Case Study: Hacker stings user after lying in wait

Cybersecurity Hacker Case Study

What happens when a hacker gets access to your system and lies in wait?

One such case happened where emails were hacked and the criminal watched in the shadows for 120 days before striking.

In one transaction, the hacker secured a $40,000 payment for just one client breach.

Read more on the hacker’s plan of attack and how OneCloud IT resolved this issue.

The issue

A user’s emails were compromised, however the hacker did not scam the victim straight away. 

The hacker viewed their emails for 120 days – learning their behaviours and accessing their contact lists, understanding how invoices were sent and how much was an appropriate transaction amount. 

Once this knowledge was achieved, the hacker emailed multiple clients, updating them that the company had changed its bank account details and provided a new invoice for the client to pay. 

In one instance, this happened to be a $40,000 payment.

The client then told the company they had paid the new invoice, to which they then discovered that no invoice was sent and no bank details had been changed. 

Once the client and company compared notes and realised the money had left the client’s account, they called the police to start investigating. 

What was done

Once the client discovered their emails were hacked, the below was implemented:

Change your credentials

New username and password: secure passwords should have 12 characters, have a mixture of symbols, number, capital and lowercase letters. Ensure all your passwords are different and keep track of your new passwords. 

Change security question

Without being sure what the hacker was able to access, you need to ensure all account details are changed to reduce the likelihood of the client being hacked again. Avoid questions that could easily be guessed or found online.

Turn on two-step verification

This extra step allows the user to not only reduce the likelihood of being hacked but also reduce the chances of the user being locked out of their account. 

Warn your contacts

Warning your clients provides them the chance to delete any suspicious messages, therefore reducing the chance of them being hacked. 

Also it allows them to avoid invoice notifications, causing them to pay the hacker instead of the users.

Look for signs of trouble

Hackers may have made changes to the user account, allowing them to gain access to your account easier next time or continue to scam people after you’ve taken back control of the account.

Check email signatures, auto-forwarded rules, or any further tips from your email provider.

Look for signs of a computer virus, slowness, pop-up windows, problems shutting down and restarting, or any unfamiliar applications on your device.

Protect yourself for the future

  • Join OneCloud Services
  • Disaster recovery plan for the future
  • Managed IT services
  • Cyber security services
  • Staff training for the future 

The Outcome

After three months, the hacker was found and the money was returned to the user – which is a rare occurrence.

Measures were put in place to reduce the issues happening again.

Sadly the user took a hit in customer reputation and trust.

The downtime resulted in a loss of income.

Contact OneCloud IT Solutions to start work on your cybersecurity and disaster recovery plan today and start future-proofing your business from the inevitable disasters.