Getting hacked sucks! I knew something was wrong when I received an email notice from LinkedIn that “You’ve successfully changed your LinkedIn password.” I received the email at 3:33 pm while I was standing in line to get ice cream with my daughter and noticed the change was made using Firefox and Windows 10.
I knew right away something was wrong since I don’t own a PC running Windows 10. Then the nightmare began, I started to receive text messages, calls and emails asking if I sent an email that read “YOU HAVE A DOCUSIGN REQUEST. KINDLY CLICK HERE TO REVIEW DOCUMENT.”
Getting Hacked Sucks – Thought I Was Safe
The email originated from my LARGO Consulting Services Office365 email account, but the signature was from my PalmCentrix email account. I immediately tried to log in to my Office365 account, but the password had been changed. I called GoDaddy and discovered that someone had logged into my account, signed up for hosting services, and spoofed my www.yoursecurityadviser.com website using one of my other domain names.
While GoDaddy worked on resolving the problem, I started changing passwords, which by the way I had recently changed to strengthen security on most of my accounts. Additionally, I started reaching out to people letting them know not to click on the link. I responded to the emails I received, text messages, calls and even sent out a mass email through MailChimp with the message “Do Not Open Any Docusign Links.”
Getting Hacked Sucks – Why Me?
I wanted to reach as many people as possible, so I also posted a message on Facebook and LinkedIn that read “Please Do Not Click On An Email Link To DocuSign!. Not only did the hacker spoof my email they also spoofed a website. Even if you replied to the email asking if I sent it, you received a return email saying yes, along with a custom reply.”
Once I stopped the bleeding, I started to wonder where I went wrong? I followed most of my advice published in recent blogs, post, and tweets, but still managed to become a victim. Had I taunted fate, by tweeting and posting about the dangers of poor passwords, the importance of Two Factor Authentication, and how not to become a victim of ransomware?
I may never find answers to all of my questions, but I know one thing for sure, Getting Hacked Sucks!
About The Author
Bernard D. Gollotti, CCP is an ASIS International Board Certified Security Professional with over 30 years of real-world experience across multiple market verticals and disciplines. Ben founded PalmCentrix, LLC to connect end users to mobile security and safety solutions that you can use in the palm of your hand. He is also President/CEO of LARGO Consulting Services, LLC providing physical security consulting services, security industry specific social media consulting services, and business development consulting services in the Greater Philadelphia area.