SECURITY EVANGELIST

Online security seems such an abstract and distant field, where other people get hurt, but you somehow stay safe, either by luck or internet savvy. But the truth is, it could happen to anyone, and it might even have happened to you in the past.

They say that nothing beats learning from experience, but sometimes it’s best to learn from other people’s experience rather than your own. This is one of those opportunities. Here are the real stories of 12 people whose system was compromised by cyber criminals and what they learned.

Backlit keyboard

1. The mom whose laptop was locked down by a ransomware attack

Two days before Thanksgiving, Alina’s mother got hit by a ransomware attack. 5,726 files got locked by CryptoWall, an encryption malware so powerful it is technologically impossible to break open.

Alina’s mom contacted the attacker through the ransomware’s communication feature and told her she can either pay to get her files back or lose them forever. Despite backing up her files 6 months ago, she decided that losing half a year’s worth of photos, documents and other files was too much, and so decided to pay the ransom.

The price to unlock her files was 500$ in the first week and 1000$ in the second one, after which the files would be deleted. Payment was to be done in Bitcoin, an obscure and unfamiliar process which she had to learn on the fly.

Because of a major snowstorm that closed down the banks, Alina’s mom couldn’t pay the ransom in the first week, and ended up having to plead with her attacker to not increase the price to 1,000$. Surprisingly, he accepted and gave her the key to unlock her files.

The story: How my mom got hacked & What I’ve learned after my mom got hacked (and her data held for ransom)

Learn more about ransomware and get protected against this threat: What is Ransomware and 9 Easy Steps to Keep Your System Protected

2. Tom was blackmailed using his hacked account at Ashley Madison

Sometimes it’s not your fault. The websites you use get hacked and your information is exposed. Your instinct will be to say: “but I don’t have anything to hide!” Well, that’s not exactly true, is it?

Tom started using AshleyMadison several years prior to it being hacked in 2015, as a way to cope with a strained and difficult marriage. The secret liaisons he formed on the website helped alleviate many of the tensions and stresses between him and his wife, to the point where the couple started to become functional again.

After the hack, cybercriminals contacted him and demanded 500$ to remove his name from a publicly searchable registry and not send an email of his AM affairs to his family.
Tom refused, believing that if he paid them, they would know that he had something to lose and could be blackmailed further.

In the end, Tom had to live knowing his affairs on AM could be exposed at any time by the hackers, people who took it up upon themselves to impart justice on people in circumstances they couldn’t, or wouldn’t, understand.

The story: In Ashley Madison’s wake, here’s one man’s story of sex, sorrow and extortion

Learn more about how to secure your PC for free: 13 Free PC Security Hacks to Build Your Online Protection

3. How ethical hackers took full control of her system

Sophie is a technology reporter at the Daily Telegraph and as part of an assignment, she accepted to be part of an ethical hacking experiment. Basically, a group of ethical hackers would try to compromise her system without her knowing how, when and where. Sophie only knew that it would happen at some point.

For a whole month, the hackers did an extensive research on Sophie, crawling through her Twitter and Facebook pages, Daily Telegraph articles and even found out her date of birth from a website on family trees.

Almost two months after the experiment began, the hackers launched their attack. They pretended to be whistleblowers in control of sensitive government information and sent her an email with some of the files attached.

The malware infection occurred the moment she opened the file, and the attackers got access to everything, including email address and web cam. And it wasn’t even that difficult to do.

The story: How hackers took over my computer

Learn more about how to protect your email address: The Complete Guide to Email Security

12 True Stories that Will Make You Care About Cyber Security (2)

4. They took control of his car by remote hacking

Andy Greenberg, a senior writer at Wired, once took part in a groundbreaking experiment which tested how car hacking could be done.  What did the experiment involve? His car would be remotely hacked while he was behind the wheel.

As Andy drove on the highway, the hackers started to progressively take control of the car. First they activated the air vents and windshield wipers. Next, the transmission was cut and finally, they remotely activated the breaks. And they did all of these things with Andy behind the wheel.

The experiment uncovered a massive flaw in Jeep’s cars which was later fixed, but given how cars are destined to be even more connected to the Internet than before, such attacks are bound to leave the experimental arena and become reality.

The previous two tales were happy endings, but keep reading for more cybercrime examples.

The story: Hackers Remotely Kill a Jeep on the Highway—With Me in It

Learn more about how software is making you vulnerable and what you can do about it: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks

12 True Stories that Will Make You Care About Cyber Security (4)

5. The desperate cry for help

What’s the first thing people do when they get hit by a malware attack?
They panic and ask for help in a dedicated forum: “My PC is infected. Please, can anyone help me?

