Download Audio: Phishing: Hacked Online and What To Do
Whether your interest with the Internet and the World Wide Web is personal or professional, it can be argued that, in our times, they are as essential as water. With these technologies, we can be more, do more, and reach further. More and more of our lives now take place in the mediums of these technologies.
Due to the great utility of these technologies, they attract both the good and the bad. They come with a lot of risks for the individual, and more so for the business. This is why, as an Internet user, each one of us must be vigilant, to avoid being victimised by agents with malicious intentions online.
A few weeks ago, I was exposed to a phishing attack on Facebook and was almost hacked. Phishing is the subject matter of this blog post. I will discuss what type of attack it is in detail, how to avoid becoming the victim of this type of cyber attack, and what to do in the event that it happens to you.
The Internet is rife with risks for every user. Unfortunately, people get on this platform without educating themselves on the risks. I believe it is crucial that everyone educates themselves on the dangers they are potentially exposed to, whilst online.
Like with crime in the “real world”, you are, for the most part, oblivious to the risks, until it happens to you. The Internet is prevalent with malicious agents, some of whom will compromise the security of others online, just for the props or the kicks. To get a certain reputation, or just to watch others squirm, whilst other agents do it for financial gain.
I previously visited the issues of security online in the blog post titled, Security and Safety Risks On The Web, and also in the post titled, Prioritising Website Security. The former post referenced here, dealt with security online in general, whilst the later was more focussed on businesses with a website.
A few weeks ago, I got a message on Facebook Messenger. The message said, “This looks Like you, Barnett”. It had a Face with Tears of Joy emoji, and a link. The message apparently came from a good friend of mine. Naturally I was interested to see what my friend was inviting me to see!
I clicked the link, which took me to what looked like a Facebook page, in my browser. At the moment, I was not aware that the link did not actually take me to Facebook, but instead took me to a clone of the Facebook login page which required me to log in.
I use Bitwarden as my password manager, and the software warned me that there was something fishy: that this website was likely not what it claimed to be. I was however distracted, for some reason, and I logged in anyway despite the warning.
It was only after I logged in that I realised that I had been exposed. As soon as I realised this, my heart started racing and I went into overdrive: securing my Facebook account. You see, I use my Facebook account for business, including to run ads, and cannot afford to have it hacked, or compromised in any way.
What I had experienced was a classical Phishing Cyber Attack. But what exactly is it? Below is a definition from Microsoft.
“Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information: such as credit card numbers, bank information, or passwords, on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances, in a fake message, which contains a link to a phishing website.”
As you can see, I was almost the victim of a classical Phishing Attack. Being someone in tech, this is something I should have picked up, as to what was going on, pretty quickly. However, like I said, I was distracted, and they almost got me.
Let us review how the attack was orchestrated.
What hackers can do in a Phishing attack is widely varied, and dependent on the account in question. You may lose your reputation or even hard cash in the process. For Facebook specifically, they can send messages, and make posts that contain pornography, for instance, and they will use your Facebook account to send the Phishing links to other Facebook users, whilst pretending to be you. Thereby perpetuating the attack.
Phishing attacks can happen anywhere where you receive communications, and have the ability to click links. This can be anything from Email, to SMS, to Whatsapp.
Phishing is a type of “Social Engineering Attack” where the hackers do not do anything technical to your account in the attack; but trick you into freely giving them the information they want, in order to compromise your security. You literally give them the keys to the castle.
Vigilance is therefore the single most important line of defence. When you click links contained within messages, be vigilant to check where the link is taking you. You can do this by checking the URL in your web browser address bar, to make sure that you are going to the right website.
Unless you are sure of the source of the link that requires you to login; it is better to visit the website concerned, yourself, by either typing the address in the address bar of your browser or doing a Google search and then logging in. After logging into the site yourself, you can then click the link in the message, and if the link is legitimate, you should not be asked to log in to the website again to view it.
Once you realise that you have given your login credentials to a fake website or notice irregularities that indicate you have been hacked through a Phishing Attack, act quickly by taking the following steps;
Immediately change your password. Website accounts have password recovery mechanisms that will require you to use either your email or cell number to change the password. It is unlikely that the hackers will have access to these as well, so the attack may not be fatal.
Immediately contact the company for the website on which your security has been compromised to let them know of the situation, especially if your bank is involved.
Review your activity on the website and remove any content that has been added by the malicious agent.
Let the people you interact with on the website know that you were recently compromised and that anything they might have seen that was offensive did not come from you.
Want to hear some more from the Webmobyle Blog? Please