Wednesday 19 June 2019

Beware the criminals who use everyday technology to get you

Hackers are able to use keylogging programmes to find out a user's password
Hackers are able to use keylogging programmes to find out a user's password
Martina Devlin

Martina Devlin

My email account was hacked last week, with fake emails sent to hordes of people I've dealt with online claiming I left my handbag in a taxi and was penniless in Cyprus. I've never been to the island. Phone calls from concerned relatives and friends quickly alerted me to the scam - but the hackers had hijacked my account and I was shut out of it.

Unable to warn email contacts, I started texting everyone I could think of who might have been hoodwinked by this phony cry for help.

But I felt like King Canute attempting to reverse the tide: the begging letters were pouring out inexorably from my Gmail address.

Meanwhile, I was also trying to contact Google to regain control of the account. Easier said than done - though the internet giant does take hacking seriously. You can't ring a call centre, you have to contact Google via an online form. But I hunted high and low for the correct one.

Finally, I was told to expect an authentication code sent to my mobile phone to get me back into the account so that I could stop the hackers using my name. But the code didn't surface. I contacted Google again. Same reply.

However, what I didn't know was that the hackers had changed the record with regard to my phone number so the verification code couldn't reach me.

Meanwhile, the clock was ticking and those hard-luck tales were still pumping out. The scam was couched in perfect English, right down to apostrophes in the right place, and anyone who responded - as some did - was urged to send money via Western Union or MoneyGram to 29 Karaiskakis Street in Limassol. A transfer of €900 was urged and the hacker masquerading as me promised rapid repayment. Apparently, I needed the money to settle my bills for a new temporary passport and other essentials before I could return home.

To the best of my knowledge, the people who reacted to that first sob story didn't bite at the second email.

But the hackers were persistent. Anyone who replied received a follow-up message after a few hours asking if they'd had any luck making the cash transfer.

Since being targeted, I've researched hacking and this is what shocks me most about it: not its existence, but that hacking software can be downloaded free from the Internet.

Apparently, hackers employ a keylogger programme which registers the key strokes used on a computer. From that, they can tell which key strokes are pressed most often - and guess our passwords. Versions of these programmes are readily available online, or there are others (perhaps more sophisticated) for sale.

Once you've been hacked, expect your friends to be preyed on, too. Someone is 36 times more likely to be hacked in those circumstances. Sorry.

I thought I was relatively secure on Gmail, as do others - that's why it has an estimated half a billion users worldwide. The only way it can be hacked is if a password is stolen. But that's exactly what happened to me.

Hacking is a criminal offence, but tracing hackers is far from easy. They steal our accounts in less than a day. Once they have the log-in, the average criminal hacker seizes it within seven hours. Some can do it in just half an hour.

I contacted the Cyprus police, pointing out that their country was suffering reputational damage and they might make a few inquiries around the street address I had in Limassol.

To date, I've heard nothing back. In fact, the hackers are probably using Limassol as a staging post, since most hackers are concentrated in China, Ivory Coast, Malaysia, Nigeria and South Africa.

As for Google, it isn't particularly helpful to those who've been hacked because we're users, not customers - we don't pay for the service.

That's why the level of support is low.

However, users are a lucrative revenue stream for Google, which sells advertising - it's impossible to sign on without being bombarded with blandishments.

Often, such ads are tailored individually for users. Oh yes, Big Google Is Watching.

The main source of headache for me sprang from my struggle to warn Google about the account being commandeered.

No call centres - all interaction is online. But after labouring to find the right form, and with no authentication code forwarded to my phone, I was increasingly fearful that someone might be duped.

In desperation, I made contact with a Dublin PR firm handling the Google account and they kindly lent a hand. Most people don't have this luxury, though.

Eventually, a red stripe appeared above the rogue email advising: "Be careful with this message. Similar messages have been used to steal people's personal information."

But it was possibly eight hours after the account had been usurped before that warning was flagged. A lot can happen in eight hours.

So what can we do to protect ourselves? Sign up for account alerts so that if someone tries to change your password you'll get a text messages.

Change your password regularly. Don't use the same password across multiple platforms or accounts eg email, Facebook, Twitter, LinkedIn and so on.

Now that I've read up on the issue I can see I should have taken more steps to protect myself from hackers.

So this is a cautionary tale. Technology is a bonus - but when criminals turn technology against us it is a traumatic experience. Stop reading right now, and change your password.

Irish Independent

Today's news headlines, directly to your inbox every morning.

Don't Miss