TL;DR: My mum’s email and Facebook were broken into. Although we know how to protect ourselves online, some of our family members (especially parents) are vulnerable.  

This Easter holiday, while munching a turkey lap and guzzling down beer, I will ensure all members of my nuclear and a few of my extended family enable 2 factor authentication for all their email (Google, Yahoo) and Facebook accounts.

You should too.


Here’s the long story.

Yesterday, for 1 hour, I struggled to gain control of my Mum’s Facebook and email accounts.

It all started when I receive a Facebook message ‘from my mum’.  I got the “Hello,  how are you?”,  and replied accordingly. Then as with any son who has an outstanding task for the parent, I went on the offensive. “The thing you asked me to do is quite hard. I am still on it”. She replied “Ok. no problem”

I responded “You are rather calm these days. It is good.” I was still puzzled my mum was quite gentle.

Then the giveaway happened next.

“Can you send me MTN recharge card (Airtime)?”

Immediately, I knew what had happened. While I was replying in the affirmative, I was on the phone to my mum asking for her password. As I logged into her Facebook, I saw a notice saying that her password was recently changed and last accessed in Tunisia.

As I was telling the person illegally chatting with me through my mum’s Facebook account to send me a number to text the recharge card to, I was trying to change her password.

I succeeded by sending a new link to her email and changing her password.

Yaaay!? Nay.

As I checked her sent messages to start letting the people that had been contacted that there was an intrusion, her Facebook logged out automatically.

The person had reset the password again!!!

I tried to reset the password again and lo and behold, I could not get into my mum’s email. The person also had access to that and had changed her email password. Luckily, my mum added a phone number to her account a long time ago.

THIS was the only reason I could get access to her email.

Going backwards and forward changing Facebook passwords with the intruder ended with my mum’s Facebook account being blocked.

In her Yahoo email outbox were sent messages to my sister with the attachment “pics”. Luckily, I contacted my sister before she accessed her email.

Of course, if my sister had opened that attachment, it would have continued spreading.

So even if you are protected, your loved ones are not. Meaning you are exposed in a way. All it takes is for that distant cousin to send an attachment “new family pics” to someone close for the virus to start crawling.

I’d advise everyone who is the “tech guy/gal” in their family to use this Easter holiday to help protect them by

  1. Setting up 2 factor authentication for their emails (Google https://accounts.google.com/SmsAuthConfig; *Yahoo: https://edit.yahoo.com/commchannel/manage?  and Facebook (https://www.facebook.com/settings?tab=security&section=devices&view )

  2. Installing Firefox or Chrome and letting them know it is the new “Internet”

  3. Teaching them NEVER to open unsolicited attachments. If it is too tempting, they should forward it to you.

With the popular 2 Factor Authentication, you are sent a text with a one time password anytime your web account is accessed from an unrecognised browser or device. So for your email to be “hacked”, the person would need to have your phone too.

Quite hard if the idiot is in far away Tunisia.

Happy Easter holidays!


*Yahoo does not technically have 2 Factor authentication. But having your phone to receive reset information is a good idea.

 

PS: The time security questions protected us have long gone.

 

11 thoughts on “Why I am Having A 2 Factor Authentication Easter Party.

  1. No wonder. She was sending me messages too and it did not add up. Does she use Skype? I think it may also have been compromised. You should also change your Skype password as well

    1. Wow! Really?

      Kai! Dem wan fall my mama empire. Can you crosscheck if her accound is deletet now?

      Thank you. I have changed my Skype password

  2. Good thing you were able to get back in.

    Just would like to add that it is also vital when hacked to delete/revoke permissions to all unknown 3rd party apps. Those apps will have tokens gotten from oauth which may still have access after the password is changed

    1. Apps dont have password access through OAuth though. The worst they can do (on your behalf) is post on your wall, spam your friends, etc. They can’t hijack your account or reset your password. Deleting/Revoking permissions to unknown ones is a great idea though.

  3. Same issue happened to my sister’s facebook account. What the scammer did was to change her default Phone number so that he can reset her Facebook account password at will. What i did was to change the Number and did the password reset. That stopped the issue.

  4. I think Google 2-step verification is not yet setup for Nigeria…you cant add a Nigerian number from the drop down when asked to choose a country. Or does it work regardless???

  5. Osita – good work. Would be good to talk – have a few matters of mutual interest. Pls send me an email with your preferred contact so I can setup a discussion.

Leave a Reply

Your email address will not be published. Required fields are marked *