Online hackers are everywhere! It's their full time job, and nobody is safe from the threat. Please update your passwords, add 2 Factor Authentication where possible, and NEVER click fear-provoking emails or messages saying you've lost access to your account!
I know, it sounds dramatic, but it's all too real. I have been supporting a number of friends, clients and family members whose security has been threatened. Here's what I've learnt and some recommendations.
Hacking Story # 1
I recently had an interaction with someone who had multiple linked Facebook & Instagram business pages. With no apparent warnings, their account was hacked. They first noticed they had lost access to their Facebook pages. Later, passwords were changed and they were locked out of accounts. Over a period of months, hackers gained access to their many email accounts, Microsoft and Apple profiles. It culminated in hackers sending a link requesting they verify their identity to regain access to missing accounts. Understandably, they clicked the link (which installed malware on their iPhone) then entered their face ID from various angles, as prompted, to verify they were the account holder. The hackers now had external access to their phone and face identity using hacking technologies unknown to most of us! Their phone suddenly had a green light on it. The phone then went black and was unable to be turned on or off. Let's just say, it was a terrifying ordeal and we all gained extra grey hairs in the process! I found evidence of them accessing accounts from various locations across the globe (in this case Nigeria, Cambodia, Egypt, Sydney and more).
Phishing Story # 2
I received an email from a "family member" informing me they had shingles, had fallen and smashed their phone and needed me to assist them by email correspondence. Appearing fishy ("phishy") I immediately contacted them. They were well and fit, and their phone in perfect working order! I then started madly chasing down the hackers. They'd accessed my relatives Bigpond/Telstra account and setup a forwarding address to a fake email account. It was almost the same except 1 digit, and could easily have been missed. They were then able to send emails as my family member to all their contacts *phishing for more victims. They could use the email account to reset passwords and find evidence of all their personal details, and bank accounts. A traumatic ordeal, but we successfully stopped them by taking immediate action.
These are just two of many stories out there. I urge everyone to stay alert to scams and protect themselves where possible. And if you suspect you've been hacked, reacting promptly is key. Remember, most international hackers are "working" while we sleep! Don't be afraid to report it to police and keep screenshots of evidence - this may come in handy down the track.
Phishing versus Spam
Spam generally relates to unwanted/unsolicited inbox messages. However, spam can be from attackers looking to gain access to your computer or personal information. Mark all unwanted messages as spam!
Phishing is more sinister in that it appears to have come from a reputable source and attempts to manipulate the recipient into disclosing personal details, transferring money, or clicking on sinister links to install spyware onto your devices. These messages may come from people you know and trust (whose accounts have been hacked) so it is critical to remain vigilant against such crimes. If unsure, don't click it!
Phishing and Spam happens mostly by email, but is becoming more prevalent via phone and WhatsApp messaging, as well as via Facebook Messenger, and Instagram Direct Messages (DMs).
REPORT AND BLOCK
Mark emails as SPAM/PHISHING direct from the email and BLOCK accounts
REPORT at Scamwatch and ReportCyber
TEST YOUR SCAM SENSE at Scamwatch
Check the latest AUSTRALIAN GOVERNMENT recommendations
Stay Alert to Scams
Signs of Phone Hacking
iPhone Settings to Prevent Malware Attacks
Search SETTINGS for CALL RECORDING > turn green toggle OFF
SETTINGS > search APP PRIVACY REPORT > turn ON
SETTINGS > click your name > ICLOUD > turn messages OFF (I personally turn off everything, iCloud except notes)
Use Encrypted Password Software (i.e. 1Password)
Password Settings in Internet Browsers
I highly recommended exporting all passwords auto-saved in Safari, Google, Firefox, Edge or any other browsers. Import them into 1Password and delete from your browsers.
EXAMPLE. GOOGLE > Password Settings
Here you will no doubt find an alarming number of logins your browser has prompted you to save. Hackers can access all these details if they know your Google login (including bank/accounting details if auto-saved).
