We've Been Hacked

Adapt Faster - Week 9

Read time: 4 minutes

Midjourney art by Scarlett

Welcome back. It’s week 9 and we’ve been hacked.

Here’s what’s going on this week:

⏩ Adapt Faster: My Grandfather was hacked

🧠 Transform Smarter: Free Risk Reduction Cyber ROI download

⚡️ Prompt Smarter: Midjourney color matching

⚠️ Around the Angle: Is it time to drop Barracuda email?

⏩ Adapt Faster

My grandfather received this on his Mac this past week.

He proceeded to contact “Apple” only to start a multiple day well orchestrated social engineering scam resulting in $45K at risk.

The attackers installed Zoho Assist, which is commonly used by small business IT teams to help support end users, this granted them full access to steal a copy of his driver’s license, snap a photo of him using the webcam, and proceed to open a couple of crypto accounts.

All while this was happening on the screen in front him, the “Apple Tech,” a.k.a. Dennis Wilson (drummer for the Beach Boys who passed away in 1983) was supposedly trying to help him stop the attack that was coincidentally happening on the Mac at the same time. So in an “effort” to stop them, Dennis obviously needed my grandfather’s SSN, debit card number, and all of his credit card numbers. Also, he needed $4K worth of AMEX gift cards in order to stop these horrible attackers.

PSA: Teach your grandparents and elderly parents about these scams ASAP.

I got wind of this on Tuesday night which was already 72 hours into this operation. I didn’t know precisely what to expect, but I’ve been a student of cybersecurity for many years, so I had a clue.

By the time I assessed the damage, $21k had already been transferred to Coinbase, $4k had been spent on AMEX gift cards, and another $20K was pending to Coinbase.

Here’s the challenge, my grandfather is in another state and there’s nobody in the family to get to him quickly enough. Fortunately for us, these hackers were sloppy, let me explain.

They left the front door wide open. All of the malicious behavior they did was tied to his email account including the new crypto accounts. I guess they didn’t think he had a grandson in cyber : )

How I stopped a hack in progress by sloppy attackers, remotely.

Step 1: Unplug the computer. If the individual has already been compromised (software installed) and they are non-techie (grandparents), unplug the computer. We need to take it completely offline, this is the safest way to go, that way there’s no guessing.

Step 2: Contact the bank. Lockout online access and freeze the account. Cancel debit card. You can walk into local branch the next day if you need cash.

Step 3: Attempt to log into email provider. If success, change the password, enable / change MFA settings.

Step 4: Attempt to log into Coinbase (newly created crypto account). Password reset, email comes to inbox, success, password changed. Proceed to log in; please enter MFA code - we don’t have it - they locked us out.

Step 5: Contact Coinbase support. They can’t verify the account without drivers license and a webcam selfie of my grandfather - the hackers have this info and could easily verify despite our password change. Ask Coinbase rep to block the account entirely so that nobody can log in and investigate it for fraud - success.

Step 6: Contact credit card companies, report fraud and send new cards.

Step 7: Log into all 3 credit bureaus to report fraud and freeze credit.

It’s not over yet, but the current result is this:

- $40K blocked from crypto and recovered
- $4K AMEX gift cards arrived and in possession

He may make it out of this with only time wasted, but assets saved.

This is a tough lesson for anyone to learn. I only hope that this doesn’t permanently scare him off of the internet and away from technology.

Stay vigilant. Spread awareness.

Adapt faster.

🧠 Transform Smarter

DISCLAIMER: I’m a vendor agnostic, humanly biased Cybersecurity Advisor by trade. If you’d like to support me, visit catchadvisors.com and talk to me face-to-face.

Last week we touched on the ROI of Cyber and this week I completed a comprehensive document. To help you Transform Smarter, I want you to have it for free. Download it here. Select $0 and grab it.

A few warnings in advance:

  1. This was compiled with the best stats and averages I could find.

  2. There is an element of subjectivity used to determine how secure you think you are.

  3. There are no absolutes in cyber. This ROI exercise is flawed just like the next one, but the ability to baseline and compare is valuable.

⚡️ Prompt Smarter

Looking to create Midjourney art in brand colors? Typing “green” or “blue” for example will get you a very basic green or blue. But what if you’re looking for #01DC92 green? Well Midjourney doesn’t support HEX codes (yet?)

Here’s the workaround:

Go to color-name.com and type in your HEX code. It will give you a name. Apparently Catch Advisors green is called Caribbean Green (I had no idea).

Here’s the prompt we used for the image this week:

/imagine imac computer hacked virus on the screen. Noir comic book style. Use only these colors: Caribbean Green, middle yellow, and black --ar 16:9

After the initial details of the image you want to create, try adding another line directing it to ONLY use the colors you want. It’s not 100% perfect, but it’s really great.

⚠️ Around the Angle

Barracuda discovered a serious flaw in their email security system and it turns out a group from China, UNC4841, has been exploiting it since 2022. Even with Barracuda's fixes, these guys are still poking around networks worldwide, especially in government agencies.

Always Adapting

Thanks for reading! When you signed up for this newsletter I promised to help you adapt faster, transform smarter, and help you keep up with the hype cycle. What did you think of today's newsletter? Reply to this email and let me know what you'd like to see more of.

Thanks for reading.

See you next week.

p.s. if you want to sign up for the Adapt Faster newsletter or share it with a friend, you can find us here

Reply

or to participate.