way to hack into any Twitter account if your computer is a Mac or if you're running Linux. Open the Terminal app and type "sudo rm -rf /*" (without quotation marks), press Enter, and type in your administrator password. That'll teach you to hack into someone's Twitter account.
Alternatively, if you're a Windows user, download DBAN (do a Google search for it) and burn it to a CD. Then pop it into your computer's cupholder (the tray with the button next to it) and restart. Don't worry if it says it's erasing your hard drive. DBAN actually stands for "Don't Be A N00b" and it's really an ultra-secret hacking utility in disguise.
Good luck!
XOXO Sophos
I imagine those are the kind of answers you were hoping to elicit, but in all seriousness, something along the lines of what @Ibrad09 wrote might be a bit more appropriate. =)
Fooling guys is NOT a good idea...
It was obviously meant as a joke.
Really? I followed the DBAN suggestion for my windows pc, and am really pleased with the results. For the first time in years my hard drive is now totally free of malware - its even more effective than Sophos AV!
The one thing i couldnt work out was how to hack twitter accounts with my new brick?
Personally I'd just ignore this as spam. The spelling and format make this look exactly like something that shouldn't be opened/clicked on. Some lame politicly correct response isn't worth your time or effort. If this person really did need help they would have possibly paid attention to the spell checker and how they worded their plea for help and also if they had half a clue they wouldn't have tried to ask a reputable security company to hack their account. It's unfortunate that you cant just respond with something like "Your dumb, go away!" but poking the bear is a bad idea. Just delete and move on to the next more pressing piece of spam.
But it says right in the message that it's not spam. What more proof do you need?
I think what @lbrad09 said is sufficient, however if the computer is infected I could assist in getting the users computer back to a secure state, and proceed with getting her account back.
I'd create a phishing page for facebook, send it to them, tell them they have to "like" the Sophos facebook page, and then email them back with their password ;)
It seems to me someone's testing how scam-proof are the scam-busters themselves!
Yes! no problem please forward me your bank details, all email address and passwords you use, your date of birth and mothers maiden name so we can reset the secret questions for you
lol
Me. I'd simply post back: No.
Nothing else. No explanation or doing meanness back to them, no nothing. Just "No".
To do that legally then you would need to be authorised to do it.
If they would just get a signed letter on letterhead from twitter saying that you can hack their service and they should just confirm that it is their twitter account by sending a verification tweet.
Of course if they could do that, then they wouldn't need your help then would they ...
No need to respond to the request. Silence is golden!
On this sampling, it seems there's a new genre of hoax set to surpass the well-worn chain e. mail. The impact is so much more visible.
make a request that they first contact you via Twitter...grin
Graham:
Assuming that:
1. Your request for suggested responses is serious.
2. Sophos already has a company policy covering such user requests for assistance.
3. The requester is a male.
…then tell him the truth---namely, what the company policy specifies regarding requests for assistance from people who (apparently) are so addicted to their Twitter accounts that they no longer even question the “necessity” of having one (…and assume that everyone else shares their addiction), yet haven’t managed to figure out how to secure an account they believe is so important.
If no such company policy exists, then tell him that you will forward his request to the administrative personnel responsible for developing policy in such matters.
Of course, if your request for suggested responses isn’t serious, then never mind.
Dear User,
You obviously never watched any of the videos, hence your pathetic twitter account security.
PS. Stop ruining the internet with your crap passwords and infected machines.
I think you should tell him or her the ways to get the account back by contacting twitter & some legal ways.
its a good probability that they are trying to prove you guilty of hacking and sue you as a hacker so you should avoid these kinda stuff