A good example of why you should be vigilant with your on-line security and in particular ensure you have strong passwords.

This actually happened to me yesterday morning, I was busy working and I get the following message pop up in Facebook Messenger:

“Morning, by any chance do you happen to have a Paypal account and can do me a quick favour? Hope you’re well”

This is a very good friend of ours and I quickly reply:

“Hi Sarah, yes I do!”

“I sold some things online and my account is currently down. Can you receive a payment, withdraw it and then bank transfer to me? Only need your PayPal email x”

 At this point I still think this is Sarah, so without thinking I reply with my email address and get:

“Just gave the buyer your email should be with you shortly”

I have started to think about it a bit more now and have become slightly suspicious, so I try and get some information back:

“OK I will check later, send me your bank details to that email address”

“what’s your mobile number? I’ll WhatsApp you off my PC, phone has water damage so lost most contacts x” 

Now I am getting a lot more suspicious, so I reply to ‘Sarah’ and I try and get a bit of a personal conversation going without giving my mobile number:

“Hope you are both well too, Ali is doing a lot of travelling over the next 6 weeks but should try and get together after that! Just send it to the email I sent over”

“Ok thanks I’ll message you once they’ve sent it if you can stay near”

The real Sarah would have replied with a lot more of a personal response!

I never heard any more, eventually later in the day I managed to catch up with Sarah who confirmed she had been hacked. I haven’t found out details yet, but I suspect it was a brute force on a weak password.

Lessons learned

So, the first lesson here is to make sure you always use secure passwords and different passwords for different accounts. Here is some good advice on strong passwords:

https://www.cyberaware.gov.uk/passwords

Secondly, be vigilant and wary when someone online starts asking you for personal information, it is easy to be trusting as you assume it is the person you know. I wasn’t really fully concentrating on this conversation and I had already given my email address. They were trying to get my mobile number too, no doubt try and access my PayPal account.

As a precaution I have changed my PayPal password and blocked Sarah’s FaceBook account until she has resolved the issue.

Categories: Security & Compliance

Leave a Reply

Your email address will not be published. Required fields are marked *

© Copyright 2019 Engage IT Services Ltd