For this user however, it was too little, too late. For 2 years he worked on his academic papers, and then they got encrypted by ransomware. The timing was awful as well: it happened right before they were due. Antivirus didn’t help and he had no backup.

We don’t know what happened next, or if he paid the ransom to unlock his files. What we do know is that ransomware attacks are much more frequent that you can imagine.

The story: My PC got hacked by troldesh ransomware. please is there anyone who can help.

Learn how to safely back up your data: How to backup your computer – the best advice in one place

6. His WoW account got hacked. Twice

Heavy gamers are favorite targets for cyber criminals, since they don’t want to lose the time and money invested in a character and are willing to pay the ransom.

As a result of a potential phishing attempt, this guy had his WoW account hacked and all his progress lost. And it happened to him not once, but twice! To add insult to injury, the hacker created a new character named “Thanx” as a sign of appreciation for his “efforts” as a victim.
Fortunately for him, Blizzard customer service was responsive and recovered his account and all the progress it had on it.

The story: So my WoW account got hacked… twice.

Learn more about how you can enjoy your passion for gaming the safe way: Gamers, Time to Take Your Cyber Security to the Next Level

7. Your data has been breached (and not by any fault of yours)

The Office of Personnel Management, OPM for short, can be considered the US Government’s HR Department. Among other things, it keeps records of employee personal information, such as height, weight, hair and eye color.

In 2014, the OPM got hacked, and the information of 22 million government employees leaked, most likely in the hands of a foreign government.

Jonathan was a collateral victim of the OPM data breach. The government was tasked with keeping his information safe, but instead it is now most likely in the hands of a foreign power, and it can use it whichever way it sees fit.

How did the government respond to the leakage of Jonathan’s information? An email that stated how important it was for the OPM to protect itself against online threats.

The story: OPM got hacked and all I got was this stupid e-mail

Learn how to stay safe from identity theft attempts: How to Prevent Identity Theft in 20 Essential Steps

12 True Stories that Will Make You Care About Cyber Security (3)

8. There are a lot of catfish stories such as this one

Some people hack you not with malware or suspicious links, but by gaining your trust and love.

This journalist’s mother started using the online dating site Match.com, and eventually formed a connection with a soldier on active duty in Afghanistan. After a while, the soldier asked for a 30,000$ loan to help him clear a sizeable inheritance of gold and jewelry from US customs.

By now, the journalist and her brother intervened, suspecting the soldier was catfishing  their mother, meaning he pretended to be someone else in order to extract financial gains.

They confronted the man with their suspicions and other evidence they had accumulated over time. Their suspicions were confirmed when the supposed soldier revealed he was a man from Ghana trying to support his sisters, and scamming people online was the best way he knew how to do that.

The story: My mom fell for a scam artist on Match.com—and lived to tell the tale

Learn about the top scams cyber criminals use and how to stay safe from them: Top 11 Scams Used by Online Criminals to Trick You

9. Just one of many phishing examples, but this happened to a seasoned Internet user

Amanda is more than your regular Internet user. She works for a big review website and has read plenty of cautionary stories about cyber security incidents. She knows and follows some basic steps that can shield her from cyber attacks, but she still fell for one of the most common scams out there: a phishing email.

After clicking a rogue link in a phishing email, cyber criminals managed to get hold of her account details. They called her bank and managed to extract £240 before her card was frozen. A nasty experience, especially since Amanda knew something was wrong the second she clicked the link, but by then it was just too late.

The story: Anyone can fall foul of a scam – and I’m proof of that

Learn how to protect your online bank account: 15 Steps to Maximize your Financial Data Protection

10. Faith in humanity – is it justified?

In 2007, Justin was at a difficult point in his life. Unemployed, with a weak skill set and verging on alcoholism, Justin decided to turn his life around by moving to Italy.

Determined to find a cheap flight, Justin searched for sellers of frequent flyer miles. He found two sellers, and talked to them over the phone, one of them even sent him a photo of his driver’s license. In a twisted sequence of events, both of them scammed him for a total sum of 1350$.

Sounds unlikely? Think again. Justin tried to find a cheap shortcut and get that ‘too good to be true’ deal and became blind to any potential scammers. Plus, the phone conversations and photos helped dispel any suspicions he might have.

This is how most scamming attempts succeed, by preying on people who in that given moment have sufficient intent to go shut down their suspicious brain.

The story: How I Lost $1,350 by Falling for the Same Internet Scam Twice in One Week

Learn more about how scams work and what you can do to stay safe: Social Scams – The Full Breakdown and Protection Plan

11. Who would want to be you and why?

One day, Laura received a call from her credit card company, saying someone else had tried to obtain a credit card using her name, address and social security number.

