Phishing can happen to anyone
Many of us today know what phishing is but, we many at times don’t give it much attention. Somehow, we always live under the impression that, it can’t happen to us because, we are well aware or well informed.
Well, if this was the case, we wouldn’t have seen many scammers trying us out on various schemes.Recently, I have a friend that was phished to the point that, it’s okay for me to say his device was owned by this scammer. I felt sorry for him but, their was little that can be done to help this fellow. Once you give this guys a way in, they do all they can to get you out and take over completely. All chances of recovery would prove abortive. How did this happen?
So this friend of mine wanted to download the cracked version of an app to escape having to pay for subscriptions and use the app freely. After visiting the site to do the download and installation, he went ahead to launch the app, set permission to allow app to make changes to his device and that’s where it all went sideways. The device went blank completely, all efforts to restart the device wasn’t function. This happened in the evening and so, my friend didn’t have much choice than to wait it out till morning with hopes that, it was a normal device malfunction but then, this provided the hacker the time needed to take signature over certain financial related authorizations.
What did this hacker do?The hacker actually installed a malware through the cracked version app to allow a one way mirror cast of his device.
How were they able to archive this, I hope the hacker or a hacker here can share that insight.This is how the hacker got hold of vital informations and details to reset this users informations completely.
Email address was swapped to a new one and even deleted a recovery email to update it with theirs.
Phone number was swapped (this user used one of those apps that generates phone numbers so, he didn’t really have the details of the number and the hacker still went ahead to get it off to update a new number).
Hacker proceeded to his KYC verified exchange and changed his login details while, KYC remained in place. Looked out for one of these online fintech institutions that required little to no details to open to create an account using my friends name.
Updated it on the exchange as payment media so flags wouldn’t be raised due to same name and then, proceeded to withdraw $1000.
All these was without the knowledge of my friend and he only got notifications of these changes the next day after his device finally came up. All efforts to rectify what has been done proves abortive.
He was advised to email Gmail on account reset but for that to be done, you need to mail Gmail from your original mail address of which, the hacker already changed and updated his details so that couldn’t work. Phone number was also changed and that’s how that option was off the table.
Next, he had to contact support of the exchange, using his KYC documents as a means to verify identity and request for freezing of KYC linked account after stating his case. That’s where he got some success.
Even then, vital credentials, funds and identity informations saved on the device has already been stolen.
What was done wrong?Using phone number generated by apps in financial procedure registrations.
Downloading applications from an unknown source.
Downloading unknown applications to a device you work with.
Lessons to be learnt:Avoid downloading applications from an unknown source.
Do not download unverified applications on the same device you work with.
Use details that are completely within your authorization in financial registrations.
When you are not ready to pay subscription charges for an app, it’s best to leave it alone than looking for cracked alternatives.
SummaryLet’s take security of our devices seriously as, the cost might end up being more expensive than the small fee we avoid to pay. When it comes to decentralized finance and having our funds on the web, security and self awareness is all we’ve got to it’s safety.
