I’ve now known two people who didn’t think getting hacked was a priority and found out it was
A couple of years ago a friend of mine had his gmail hacked. His initial complaint was that a whole bunch of banks and website suddenly had started sending him signup information to the tune of 30-50 an hour. Most of these were overseas and he said he had no idea what was going on and I informed him his gmail had most likely been hacked and he was being used as a legitimate email address to reply to things and to change his password and sign everyone out right now.
He said he’d get to it after work… I told him he’d be sorry, get it now before it spreads. He didn’t.
TL;DR – two tales from my recent past that most of the details are omitted.
Of course shortly after this they changed his password and signed him out, and rather than a couple of minute change your password sort of thing it became an ordeal as they discovered his financial history and started working their way into that and various social media that just requires an email verification for lost password. Every major service needed contacted as they’d gone to them, changed the password, changed the email address, took control of the account.
He didn’t lose anything that I know of, but recovering took days and he’s being spammed by financial institutions, foreign social media sites, and otherwise lives with an email box that’s the result of being used as part of an attack. Could have been stopped quite a bit sooner but yeah… take an emergency break from work before you have to take days off of work dealing with this. It wasn’t a human doing this it was a bot and could have been stopped sooner.
I know another man who got scammed by a crypto group that had a great looking app, and site. All was fine and dandy until he attempted to pull money out of the thing and they required a deposit to get his money out. Oof… I’m not sure exactly how, but assuming the app he was using for this crypto scam gained hackers access to his Facebook, Apple ID, Email.
See here I’m conjecturing as we don’t know how they got his Facebook, just that one day his 3000+ followers started getting a fake blog about how this person had just got a certificate of training in crpyto exchange… this wasn’t truly too far off for him so I didn’t call him until the next post a day later where he was claiming to have made a lot of money and was holding up a sign saying so. This was out of character.
I called him, he’d been hacked, they got access to all his bank accounts, apple account, anything that required his phone/sms they had intercepted. I’m not really sure how this was done because nobody found out or investigated too deeply. He ended up having to get a new phone line and Apple account in order to regain control. But he waited a couple of days while an IT guy was begging him to go and report this to the police and grab a phone he could operate off of and start reporting it.
The couple of days and thinking it was just a Facebook hack and not immediately contacting all financial institutions and issuing a fraud alert cost him thousands. Now people who get hacked like this generally get their money back, but he’s a business so that looks like it’s not going to happen. At least that’s what I’m hearing. No idea on if all his email was compromised but one can imagine.
During all of this he sat on it for a couple of days because he had other things he needed to do. I suspect had he acted at the outset the money wouldn’t be gone, but I don’t know for sure. Now he’s got the fallout from everything that happened to deal with for the next several months, and I believe his FB may still be compromised and scamming people.
I talked to the IT guy who was helping him through this and during the recovery they called Facebook supposedly and it ended up being a scammer trying to get their credit card number to “pay Meta’s costs for your negligence.” He also had Apple support supposedly calling up that sounded a bit scammy.
In either of the above examples I don’t know that jumping on it immediately would have changed much, but not making eliminating a hack a priority ended up costing one thousands, and the other weeks.
Make it a priority, take the time off, it’s an emergency and not just changing a password event. If you’ve had the email you use for social media or banking compromised make the assumption that those places all need contacted.
