Getting hacked sucks and the last 10 hours have been a nightmare. I knew something was wrong when I received an email from LinkedIn that “You’ve successfully changed your LinkedIn password.” I received the email at 3:33 pm while I was standing in line to get ice cream with my daughter. The change to my account was made using Firefox and Windows 10.
I knew something was wrong since I don’t own a PC running Windows 10. Then the nightmare began. I started to receive text messages, calls and emails asking if I sent an email that read “YOU HAVE A DOCUSIGN REQUEST. KINDLY CLICK HERE TO REVIEW DOCUMENT.”
The email originated from my LARGO Consulting Services Office365 email account, but the signature was from my PalmCentrix email account. Attempting to log in into my Office365 account failed since the password had been changed. I called GoDaddy and discovered that someone had logged into my account, signed up for hosting services, and spoofed my www.yoursecurityadviser.com website using one of my other domain names.
While GoDaddy worked on resolving the problem, I started changing passwords, which by the way I had recently changed to strengthen security on most of my accounts. Additionally, I started reaching out to people letting them know not to click on the link. I responded to the emails I received, text messages, and calls. I even sent out a mass email through MailChimp with the message “Do Not Open Any Docusign Links.”
Getting Hacked Sucks!
I wanted to reach as many people as possible. I posted a message on Facebook and LinkedIn that read “Please Do Not Click On An Email Link To DocuSign!. Not only did the hacker spoof my email they also spoofed a website. Even if you replied to the email asking if I sent it, you received a return email saying yes.”
Once I stopped the bleeding, I started to wonder where I went wrong? I followed most of my advice published in recent blogs, post, and tweets, but still managed to become a victim. Had I taunted fate, by tweeting and posting about the dangers of poor passwords, the importance of Two Factor Authentication, and how not to become a victim of ransomware?
I may never find answers to all of my questions, but I know one thing for sure, Getting Hacked Sucks!
Copyright 2017
About The Author
Bernard D. Gollotti, CPP is an ASIS International Board-Certified Security Professional with the designation of Certified Protection Professional (CPP) with over thirty-five (35) years real-world experience across multiple market verticals and disciplines.
LARGO and their team of strategic partners specializes in physical security, security system integration, assessments, risk mitigation, policy & procedure development, mobile security solutions, emergency preparedness, crisis management, emerging security technologies, and security industry-specific social networking & branding strategies.