"Hey babe," it began.
The friend asked Zed to vote for her in an online modelling competition, which she agreed to do.
But then - disaster. Adding her email address to the competition register had caused a tech meltdown, her friend said. She needed to borrow her email log-in to fix it quickly and restore her votes.
Zed was unsure. The friend begged - her career was at stake, she pleaded. Still in the meeting and powerless to make a call, Zed gave in - a momentary leap of faith.
Except it was not her friend that she was talking to - someone else had got into the account and was pretending to be her.
It's a scamming technique known as spear phishing.
What is spear phishing?
"Phishing uses behavioural psychology to trick victims into trusting the attacker in order to obtain sensitive information," said Paul Bischoff of Comparitech, who also talked to Zed.
"Spear phishing is less prevalent, but far more dangerous. Spear phishing targets an individual or small group of people. The attacker can gather personal information about their target to build a more believable persona."
How do I protect myself?
Besides never sharing the credentials for your online accounts, a good way to stay safe is to enable "two-step authentication". This means that users must enter another code besides their password, received for example by their mobile phone, to log in.
This can usually be set up in the security settings for your account or during the sign-up process. Two-step authentication is offered by Gmail, Hotmail, Apple, Amazon, Yahoo, Facebook and Twitter among others.
Within minutes, Zed watched in horror as she was locked out of one account after another, as well as her Apple iCloud where she stored all her data - including a photo of her passport, bank details, and some explicit pictures. The hacker took control of all her IDs as they were all linked to the email address details she had supplied.
The scammer also activated an extra layer of security, called two-step authentication, meaning that they received all alerts about her accounts and could reset them.
Then a man called. The number had a Pakistan area code.
"He started the call by saying he didn't want any drama, he didn't want me to cry, he wanted me to talk to him like a professional," she said.
He sounded young, perhaps a college student, she thought.
0 comments:
Post a Comment