What the Hack?
How to protect yourself from identity theft, creepy messages taking over your computer screen and abject loss of self respect.
Me, I don’t like to click on links, because you never know what’s on the other side. I’m so fearful of getting phished that, when someone sends me a link in an email, I delete the email and then dip my phone in boiling water.
When my kids call, I sometimes challenge them. HOW DO I KNOW IF YOU’RE WHO YOU SAY YOU ARE? A Salvation Army Santa rang his bell at me the other day. Just to be on the safe side I kicked him in the nuts.
What I’m saying is, I’m cautious about threats to my privacy and security. Look up “vigilant” in the dictionary, and you’ll see a picture of me. Photoshopped. With duck lips. But definitely me.
So, naturally, on Thursday when I had some bills to pay, I typed the bank web address directly into my desktop’s URL bar. Truist.com. Then up popped the familiar home page, and with it the log-in button. I clicked on it and was presented with the log-in page, with one element out of the ordinary. The fields for USER NAME and PASSWORD were blank; usually they have the info already filled in, because my browser keeps track of such things.
The explanation was right there, though, in bold, red type beneath the password field:
Your account is temporarily blocked due to fraudulent activity. Please call 1-866-xxx-xxxx.
Damn. This was going to be annoying. I was sure I was going to wind up in endless caller queues with a mess of menu options that never quite address what my problem is — the kind of digital runaround that devolves into me shouting AGENT AGENT AGENT at a computer.
Fortunately, though, the call immediately rang through to a Truist fraud-prevention specialist, who was congenial and reassuring. “Don’t worry, sir. We’ll get this sorted out for you.” Thereupon he asked me a slew of security questions, including my PIN, the name of my favorite pet, full address including zip code, last four digits of my Social Security number and my cell phone number in case the call was dropped and they needed to dial back. He did not ask me to describe my fetishes, and I did not offer to. Just pretty much everything else.
He then explained that someone was using my private information to breach my bank accounts. He suspected that they had gotten into my browser, and were in all probability infecting me with malware. He asked for my permission to snoop through my browser to see what mischief had been done.
Hmm. That didn’t sound kosher. I began asking him questions, such as “Are you really a Truist employee, or by any chance a criminal trying to break into my entire life?” He said, “Well Mr. Garfield, I didn’t call you. You called us.” Fair point. And, so, when he explained how to sign into MyHelp.live and give him access to my computer, I did so. He then told me he was able to unblock my account and I should go to the log-in page to try again. Sure enough, I got immediate access. Then, moments later, he informed me that hackers had breached my account and attempted to make unauthorized Zelle payments to an unknown party. And moments after that, I got a text message informing me of the transaction.
“Mr. Garfield, someone is attempting to make a purchase on Amazon. And also PayPal. Is that you?”
No, it sure the hell isn’t me. My phone buzzed again. Notifications from PayPal and Amazon.
The agent then said he could see I have credit cards with Citi, American Express and Bank of America. He gave me the last four digits from all three cards. “Sir, would you kindly tell me the complete account number for the Citi card?”
Would I what?
“Hold on,” I said, “I can’t find that card. I think it’s upstairs. Let me go find it.”
That was unnecessary. The card was in my hand. But I immediately opened up my browser history and saw that someone had been messing around with my Zelle. That someone was not me. And, genius that I am, by simple process of elimination, I was able to deduce that the culprit was him. My friendly fraud technician was cheerfully defrauding me. It’s not just that he had hacked my computer. It’s that I invited him in and sat patiently while he attempted to drain my assets.
“Hey,” I said. “Tell you what. I’m going to grab a late lunch. But first I’m going to call the FBI.” Then somehow we got disconnected.
What followed has been four consecutive days of picking up the pieces of my finances. This involved notifying credit bureaus not to open any new credit accounts in my name without triple-verifying my identity. It meant canceling all of my credit cards and even my bank accounts. I scrubbed my hard drive of temporary files and ran anti-malware software to look for malicious programs. And I rinsed my motherboard in balsamic vinegar. Now I’m commencing the arduous process of changing 200 passwords for websites and apps of every variety.
My greatest fear is that the crooks located the two plays I’ve recently written and stored in my documents. What if they have unfavorable notes on the dialogue and structure?
***
NOW YOU MAY WONDER about two things:
1) Why would somebody wish to steal my identity? A lot of effort for a dubious commodity; it’s like going to the trouble and risk of breaking into my house and then just stealing my toilet brush.
2) If I’m so scrupulous about not walking blindly into an evil phishing expedition, how did these fuckers pull it off?
Aha. I must call your attention back to the fourth paragraph: I typed the bank web address directly into my desktop’s URL bar. Truist.com. Well, not quite.
It would probably be more accurate to say I typed in Turist.com. Or TRusit.com. Or some misspelling of Truist for which the hackers had purchased the URL — just as, no doubt, they own BnakofAmerica.com, AmericanExperss.com, WallsFrago.com and CtiiBank.com. So that, when a clod like me mistypes, they capture the traffic on a spoof landing page and entice the victim to phone them right in their boiler room, somewhere in Russia, China or Mar-a-Lago. As for “unblocking” my account, it was never blocked to begin with. So when I followed their instructions to log in, this time properly spelling Truist, of course it opened properly — and enabled them to get very busy very fast.
Not to suggest they are finished. In spite of my attempts to sanitize my system, I awoke to find all of my stored photos deleted and my home page taken over by a yellow graphic and the following message:
Contact us for data back up on 805 534 7409.
This suggests the first stage of a ransomware attack. I didn’t call. I’m just going to text them the account number for my IRA. Then I will once again wait patiently for the next shoe to drop on my stupid, fucking head.
That is fucking terrible.
Just happened to my aunt. Sorry you suffered the same fate. Have you made any other changes to your security practices? Password manager? NFT attack dog?