Getting scammed is an extremely distressing experience - and three iTandCoffee clients suffered that terrible experience recently.
One client found that someone had gained access to a range of her social media accounts - and had even changed the password and email address for one of these, so she was no longer able to access it.
Another client fell for a scam call, and the scammers initiated transfers of thousands of dollars - which were luckily stopped by her bank.
The third client received as strange message on her screen - saying she had a virus and to call the number provided, which she did.
Let's look at what happened in each of these cases - and what lessons can be learned from each.
Case 1: Multiple accounts hacked
In the case of the first client, multiple 'password reset' emails had arrived in her inbox from different social media accounts - alerting her to the fact that something was amiss. These emails had gone to her Bigpond mail account, which was (luckily) auto-forwarded to a separate Gmail account. Someone was trying to reset passwords on multiple online accounts.
She then found that she could no longer access one of the social media accounts - after receiving another email to say that the account's password had been successfully changed, then that the account's email address had also been changed. Her own email address was no longer valid when she tried to sign in to that account.
When she contacted iTandCoffee and showed me these emails, my first concern was for the security of her email account, which I suspected had been accessed by the scammers - and that this was how they were resetting passwords.
We signed in to the webmail version of her Bigpond email - only to find that the Inbox, Sent and Deleted mailboxes had been completely cleared - a sure sign that someone had been there, and was covering their tracks. Luckily she had the copies of the emails that had been auto-forward to Gmail.
The password for the Bigpond/Telstra account was then changed as quickly as possible, to lock out the intruders and prevent them from doing any more damage.
But how had they gained access to this client's mail account in the first place?
We checked the haveibeenpwned.com website to see if her email address and password were included on any stolen lists - which they were.
And it seems that the password used for one of the breached services on that haveibeenpwned list was the same as that used for her email account.
This made it easy for the scammers to log into her Bigpond webmail with the stolen credentials, then visit various websites where the email address may have been registered - and they obviously tried several - and choose the 'forgotten password' option to request a password reset link be sent to the email address. Because they had access to her webmail, they could then access each email with the 'password reset' link.
Another way she may have been caught out is by clicking a link in a phishing email or text, and being fooled by a fake login page - and providing login details there.
For this client, the most important thing now is to review all her online accounts - especially those associated with her identity and finances - and change the passwords to unique, strong passwords. She should also set up two-factor authentication wherever possible on these accounts, so that a password alone is not enough to access the accounts in future.
She will also need to advise friends that, should they have received an email from her during the breach period, that the email was not from her and they should let her know (so that she can be aware of what might have been sent to others). (Note. Because the Sent mail has been cleared, this client cannot be sure if any such emails were sent.)
Some lessons from this case:
Case 2 - Scam caller tricks client into providing credit card and banking details
This second client came close to losing thousands of dollars. She received a call that she thought was in relation to a set of charges that had appeared on her credit card statement.
The caller offered to help her resolve those charges, and guide her through what to do. He got her to download an app called Zoho Assist - Remote Desktop, which facilitates remote support by another person. They also got her to download another app called Skrill, which is a payment platform like PayPal.
They then started a 'remote support' session using Zoho Assist, and guided her through how to share her iPad screen with them. Once they could see her screen, they guided her through setting up a new Skrill account, and then linking her credit card and (from what I can gather) her bank account to that Skrill account.
This then allowed them to initiate transfers of her money to their own bank account.
Luckily the bank has a policy of holding payments to new payees for 24 hours, providing time for the client and bank to notice the transactions and put a stop to them. The bank also cancelled her credit card and put a hold on her bank account.
There are also emails that indicate the scammers tried to change her online banking password.
Of course, it is all very confusing for this senior client - and she is not sure what information she gave away to these people. Because many people are confused about the online world and the multitude of accounts they may have, it can be difficult to unravel what occurred and what was divulged.
We removed the apps that the scammers had added. We also identified that password changes were needed for her Apple account and her PayPal account - just in case.
There is still the risk that the Skrill account that the scammers set up has her bank account details - so the bank will need to keep her account suspended to monitor activity, and take whatever action that is necessary to ensure no Skrill transactions are allowed in future.
Some lessons from this case:
Case 3 - Virus message pops up in Web Browser and client calls number provided
In the case of the third client, a message had popped up on the computer, advising that there was a virus on the computer and providing a 1800 number to call.
While this client did suspect this message was a scam, she consulted someone else who advised her to take it seriously and call the number.
She called the number and the person (of course) said he could fix the virus problem for a fee.
Luckily, she realised she was talking to a scammer before giving away her credit card details. But she wasn't sure whether she had clicked anything the scammer told her to click, and needed her computer checked for any issues.
We cleared the computer's browsing history and cache, checked for any recently downloaded apps, ran a deep virus scan, checked her list of startup processes, and the list of recently modified files. Luckily for her, all was well.
Some lessons from this case
Need Help? iTandCoffee can help.
If you think you may have been caught out, or need to discuss any concerns you have about being scammed, make a time with iTandCoffee. Bookings can be made online here, or by calling 1300 885 420.
If you are a member of our iTandCoffee Club and have 'free support' as part of your membership, here is the link to book a free 15-minute consultation using this free support allowance.
And iTandCoffee Club members are very welcome to forward any suspicious text/email to iTandCoffee for us to check. Use the email address firstname.lastname@example.org
What's on at iTandCoffee ?
Join us for a short, fun 'topic of the day' classes known as PTT sessions (Personal Training for your Technology fitness!) - these are run on a regular basis. Or join any of our other classes shown below to learn so much about your technology.
If you have questions, why not join our The iTandCoffee Club to attend fun and informative 'user group' meetings.
All classes are run as online classes (using Zoom) which means you can attend from anywhere.
27 Sycamore St, Camberwell, Victoria Australia
Call 1300 885 420
to book an appointment or class, or to enquire about our services and products
SENIORS CARD WELCOME HERE:
Seniors Card holders qualify for a 10% discount on all classes booked and paid for online (excludes PTT sessions and classes already discounted during COVID-19 crisis). To activate the discount at the time of booking, select Redeem Coupon or Gift Certificate and enter 10OFFSEN before selecting Pay Now.
© 2012-2021 iTandCoffee Pty Ltd. All rights reserved ACN: 606 340 434