Rather listen? Simply hit the play button and listen to the article in full
- Watch out for Hackers 00:00
David Owen, our tech savvy London Regional Rep, offers some advice
Relaxing one Sunday, one of our smartphones pinged thrice. Puzzled, I picked it up. The messages started to reveal a wide attack on accounts with financial, retail and subscription services.
Four intense days of telephone calls followed. It then took more than two months to resolve follow-up attacks and re-establish near normal activity.
So how did the hack succeed? Most services require password reset processes, but if you use an email or phone number that’s publicly available, you have a potential weak spot. Hackers use this public information to attack those service providers, which may have lower security than a bank.
If they succeed in compromising the account, they can glean further data, as well as using the account to reset passwords on higher security services.
Gaining access to Microsoft and Google accounts, which can synchronise with many devices and the cloud, can be particularly useful to hackers.
Don’t be unnerved
Try to stay calm in this stressful situation. Hackers exploit panic. In many cases, the bank is obliged by the Financial Conduct Authority to reimburse losses. It is unlikely the hacker will ever appear in person. Promptly contact the organisations messaging you using the genuine phone number that you will have on your card or records. Never rely on any number in the message. Hackers generate false alerts with fake contacts to trick you.
Hackers spoof banks’ contact numbers. So look at the message: if it requests personal or security details, it is the hacker not your bank.
Accounts that the hacker appears to have missed? Alert the relevant organisations to protect accounts in advance of a possible future attack. Unexpected authorisation or mobile PAC codes received? Do not reveal them to anybody but alert the provider on their genuine number. Consider joining Cifas, a not-for-profit membership organisation that works to eliminate fraud and financial crime (£30 for a two-year registration). More than 750 UK lenders use Cifas to see if additional checks are needed before credit approval. Hackers hate Cifas.
Compromised email?
Check settings with provider before resetting your password. Remember, some email accounts will not prevent simultaneous multiple log-ins. If your devices have been disabled, or they work but may still be insecure, give BC Technologies a call in office hours, stating that you are calling from the CSPA (see Helpdesk, page 41). They may be able to establish whether you need a simple tweak or the support of your local IT specialist. And when possible, warn your personal contacts to be alert.In England, Wales and Northern Ireland, get in touch with Report Fraud – https://www.reportfraud.police.uk/ – if you have a clear understanding of what has happened. If not, get clarification first. In Scotland, call 101.
Look out for communications from lenders or retailers that have dealt with the hackers and promptly respond where appropriate.
Reduce your exposure
Avoid using your public numbers or emails as account recovery contacts. Avoid using your name in a recovery email address. See my introduction! Never disable two-factor authorisation on account log-ins, even on your own home devices. Leave any ‘trust this device’ box unticked.
Avoid saving card details to website accounts unless mandated. Retailers love saved cards because you buy more. No saved card makes it less useful to hackers. Paying online? Use credit cards rather than debit cards whenever possible, and avoid using Faster Payments, particularly to a new and unknown party.
Use the default robotic voice on your voicemail. A personalised message could be copied, AI-processed and used to fool voice ID.
Smartphones use wifi Bluetooth and near-field communication in addition to a mobile signal. Multiple apps enable data transfer. We rarely use some functions. Consider turning unused items off. Finally, be aware of the potential security implications of passkeys, which bypass traditional passwords on an increasing number of websites, and AI assistants, which may require access to all areas of your device.
Rather listen? Simply hit the play button and listen to the article in full
- Watch out for Hackers 00:00