Visit https://passwords.google.com/ > Click the SETTINGS toggle > TURN OFF AUTO SAVE SETTINGS, as per screenshot below:
2 Factor Authentication (2FA)
2FA is a secondary code sent to your phone, email or chosen authenticator app. Newer technologies allow for trusted Authenticator Apps to store 2FA codes that refresh every 30 seconds, while some online accounts still require text or email security codes. I recommend using 2FA directly through 1Password so it's one less step in the login process (it will autofill if setup correctly).
I used to recommend Google Authenticator App, but am reluctant to do so now. If your google/gmail account gets hacked, they can access all your 2FA codes through this app. They can also access your passwords autosaved in your browsers, as mentioned in section above. The same security risks apply with Microsoft Accounts, browsers, and the Microsoft Authenticator App, as with any other authenticator apps linked to outside email accounts. Instead I recommend using the encrypted platform 1Password to store your one-time passwords (2FA) securely.
Passkeys
Passwords
Avoid using Google, Apple or social media accounts as an easy login option, this is risky. Instead, use a unique and individual passwords for all logins. I know this is hard, but it's critical. If a hacker gets into 1 account, they can then access accounts that use the same login credentials. Create long passwords, 12 characters minimum (the longer the better), with a mix of characters, uppercase and lowercase letters, and numbers (not your birthday or postcode). Obviously, this is easier to do with the adoption of the 1Password application as mentioned above.
High Target Accounts for Hackers
Consider Changing Email Providers / Upgrading your Plan
How many email accounts do you own? Have you checked over your security settings? Have you added 2FA or Passkeys to your email accounts? Is it time to consider a new email provider?
Beware of Bigpond!
If you are still using a @bigpond.com email address, I recommend considering an alternative email provide. Telstra & Bigpond no longer provide adequate security protection in my experience. Rest assured, you can forward existing bigpond emails onto your new email account. Don't forget to login to your MyTelstra app, add 2FA and move email notifications to a different email address.
Never trust an email from a friend or family member asking for help from a @bigpond.com account.
Is Gmail Safe?
Don't forget to delete redundant email accounts.
Protecting Facebook & Instagram Accounts
Many social accounts are under threat, and may already have been accessed by international hackers at some point in time without you knowing. Here are a few pointers to keep your accounts secure.
Facebook / Instagram Settings
RESET PASSWORDS and create unique logins for all accounts - force logout of all your active sessions while doing so.
Enable 2FA on all accounts.
Do NOT LINK LOGINS - disable the ability to login from one account to another (this leaves you wide open for attacks).
Take the SECURITY CHECKUP in Accounts Centre here
CHECK SECURITY on Facebook here
Update SECURITY SETTINGS as below:
VISIT accountscenter.facebook.com or check SETTINGS in the Instagram App:
Check WHERE YOU'RE LOGGED IN - only keep primary & known devices active.
Check TRUSTED DEVICES - delete any suspicious devices from unknown locations.
Please change LOGGING IN WITH ACCOUNTS settings so profile logins are unlinked (there is no need for this) - Rest assured, this does not remove the ability to cross-post from one account to the other.
The best way to protect yourself from hackers is to undertake your own security audit BEFORE the need arises. It's often too late taking action after losing access to your account, or after your bank account is drained.
Companies like Facebook make it almost impossible to be contacted and rarely provide resolution to fraud and hacked accounts. Always check settings thoroughly!
I myself faced IDENTITY THEFT in 2024 after my handbag was stolen 2 years prior - read previous blog post here for more information on identity theft, precautions and actions to take if this happens to you.
🔗 For additional information, visit these links:
1Password Security Blog ~ for the technically proficient types!
SUBSCRIBE to receive the more tech tips and business tricks from LMM Designs.
Tell us, was this information helpful?
Yes, I'm keen to hear more.
Kinda, but I need help to action these steps.
No, I'm on top of online security.
תגובות