If you use the same password or a slight variation on all your accounts, you are issuing an invitation to be hacked, your bank accounts emptied, and generally making life miserable.
On Saturday morning, a friend called in a panic. She had received an SMS from Google suggesting strange activity on her account. Click here to log in to confirm or block. Boom—it was a scam, and she had given her login and password. We will come back to Google and Gmail later.
Next thing, she received an SMS from her bank suggesting an unknown device was trying to log in. Click here to confirm or block. Come in sucker.
She began to smell a rat, so she immediately called me and, on my insistence, used her banking app secured by biometrics to log in and change her password. Just as well as the hackers were not far behind and were thankfully locked out.
In trying to stop the hack, she aided it! By this stage, I was at her home trying to figure out how this had happened. The saga continues.
Never click a link in an SMS or a website!
The SMS from Google and her bank led to fake websites. These sites obtained her credentials and installed malware that copied her contacts, passwords, browsing history, installed apps, location, phone type, and we don’t know what else.
I downloaded Malwarebytes (paid version) and ran a scan, which showed 22 pieces of malware. Thankfully, it was able to remove it all! I could have downloaded the excellent Trend Micro for Android, but I needed a low-cost, quick and dirty solution that she could understand and use.
Malwarebytes also helped harden the device and installed browsing, phishing, SMS protection, and more. The downside is battery life, and on her older Nokia, that means twice daily charging. I gave her a portable power bank.
Google and Gmail
The hackers had her Google credentials and tried to change her password. While she did not have two-factor authentication enabled as it was ‘such a hassle’, she does now. Fortunately, clever Google recognised the hacker’s IP address and location were different to her usual mobile and internet addresses, sent her an SMS to verify, and froze the account. After changing the credentials, she had access again.
But there is more
For the rest of the day, she received SMSs from Facebook, Uber, Myer, eBay, Amazon, Woolworths, Coles, Flybuys, et al., and a host of other places she shopped.
They all followed similar lines: ‘We have noticed unusual activity. We will never ask you for information in an SMS or email. Your account is locked until you call 1800-XXX-XXX (a fake number) or click here to confirm or block it’.
I discovered that the attacker’s IP address was from a Perth-based server farm, coming from a block of IP addresses owned by Cyber Assets FZCO in the UAE. We can’t trace back any further than that, but it is likely these scams are financing the war effort in the Middle East. The IP address range has a history of being used for (spam and brute-force password attacks ), yet it has not been blacklisted. The SMSs were all spoofed.
Where did this start?
Google was ultra helpful, as ‘your account’ has details of what devices are signed in. She had several old phones, which we deleted. It could have been any of these devices as she had sold most on Gumtree and never done a factory reset (What’s that? she asked).
Looking through her Google account, it became apparent that one of the following accounts had been the source of the initial leak and as she had always used the same password, that made sense.
- Shein Shein – more Chinese spyware – fast fashion at the expense of privacy
- Temu Temu – more Chinese spyware – the catch in cheap online shopping
- Facebook #Delete Facebook
- TikTok #Delete TikTok
Read: I used Temu or Shein. How can I stop my data from being used
The attack was quick – very quick
We can only surmise that AI trawled her dark web profile (we all have one) and Facebook, likely gaining access by using credentials from Shein or Temu.
We surmise that AI scanned her Facebook profile and added her kids, pets, husbands, name and birthdates and other details shared freely online to her dark web profile.
Then came hack attacks on dozens of websites that were in her Chrome browser history.
We spent most of the day changing passwords on all her loyalty cards, government, banking, insurance and other sites with a login. It was exhausting, and she now uses LastPass to manage her passwords.
Good read: How long does it take to hack your password? (Security guide)
CyberShack’s view: If you use the same password, your life will crumble like a house of cards when, not if, you are hacked.
She (who will remain nameless) is an ordinary person with a typical job. She never thought she would be hacked.
Had she not called me and changed her bank password just in time, her bank would be empty, credit cards abused, her ID stolen, and those Everyday Rewards and Flybuys points she was saving for Xmas gone.
The mistakes were compounded by:
- Using the same or similar passwords.
- Selling old phones on Gumtree without a factory reset.
- Not enabling two-factor or multi-factor authentication.
- Panicking instead of logically and quickly assessing what needed to be done.
The mistakes were slightly lessened by:
- Calling a friend who had an inkling of what to do
- Changing the banking password via the app and biometrics, just in time (on my insistence)
- Working methodically through all her logins to change passwords. We also set up a new Gmail account to use instead of her usual email address.
- Using a paid and secure password manager like LastPass
- Installing a paid antivirus and malware app.
- Securing her Android phone by removing almost all app permissions.
- And setting her Google account to the highest security level.
The irony is that this could happen to anyone, anywhere and on iPhone, Android, Mac or Windows.
Use the same password, Use the same password, Use the same password, Use the same password, Use the same password, Use the same password. Use the same password
Comments