Spooked by the title? I was equally shocked after hearing about the incident that happened to one of my friends in the US.
It has been a long time since we last spoke, so we connected over a WhatApp call. Post sharing the usual pleasantries, out of curiosity and concern, I asked him why he isn’t active in social media these days. I was expecting his answer to be a hectic work schedule or some personal problems. But, to my surprise, he replied that his accounts got hacked. Eventually, when he had to decide between saving his financial accounts or social media accounts, he had to let go of social media accounts. If someone techie as my friend could get hacked easily, the case of the rest sounds really scary to me. Digging a little deeper, this is how my friend got hacked exactly.
- My friend entered his mobile number on the day of flight information while checking in for an American Airlines flight scheduled for the next day.
- Data breach at AA systems
- A few hours later, my friend received a notification from his mobile service provider that his number was activated in yet another device. Yes, you read it right. The telecom operator provides a feature that enables customers to use the same mobile number across multiple devices.
- Realizing something fishy, he immediately reached his mobile operator to report the issue and block the new device.
- Within the next 10 mins, he received two One Time Passwords (OTP) one for his personal Gmail account and the other for the Cash App (payments/fund transfer app)
- After getting access to his Gmail, the hacker not only changed the password but also the mobile number used for 2-factor authentication.
- Using the e-mail, the hacker also got access to all of my friend’s social media accounts and started posting abusive content.
- In the meantime, the hacker also transferred $100 out of my friend’s account via the Cash app.
- Not just that, the hacker ordered a cheesecake via a food delivery app using my friend’s credit card (Too much I say).
- The worst part was, the hacker even tried to apply for a loan using my friend’s Social Security Number.
Somehow my friend was able to recover his financial losses as the bank refunded the unauthorized transactions. But he lost his e-mail, social media accounts and definitely his peace of mind. If this could happen to my well-educated techie friend, all I can wonder is the case of the people who have just started using these digital channels. Especially the elders who aren’t much exposed to technology and not much aware of its risks. If you think this issue only concerns the people in the US, you are wrong. India is no exception in this as many similar sim-swap frauds have been reported in recent times. Probably, the following precautions might save you from becoming a victim to these hacks.
- This one is the most basic of all. Never ever share your passwords, pin numbers, and OTPs
- Don’t blindly believe in the messages that you receive via WhatsApp, E-Mail, and SMS. Especially the Nigerian prince who wants to share his wealth.
- Kindly reinforce the above message to your parents & grandparents as the majority of the victims fall under the same age group.
- Both your e-mail and mobile number are sensitive information. Share it one and only when it’s absolutely necessary.
- Better to have 2 sets of e-mail and mobile number. Use one solely for highly critical usages such as banking & payments related apps. Dedicate the other for less trivial usage such as website and event registrations.
- Have a habit of periodically review the following in the security settings of your e-mail and social media accounts.
- The devices you are logged in from – Remove the inactive devices from the list
- 3rd party access to your accounts – Avoid this as you don’t have any control over how 3rd party use your data
- Make a list of what you would lose if you completely lose access to your primary e-mail account. In the case of highly critical items in the list, either make a backup or add an additional recovery mechanism.
- Keep your mobile devices & financial apps updated to protect you from new security threats.
As they say, precaution is better than cure.