Ransomware incidents. DDoS attacks. Zero-day exploits. State-sponsored hackers and cybercriminals often utilize similar tactics to achieve their malicious objectives. Even though hackers are always searching for the newest tactics and the next vulnerability, some basic hacking techniques continue to be used today. One of these techniques, commonly utilized by state-sponsored hackers and cybercriminals, is phishing.
For those who don’t know, phishing is when hackers send malicious emails, text messages, or links, disguised as legitimate ones, to trick people into providing their personal information or downloading malware (if you want a quick rundown on phishing, click HERE). Most of us have found ourselves targeted by a phishing campaign at one point or another. While there are plenty of laughable phishing examples, this post is a reminder that some phishing campaigns can trick even the savviest of digital citizens.
To highlight the damaging impact of this deceptive hacking technique, we spoke with an individual who experienced a phishing scam firsthand. We also hope this real-life look into phishing will underline the importance of practicing online safety, such as not clicking on suspicious links from questionable sources/unknown individuals and implementing multi-factor authentication on all apps.
The interviewee will remain anonymous to protect his identity.
(Edited for brevity and clarity)
DPN: Tell us about yourself.
JL: I’m a communications and marketing professional based in the Mid-Atlantic region of the US. I’m 33 years old.
Why did you get involved with cryptocurrency? What does it mean to you?
I jumped into crypto to diversify my financial portfolio. As with any investment, there is risk. The first time I bought cryptocurrency was in 2017. Since then, I’ve made incremental investments into cryptocurrencies, primarily Bitcoin and LTC.
I believe that cryptocurrency is incredibly promising. In 2021 President Nayib Bukele of El Salvador proposed incorporating Bitcoin as legal tender. In addition, other forms of digital currency are being used, traded, and sold online at a higher frequency. I’ve seen Bitcoin ATMs in businesses demonstrating the currency is becoming more accepted across the U.S and internationally. The biggest differentiator is that the cryptocurrency market is open worldwide, 24/7.
Can you tell us about the incident?
In this phishing incident, I was approached online via Instagram. A scam artist posing as my friend asked me about my interest in Bitcoin. The scammer mentioned an investment opportunity, and since he knew I invested in Bitcoin, he wanted to give me data about it. He had a surprising amount of information about me, like my university name, names of friends from undergrad, and references to past social engagements, allowing him to take my guard down and gain my trust.
In your view, how was the scam artist able to breach your account? What was the result?
He sent me a link via my Instagram DM. Once I clicked the link, it compromised my information immediately. Clicking that link allowed access to my account verification that would now be routed to the scammer’s email. Not mine. Further, since I didn’t have a two-factor authentication setup on my social account, it made it easier for the hack to take place.
To take the hack a step further, he actually contacted me on WhatsApp. He asked me to create a video stating the Bitcoin investment was legitimate and, in return, he would release my account back to me! I couldn’t believe it! By this time, I knew my accounts were compromised, but I can imagine other people making this video adding to the scam’s authenticity, keeping it alive to seize the accounts of others.
My mind was racing about what the guy had access to. Did he empty my digital wallet? Did he have my social security number? Was he selling my personal information to others? Worst of all, will he message my family and friends, putting them at risk too? That last one kept me up at night.
How does this experience make you feel about the Internet and the threat of cyberattacks?
Even after this experience, I feel the Internet is a great tool that we can use to communicate, learn, and share information at a high rate. As technology continues to evolve, so will the frequency and sophistication of cyberattacks. To combat that issue, people must remain vigilant online and open to learning more about how to protect themselves.
What are some of the practices you have put in place in order to be more secure online?
It’s making sure that all my online profiles have two-factor authentication enabled. It’s also being mindful not to click suspicious links and conduct due diligence to verify messages are coming from the people they say they are. It may seem like a small step, but the extra precaution can go a long way.
What would you tell people unaware of the threat of cyberattacks?
To be aware that they do exist, and dangerous online actors are looking for unsuspecting people. As a technology-forward individual, I consider myself well versed in cyber issues. Yet, I still became a victim. These hackers, cybercriminals, and phishing scammers are slick. I could only imagine how sophisticated a team of government-funded hackers would be. However, there are still things you can do to protect yourself. I would recommend that digital citizens continue to read the news, stay up to date on the latest trends in the cyber arena, and practice cyber hygiene. And remember, if it sounds too good to be true, it most likely is.
Thank you so much for your time.
Have you been personally affected by a cyberattack? If so, we want to hear from you. Let us know by DMing our Twitter account @DigitalPeaceNow.