We are all driven a little (or a lot) crazy by Passwords for online accounts. And I know that so many people choose to write down their passwords on paper, in Notes on their iPhone/iPad or, sometimes, as entries in their Contacts app. 😱 This may seem like a good solution, on the basis that you probably assume that only you can see the contents of your Contacts app. An iTandCoffee client only last week found that this is not the case - and that a scammer had access to all her Contacts and the passwords she stored there (as well as all sorts of other things). With the number of clever scams emails around, it can be very easy to be caught out by one that looks legitimate - and to sign in to an account when asked to do so. This is exactly what this iTandCoffee Client did recently. She received an email from a friend, sharing a OneDrive file with her - and when requested, she signed in to her Microsoft account to check out that shared document. She didn't realise she had been caught out - that the document was a scam and that her sign-in credentials had been stolen. It was only when some of her own contacts also received the same strange document sharing invitation - this time from her - that the scam was uncovered. I was one of those contacts, and here is the message I received from her. Everything about it looked authentic, and I am not surprised she (and anyone else) would be caught out by this one. I texted her straight away, sending a screenshot of the message and asking if she had sent it (fairly sure she hadn't). I warned her that I suspected she had been hacked and that the hackers may have access to her Microsoft account. To be safe, her Microsoft password needed to be changed, and her account needed to be fully secured and checked for other issues. She changed her password as soon as she could (a few hours later), but found she subsequently stopped receiving any mail to that account - an issue she sought assistance with about 3 days after the initial hacking incident. Here's what had happened in the time up until her password was changed. In fact, it could have continued for the 3 days, since changing the account's password may not have locked the hackers out of her account. (We'll talk about the extra step required block all signed-in sessions, apps and devices shortly.) In the time the hackers had access, they would have been able to view all her emails in that Exchange account, and glean any valuable information that they could from these emails. This included emails that had some login credentials for some key aspects of her business. They planted a Rule for her Exchange emails that automatically moved any received mail straight to another folder - which meant she stopped seeing her incoming mail and thought the account wasn't working properly. By doing this, the hackers could monitor her incoming and outgoing mail for anything that they could use to defraud her or someone with whom she corresponded. They could delete any evidence of what they sent. They may well have hoped to quietly 'camp out' in her account for a prolonged period, waiting to execute a 'man in them middle' attack if she received or tried to send an email relating to anything financial. The fact it was a Microsoft account also meant that they would have had access to her OneDrive/Sharepoint and any files stored there. (Luckily she didn't user either of these much in her small business, so there wasn't much content there.) Importantly for this client, the hackers also had access to the list of Contacts stored in her Microsoft Exchange account. This would have allowed the hackers to steal that list of contacts, sent emails to these Contacts pretending to be her, and attempt to catch out others in the same way that they caught her out - or maybe pretend to be her and send emails trying to con money from her contacts. And unfortunately for this client, she had also used Contacts as a place for storing passwords. So the scammers had full access to the list of passwords that she had stored there - and could therefore gain access more than just the Microsoft Account. You can imagine the stress this poor victim suffered as a result of this experience. The fall-out continued in the week after the incident, as further accounts may have been compromised using information found in her Microsoft account. And her account was registered as spam email address, meaning she was blocked from sending any mail until we unblocked it. Some lessons from this incident
As a side note, if you need proof that multi-factor authentication is essential for your online accounts, check out the screen shot I just took of the results I got from Review Recent Activity for my own account! So many attempts to hack my account! Need help with this or any other technology issue/question?We have focused on Microsoft 365 above in the discussion of how to secure your account. If you need help with securing any other type of account (or any other technology question/issue), make a time with iTandCoffee.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
What's on at iTandCoffee ?Below is our list of videos, classes and other events that are coming up soon.
Videos shown are offered for eligible members of the iTandCoffee Club. If you have questions, why not join fun and informative 'user group' meetings, held once a month. All iTandCoffee classes are run as online classes (using Zoom), which means you can attend from anywhere. |
27 Sycamore St, Camberwell, Victoria Australia
(also located in Daylesford)
(also located in Daylesford)
Call +61 444 532 161 or 1300 885 420
to book an appointment or class, or to enquire about our services and products
SENIORS CARD WELCOME HERE:
Seniors Card holders qualify for a 10%* discount on eligible classes booked and paid for online. To activate the discount at the time of booking, select Redeem Coupon or Gift Certificate and enter 10OFFSEN before selecting Pay Now Seniors can also save $5** on the first full hour of appointments booked online. Enter Coupon Code of BASEN5 when booking to receive this discount. * Some heavily discounted classes are excluded from the 10% class discount offer. ** Where more than one type of discount is available, only one type of discount can be used. |
© 2012-2025 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434