Thread: Hacked
View Single Post
brainz01 brainz01 is online now
Registered
 
brainz01's Avatar
 
Join Date: Jan 2016
Location: Houston
Posts: 1,333
Garage
My brother and I both had fraud/hacking incidents recently which caused me to do a lot of thinking about cyber security:

1) I recently mailed a check to an attorney for $35k. Attorney said they never got the check so I looked at my account. The check had indeed been deposited, but the scan showed the check had been fraudulently deposited in the name of someone else. Somehow they intercepted my check and either washed it or duplicated it with their own name as the recipient. The only handwriting on the check appeared to be legit was “my” signature. Everything else was different. Crazy. Thank God I used carbon checks. I still had to file a police report, rewire all of my recurring direct deposits and debits…. Serious PITA. I did get my money back but it took 2 weeks and a wasted day of my time. And my checking account of 20 years had to be shut down. The local police department is investigating, but I’m not hopeful.

Lessons learned:
- Checks are pretty old school and completely lacking in security. It’s probably best to minimize their use. Same with debit cards…
- Use credit cards wherever you can. If there’s check/debit fraud, YOU are out the money until your bank agrees it was fraudulent and gives your money back. If there’s CC fraud, your bank/retailer is out the money. Big difference.
- If you do need to write checks, use carbon checks so you have a record of what you wrote (and to whom!). Or be sure to take pictures of the checks you write — especially the big ones.
- If you are mailing a check, particularly a big one, put it in an envelope and then mail that envelope in a FedEx, UPS or other registered mail envelope. You want the security of a tracking number and fully opaque envelope. In my case, I’d wrapped the check in paper, put it in a security envelope, and then dropped in a blue mail box. Apparently that wasn’t enough.
- You’re going to want to have 2 checking accounts: primary and backup. If your primary get’s breached and shut down, you may not be able to write checks untile you get a new account setup and checks received (which takes time). In my case, I was able resend a check to my attorney using my wife’s checking account.

2) As eye opening as my experience was, my brother got a bigger scare. He often works nights, and noticed he was getting some odd messages in his primary email account (provided by Comcast). He realized he’d been hacked and that someone was trying to access his financial accounts and was resetting passwords. Compounding the issue, and this is super scary, the scammers had also hacked (social engineered) his Verizon account and somehow managed to either forward all his calls/messages or otherwise clone his phone. So with his primary email and phone, the hacker was attempting to gain access to all his financial accounts. Long story short, he spent the next 4 days playing whack-a-mole with his hacker. It was a complete nightmare. He ended up nuking his old email address and all messages, closed his old account at Verizon, and had to buy a new phone and SIM card. He fortunately lost no money nor had any fraudulent charges (to his knowledge so far).

Lessons learned:
- Do NOT use and email address provided by your cable provider or phone provider for any sensitive communications (especially financial accounts). You’re better off with Yahoo or Gmail or another account with 2-factor security (like an Authenticator app) and that doesn’t have a help desk — “help” desks can be socially engineered. In my brother’s case, the bad guys called the help desk at Comcast with “problems” related to the cable service, leveraged that into some moron giving out his MAC address, then parlaying that info into divulging his email passwords. With his email details, the hacker silently went to work on the “help” desk at Verizon.
- Make sure you have a secondary account password on your cell phone account (not just the PW you use to access your account online). This second password is needed to authenticate ALL telephonic or in-person activity. And make sure this password is unique — it’s actually really important as cell phones are the de facto 2-factor security solution for many accounts these days.
- Enable “real” 2 factor authentication on all your important accounts (email, financial, etc.). There are several authenticators, and some companies like Yahoo or Google have their own. These authenticators are essentially an app with a unique rolling code on your phone. The only way someone can get access is if they physically have your phone with the synced authenticator.
- Use different, complex passwords for all your material accounts: Email, phone, financial accounts, etc. It’s not new advice, but it’s a PITA to manage, so consider using a password manager.
- Assuming you’re not regularly opening up credit accounts. Put a freeze on your credit with all the agencies. It’s also a pain, but far less work than undoing the damage of a hacker.

Anyway, long post, but hope that helps someone. Hackers suck.


Sent from my iPad using Tapatalk
Old 06-16-2021, 03:12 PM
  Pelican Parts Catalog | Tech Articles | Promos & Specials    Reply With Quote #4 (permalink)