Before telling the police, Laura decided to assess the damage and look over her credit card reports.

The impersonator had gotten so deep into the system, she managed to override Laura’s answers to the security questions. Eventually, she guessed the answers and saw the extent of the damage.

The impersonator had created more than 50 accounts in Laura’s name, and got credit for utilities such as heat, cable, electricity and even a newspaper subscription. What’s more, the companies went after Laura in order to get their money back.

After notifying the police and tracking down the impersonator, Laura got a court order and managed to fix a lot of the damage, but only after a lot of sweat and stress. While her case was a fortunate one, few people share her luck and this story should act as a reminder to always safeguard your personal information.

The story: ‘Someone had taken over my life’

While scary, it is possible to protect yourself against similar threats. Here are 20 security steps you should take to prevent identity theft.

12 True Stories that Will Make You Care About Cyber Security (5)

12. When the workplace gets hit

In late 2014, one of the biggest and most expensive hacks ever recorded took place at Sony and one employee reveals the inside situation.

It took around a week for people who worked at Sony to get a grasp of the seriousness of the situation. Sony refused to inform them about the extent of the damage, so instead they had to rely on news sources to get updated.

The next week after the attack, Sony employees found themselves thrown into the pre-PC age. Half of the companies 6800 computers and servers were rendered dead and had ALL of their information stolen and deleted.

As a result, employees had to rewrite every single deleted file by hand. Paper became the main form of communication, used in written memos and to-do-lists, even their salaries were paid using hand-written checks.

The damage didn’t stop there. The hackers got a hold of employee personal information. The source of the article had to change all her credit card passwords, Facebook, Amazon and eBay accounts, almost 30 accounts in total.

The story: I work at Sony Pictures. This is what it was like after we got hacked.

Because of their wealth and big databases, companies are frequent targets for hackers. Here is a list of 10 critical corporate cybersecurity risks

13. This mother fell victim to a virtual kidnapping scam

Wendy answered a telephone called from an unknown number. On the other end she heard a voice similar to her 23-year-old daughter’s crying and begging for help.

“We have your daughter.”

In the next 5 torturous hours, Wendy drove all across Northern Virginia to multiple offices and stores and each time wired the kidnapper almost 2,000$.

Wendy had almost paid the full sum of 10,000$ dollars, but then she received a text from her daughter. Puzzled, she kept the kidnapper occupied long enough to get two more texts from her, confirming she was safe, after that she closed the phone and never heard from the supposed kidnapper ever again, but by then she had already paid 9,100 dollars.

This scam is called virtual kidnapping, and is recently on a resurgence. Why they targeted Wendy is unclear. They might have researched her or they might have just called random numbers until one of the victims bit, and this time it was her.

Virtual kidnappers almost always operate in the same way: they call the victim and try to keep them busy enough to not call the police or get in contact with another person, all while threatening to kill the supposed kidnap victim.

In Wendy’s case for instance, kidnappers told her to put the phone on speaker so they could hear everything she was doing and be sure she didn’t try to talk with anyone else.

The story: ‘We have your daughter’

Here’s another look at how virtual kidnappers operate.

taken-photo-12-stories

14. This experimenter casually does a public Wi-Fi hack

Maurits Martijn, a Dutch journalist at De Correspondent, entered a busy Amsterdam café with Wouter Slotboom, an ethical hacker.

Within a few minutes, Slotboom had set up his gear, consisting of a laptop and a small black device and connected to the coffeehouses Wi-Fi. Soon enough, his laptop started to display what other people in the café were doing on their devices: what games they were playing, what apps they had installed, Google searches, password and email accounts and more.

According to Slotboom, it wasn’t even that difficult. All you needed was around $80-90 worth of software and equipment, an average intelligence and that was it, a few minutes was all it took to get a hold of a few dozen users personal information.

Slotboom’s small, black device could fool a phone into connecting to his own Wi-Fi network, giving him control over the entire traffic coming and going from a device.

If Slotboom wanted to, he could wait until one user wrote in his email address and password and then take it over, and with it, most of the services registered on that email.

While you don’t need to be paranoid every time you connect to a public Wi-Fi, it’s best if you know the risks of doing so. Here are some of the steps you can take to make sure you can stay safe when using public hotspots.

The story: Don’t use public Wi-Fi when reading this article.

There are ways you can stay safe on public hotspots: 11 Security Steps to Stay Safe on public Wi-Fi networks

15. When customer support falls prey to a social engineering hack

What happens when costumer support gives away your information? This Amazon user’s tale is an insightful one.

