This is a Bartram original based on a series of events that lead to the discovery, that a person who reached out to me this week, was within minutes of losing all their money they had in savings and in the bank. I am putting this out for the benefit of my older (and younger) Facebook friends.
I received a call from a person who knew me in my past life. As they described it later, they knew me to be computer savvy, a CPA and honest. He said his computer was locked up and he was afraid that some money had been stolen. I told him that since I had given up my CITP specialty designation with the CPA society, I was no longer doing computer work. He insisted that I come and “take a look”.
When I got there and tried to access the computer with all his known passwords, it became clear by the hint that showed up that he was the victim of ransomware attack. I did not fully realize until hours later how difficult it is to break into a Windows 10 operating system. I took the computer home and in the wee hours of the night I had tried using a USB drive and nothing worked.
So, like any good hacker I turned to YouTube. Sure, enough several kids had posted how you lock up a Windows 10 computer. Eventually I reversed the process and was able to gain access.
The next morning, I took the computer back after taking off a high-level virus detected by running Norton Utility. I did not want to explore any of the files until the person I was doing this for was with me.
When he tried to access his bank account none of his passwords worked. Fortunately, he had set up “Multi-factor Authentication” for an entirely different reason then security. With the use of this feature and a lot of work I was able to regain access to his account. That is when the horror of events became evident.
The cyber criminals had moved all his savings to his checking account. Then using the Zilla feature and had tried to set up a transfer link from his bank to a New York bank. Then they had set up two Crypto Currency accounts.
All they needed was approval and it was a done deal. What they had not counted on was him becoming very sick and unable to answer his phone or look at his cell phone for the last few days. When I looked at his cell phone, they were franticly trying to have him call them back and multiple requests for verification of all the above.
When I looked at the access to his bank account over the days prior to me being involved they were on and off the bank accounts 50 to 100 times at all times of day and night. Obviously, they were trying to get around the two-party authentication on the phone and use an email method.
I found they had installed Norton Password Manager on his internet browser, to record all the passwords he keyed in and then locked down his computer with the ransomware so he could not access his bank accounts while they were cleaning him out. That is as much detail as I am comfortable sharing but let me assure you that if it happens to this person, it could happen to you. He is smart and street savvy.
As we get older, we have accumulated some assets and yes become more trusting. As you look at tv at all the car jackings going on and breaking into stores stealing items off the shelves in plan daylight we think we are safe just staying at home. This experience has burst that assumption. We are living in a lawless time and cyber criminals can steal all you have right under your nose. Here is an outline of what you might want to do.
- Stop answering the telephone. In our generation we have been trained to answer a ringing phone. Stop it now. Get a caller ID and subscribe to a voice mail option on your phone If you do not know the person calling let it go to the answer machine and then review the call from there to see if you should respond. Any number and name of the calling party can be a fake. You can make a phone say you are calling from the White House. A call from your area code can be from overseas. This fraud used “burner phone” and none of the numbers were real and I am sure the phones have all been destroyed by now.
- Never again click on a link in an email or download any file attached to the email without first calling the company or person to verify they sent it to you and what the purpose is. I get between 5 to 10 email a week trying to break into my system.
- Set up strong passwords. I can’t go into all the details of what this takes, but a commercial password vault like 1Password, Norton Password Management and others is become almost essential. Tricky to use but the only way you can possibly keep track of long passwords. A strong password can be generated by a phrase you might easily remember that no one could guess. Like: You Love Smokey Since You Found Her On The Street # 06221992. The password would be YlSsyfhots#06221992. This would be the password you accessed your password manager and then rely on the manger to get you into your bank account with a 24-word random password the manager would generate. If you own a g-mail account have a strong password on it. A lot of the hacking is going on using peoples g-mail.
- Stop responding to Facebook questions that are being used to develop a profile of possible password you might use and collect your information.
- Never ever give bank information over the telephone or respond to any supposed government agency that initiates a contract by phone call. The IRS and State always initiates contact by mail never by phone. Asking you to get a gift card to pay is an absolute give a way that you are being scammed.
- If you are every asked to respond to a notice of late payment, or a payment to keep something going never click on the link they furnish. Open a new browser and go to the page yourself and see what they want. Almost always it is a scam
- Never give a bank account number to pay for something. Always use a credit card (not a debit care). You have a better legal recourse.
Finally remember that if a transfer at a bank happens using your credentials you will almost always lose the money since that bank just did what your credentials said to do.
Your protection starts by not answering the phone or clicking or downloading an email. Praying for your safety during this troubling times.
This not intended to be an exhaustive list of items need to be safe on the internet or prevent fraud, just a heads up to study more. Best