Last week was not only interesting, but probably one of the worst weeks of my life.
My computer was on at my desk while I was eating lunch and watching the news on TV. Suddenly, out of the corner of my eye, I noticed that the cursor on my computer began moving around the computer screen, despite the fact that I was nowhere near the keyboard. I immediately knew that somehow, I had been hacked, not initially knowing how sophisticated this hacker was. Lesson one: should you experience anything like this, immediately shut your computer off, which is what I did.
I am writing this blog for others to benefit from what I experienced and learned from the hack.
Importantly, I am not one to fall for foolish phishing schemes which often result in a hack. Prior to the hack, I did not click on any of these phishing links or the like. Within minutes of shutting my computer off, I received a phone call from Amazon informing me that my Amazon account had been “compromised.” They also let me know that the Hacker had pretended to purchase an item on Amazon using a Pay account, which somehow allowed them to access my PayPal account and funds, stealing all of the money I had in that account. Shocked and worried about my other financial accounts, I turned my computer back on and logged on to my Citibank account, only to discover that it had also been hacked with funds illegally stolen from it as well, thankfully only $400. Lesson two: these hackers begin small and then later attempt larger transfer thefts.
I spent the next two hours allowing Amazon.com to view my computer screen and files via Team Viewer. I watched them succeed in removing hundreds of Malware files from my hard drive, most of which they told me had Eastern European and/or Russian origins. Thinking that Amazon had successfully sanitized my computer of the Hacker Malware, I began changing the passwords to all of my other financial accounts. Once finished changing the passwords, I resumed eating my lunch.
Several minutes later, I again noticed movement out of the corner of my eye. Sure enough, the cursor began moving around the computer screen again!!! Lesson three: once hacked, turn your computer off and leave it off, since the hackers’ nefarious capabilities are disabled if and when the computer is off. Initially puzzled as to how the Hacker could know my new passwords, I then realized that the Hacker had downloaded other Malware, enabling them to track my keyboard strokes and thereby use and see my new passwords! That tells you just how “sophisticated” the hackers can be. Lesson three (again): once hacked, turn your computer off and leave it off!
Lesson four: once hacked, go to a different computer and change your passwords there.
The good news is that I have always used different passwords for each and every one of my accounts; many people don’t and this puts them at great risk. Lesson five: Make sure all of your passwords are different for each and every one of your accounts.
I did and then called my bank again and they put a stop/hold on all three of my accounts, thereby preventing further theft by the Hacker. Lesson six: call your banker and other financial advisors immediately to initiate stop/holds on your accounts.
In retrospect, the damage I experienced could have been far worse. I thank God that I was near my computer to see the Hacker moving my cursor around. Lesson seven: Make it a habit never to leave your computer on when you are not using it; you never know if you have been hacked and are at risk of getting robbed online. In fact, the following day I was told that the Hacker tried to transfer over $9,500 from my savings account, but was not able to because of the aforementioned stop/hold put on my account.
Citibank also instructed me that I was not fully protected until I shut all three of my physical Citibank accounts down and opened new accounts. Unfortunately, I arrived at the branch just as they were closing and locked the door. Knowing that it was of critical importance, I waved my arms toward the Branch Manager and explained that my Citibank accounts had been hacked, and shockingly he retorted “We are closed. You will have to come back tomorrow, but I’ll warn you, we have back-to-back meetings all morning.” For real? Citibank had allowed unfettered and unprotected access to my account and did not that constitute making me a priority? Lesson eight: Leverage the strongest relationships at your bank. Upon being shooed away by the Branch Manager here in Florida, I called my great banker Jim in Illinois and asked him to illuminate the less-than-smart Florida Branch Manager that I should be THE priority account, since the alternative could be a legitimate lawsuit I could file against Citibank. Jim’s efforts paid off handsomely, as I was literally showered with attention by a wonderful banker at the Florida branch named Melanie. She was extremely patient and helpful during the two-and-half hours it took to physically close the old accounts and open the new ones.
Lesson nine: Notify your Information Technology (IT) Consultant and ask them to help run Anti-Malware programs to remove any Malware from your computer.
Lesson ten: do NOT assume that running multiple Anti-Malware programs will remove any and all Malware from your hard drive, since some of the most “sophisticated” Malware programs are specifically designed NOT to be detected by Anti-Malware programs. I was told this firsthand by my great new banker Melanie and she strongly suggested that I bring my computer to the nearest Best Buy so they could clean or “sanitize” my computer of all the remaining Malware. I am very glad I did as Best Buy was able to identify and remove all of the remaining Malware.
Lesson eleven: Call the Police and give them as much information about the hack as possible, including the name of the Hacker’s software program. My Hacker used a program called Coinbase, so if you ever receive anything from an outfit (pun intended) named Coinbase, delete or remove it immediately.
Lesson twelve: Ask for a refund. Paypal was wonderful and immediately refunded the funds stolen from my account. Citibank is working on refunding the funds stolen from my accounts. My IT Consultant Mark was also wonderful about refunding ½ of the funds I paid him since the Anti-Malware programs did not successfully remove the most diabolical Malware from my computer.
Lesson thirteen: Save these instructions for future use in case you, your friends, or loved ones are ever hacked. Better yet: proactively send this helpful blog to your friends, family, and loved ones, so they have it on hand and at the ready should they ever be hacked!