An impersonator once found out some of Eric’s fake information he used to register a website by looking into a public WHOIS registry for website owners.

The impersonator then used Eric’s fake information in a conversation with an Amazon customer support representative and found out his real address and phone number. Using Eric’s real information, the impersonator got in touch with various services and even managed to issue a new credit card on Eric’s name.

Eric got wind of his impersonator’s efforts by reading the customer support transcripts, and also found out his real purpose: to get the last 4 digits of his credit card.

Amazon didn’t do anything to protect Eric’s account, even though he repeatedly signaled the problem, so he finally decides to switch from Amazon to Google. As a parting note, he gets an email from Amazon implying they have provided the impersonator with the last 4 digits of his credit card.

This story about this guy’s tumultuous experience with Amazon will make you think twice about storing confidential information in your online accounts. The fact that Amazon failed to protect his account and look into the matter shows how a lack of cyber security education can endanger users.

The story: Amazon’s customer service backdoor

Here’s a guide on How to protect yourself against social engineering attacks

Conclusion

These stories may help you realize that not protecting your information and relying on other Internet users to be nice and play fair is not a viable strategy.

Cyber criminals don’t care about the consequences of their attacks. They only want to reach their purpose, and sometimes that purpose may have nothing to do with you. You could just be a collateral victim, but the aftermath would be all too real for you.

Just as you’d never drive your car without travel insurance or leave your bag unattended on the street, try not to leave your accounts exposed to cyber attacks by using easily breakable passwords or by not installing the latest software updates on your laptop.

Besides compromising your own data, cyber criminals can go on to scam your friends and family, host compromising files on your computer and dig a big hole in your account. They hacked Mark Zuckerberg’s Facebook account, so what makes you think that yours is safe?

Never before has the world been so deeply interconnected and this is the first time in human history when we have to deal with these problems. What we can do is learn about them, educate ourselves and take the right steps to protect our life as we know it.


indentity-data-online
2016.04.12 QUICK READ

True Story: What I Found Out About a Person After Having Accidentally Found Their Travel Card

About the Time I Got Hacked
2016.02.10 INTERMEDIATE READ

True Story: About the Time I Got Hacked and Lost All My Work

My Account Was Hacked
2016.01.07 INTERMEDIATE READ

My Account Was Hacked – Here’s How to Control the Damages

Comments

Hey Paul,
Informative article, reading through the article I’ve lost myself into past stories of zero day vulnerability attacks & north korean cyber attack on sony. would love to read more on these incidents descriptively in your blog.

I have been hacked by an old boyfriend for 7 years. On a daily basis he ruins my life. is their any legal help out their to prosecute someone? police do nothing.

This is a very good article and would have been ever so much more usefull before hacking actually became a threat to EVERY SiNGLE person on the planet. One day, i dont know, whenever I had my first real smartphone stolen or lost I guess. Like an iPhone 3g or a Motorolla Razor back then, combined with the loss of a social security card, a couple licenses, AAA, bank cards etc….have I gradually become more and more awhere of fraudulent cr@p regarding every aspect of my life to the point I swear people think ive lost my sanity. From false electric bills, to CC’s, not to mention the hell that has become fraudulent phone bills in hardware, upgrades, accts. Really I have no idea at all just how far it reaches at this point. Is it unmodest of me to say that my whole complete tall tale to this day should be up in that top 12 list? In my eyes this IS the end of the world. Information being hacked by individuals, god willing yours or anyone elses with ZERO morals falls into the wrong hands could perform some of the most malicious of anythings. I guess it comes down to whose “code” is better. Kind of like an anonymous shouting contest or chess game. “My ‘d@>k’ is bigger than yours.” They didn’t teach us any coding BS or how in the hell to read it when i was in highschool. But it should come footnoted by whoever is lurking in your server, their address, etc…so you can go to their house and introduce yourself. Oneday not too long ago this cyber security ‘deal’ became extremely serious and god forbid as damaging as it has been on myself and my family. Rule #1 – Never lose ANYTHING!!!!!! Rule #2 – ANYTHING At ALL. Especially a smartphone and make sure anytime you connect to the internet via wifi at your home that it is secure with a dome of protection. I’ll kill it with that last fact is so important or you may one day ramage your neighbrhood knocking on every single persons home within a 3 mile radius and demand to know who provides their internet service. And on that very same day you may end up going to a mental ward and then getting arrested because you can’t read the code or prove a damn thing. I could write a book.

Very comprehensive. Worth the time to study. Great guides.

Thank you so much Robert! Your feedback made our day!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
167 queries in 2.441 seconds