This is a true story from a new ProtectingCoin customer who recently had their Cryptocurrency Exchange account hacked and lost funds. The customer has now moved to using a hardware wallet for storing currency. This story is shared not to scare but as an educational and cautionary tale. *Note – this user is not new to technology and is technically savvy. **This hack that was used is also not unique to Cryptocurrency and impacts email accounts, online banking and any other account you access online. ***Names and small details have been altered to protect privacy
It was late 2017 and Cryptocurrency’s monumental rise was all the talk on social media, around the water cooler and had even become a recurring topic on the evening news. Many currencies such as Bitcoin, Litecoin and Ethereum had experienced increases of 1,000% or more within 12 months and more money was flowing in daily pushing the total market capitalization (value of all cryptocurrency coins) to over 600 Billion dollars.
Robert, a savvy user of technology, makes his living from technology and fiance and is very well versed in the use of technology. While working with a colleague one evening they utilized a very popular desktop sharing program (many of you may have this program or a similar program installed right now). Robert uninstalled the program after they had finished the remote desktop sharing program but the program had left a part of the program still installed. A hacker was able to remotely access Robert’s computer and install additional remote viewing and key logger utilities. A key logger records each and every key stroke that you type on your keyboard and logs it in a nice little package that is then sent to the hacker (passwords, usernames, pins, email addresses, email messages and instant messages are all recorded for later use by the hacker).
Robert, did we mention he was much more technically inclined than your average user on the internet, noticed some red flags that the hacker left behind and he took immediate action to update passwords, alert his banking institutions and freeze his credit. The hacker immediately responded by enlisting the assistance of more skilled hackers and launched a second attack on Robert’s digital assets. The hacking team was then able to take control of Robert’s goggle accounts and eventually his phone. For many, our entire lives from banking to family pictures are stored on our phones so this can be especially devastating.
Robert had no choice but to wipe devices and has spent weeks working to clear up issues with exchange accounts, banks, credit, social media accounts and as a result has lost many contacts, family photos and many hours of work into files that can not be recovered. This is on top of the financial impact of lost funds.
With quick actions, Robert was able to slow down some of the damage but the average user may not have been so lucky and recovering from this type of attack can spread over years as you work to repair damaged credit and accounts. Remember, with so much of our lives online now that this can happen to anyone and at any time.
Here are a few Security practices that we all can add to our daily routines:
- Create complex passwords (do not use birthdays, names of childen/pets, or other easy to find information)
- Do not use the same password for numerous sites (your forum for daily cat videos may have more security holes than your mega bank ((and those mega banks still get hacked)).
- Do not write passwords down in text files where anyone can read them.
- Be cautious of opening links and attachments in emails. If you were not expecting it, call to confirm it was sent and delete if you can not confirm.
- Be cautious when installing new programs as many apps can be fake. There are numerous reports of fake/malware apps even making it on the mobile App stores.
- Be cautious when using public computers as you have no idea what may be installed on these computers.
- If storing Cryptocurrency, use a hardware wallet such as a Trezor, Ledger or Keepkey and don’t store your seed words online.
- Use 2 Factor Authentication when offered on websites. *Note – text message (SMS) 2 Factor is better than nothing but can be hacked by a novice hacker. 2 Factor applications are the next step up and hardware based 2FA is the most secure option.
- Never provide credit card or other personal information when receiving unsolicited calls. If you believe the call is valid, hang up and call the company back with the phone number published on the back of the card. **Note – even if the number they called you from, when checking caller ID, appears to match, it still should not be trusted as caller ID can be faked. Only trust it if you call them.
Did we leave off any security tips. Comment and add them to help everyone be more protected.