The information that we have on our cell phones has become so valuable to hackers, the question of whether we could become a target is not if but when.
In this Consumer Exclusive, 7NEWS Here to Help looked into the latest cyber threats and the most important steps you can take to reduce your chances of succumbing to an attack.
FINANCIAL FRAUD
Melissa Jackson in Anderson contacted us after a hack that would make anyone’s heart drop.
“The money was just gone, it had vanished,” she told 7NEWS.
Jackson said it all started when she was having trouble with her debit card, so she Googled the phone number for her bank, Chime.
“I called the number that I Googled and when I answered they said this is Chime, and so I told them about my card issues. And so, they said we can now fix your card through the system. So, he said download this app, so when I downloaded the app, he said go to your Chime account. I looked at my Chime account and I actually could see my money from my savings move from my savings to my checking,” said Jackson.
As a family member got on the line with Jackson’s real bank, the hackers suddenly drained her account.
“This was $2,450. That was my whole savings account,” she said, showing 7NEWS the money that was missing. “I felt like my heart had been ripped out of my chest.”
PROTECTING YOUR PHONE
Mike Taylor, Chief Security Officer with the IT company Epsilon, warns hacks and cyber attacks are only growing more sophisticated, so we need to be more proactive about protecting our private information.
“Within 10-15 minutes you’re completely powerless to do anything if somebody gets access to your cell phone. Because they can reset everything you have,” said Taylor.
THREE MUST DO’S
Taylor said there are three steps everyone should do to ward off an attack.
1. Use complex passwords that are different for each account.
2. Never click on links in emails and texts unless you verify the source.
3. Set up multifactor authentication, especially for money or health accounts.
That last step, Taylor said, is most important of all. Multifactor authentication deters hackers and stops many cyber attacks by requiring a unique code, sent via text, with every login attempt. So if anyone tries to login to your account from a new device, it will ask for a code sent to your email or phone (however you have it set up).
LATEST CYBER ATTACK PLOYS
Taylor’s colleague, Kyle Offenback, the Chief Technology Officer at Epsilon has endless stories of hacks no one saw coming.
– Malicious Apps:
Offenback told the story of a man whose phone got hijacked by a malicious app in disguise.
“I kid you not the way that happened is an individual thought it was a video game app, he downloaded this video game app, and it asked can I have complete access to your whole drive and you know it’s the first pop up and he just goes yes, yes, yes,” said Offenback.
The bogus app allowed hackers to use his phone for crypto-mining. They got the mined money (from his phone and likely thousands of others) and his phone’s energy and data was drained.
– Social Engineering:
And then there’s a form of social media manipulation akin to social engineering on steroids.
Offenback said hackers have figured out how to gain your trust by creating not just fake social media accounts across platforms, but several different personas who all work together to fool you.
“They used one account to make you mad and the other account to make you think hey I’m on your side, and now you two are friends,” said Offenback.
It’s a method that has lead to cyber attacks like ransomware and catfishing, as the hackers gain valuable information about you and can use that to gain your trust and get you to click on malicious links or send money.
– USB Port Hacks (Juice Jacking)
The FBI also warns about the dangers of using a cable to connect to USB ports at public places like an airport. These not only help you charge your phone but can send and receive data, putting you at risk.
“When you connect your devices to these types of hubs you are essentially connecting to a localized network and any other device that is connected to there can communicate to and from your device and thus can lead to an attack,” said Offenback.
To prevent that, use a block to plug your charging cable directly into a wall socket, instead.
– Bogus Search Engine Results
Jackson’s hack started with bogus search engine results that copied the logo of her bank.
7NEWS reached out to Chime and within hours received this statement:
“We take matters like this very seriously and we are happy to share that we have resolved this incident and have fully credited the member’s account.”
Jackson confirmed the bank returned her missing funds.
In a statement a Chime Spokesperson also told 7NEWS:
“Unfortunately, fake customer service scams have become increasingly common in the financial services industry and are not unique to Chime. Chime routinely monitors for malicious sites, including those that seek to defraud our members, and takes steps to have them promptly taken down. In addition, we have published resources to educate our community on how to identify Fake Customer Support Scams along with other common scam scenarios.” (https://www.chime.com/blog/how-to-avoid-scams-that-target-chime-members/#fake-customer-support-scams)
Jackson also warns, never download an app that gives others control of your phone, and don’t ever assume it can’t happen to you.
“They are more onto you then you are to them, so you really just have to be careful. When it comes to the phone and technology it’s not a game out here, it’s for real,” said Jackson.
