TL;DR: My mum’s email and Facebook were broken into. Although we know how to protect ourselves online, some of our family members (especially parents) are vulnerable.
This Easter holiday, while munching a turkey lap and guzzling down beer, I will ensure all members of my nuclear and a few of my extended family enable 2 factor authentication for all their email (Google, Yahoo) and Facebook accounts.
You should too.
Here’s the long story.
Yesterday, for 1 hour, I struggled to gain control of my Mum’s Facebook and email accounts.
It all started when I receive a Facebook message ‘from my mum’. I got the “Hello, how are you?”, and replied accordingly. Then as with any son who has an outstanding task for the parent, I went on the offensive. “The thing you asked me to do is quite hard. I am still on it”. She replied “Ok. no problem”
I responded “You are rather calm these days. It is good.” I was still puzzled my mum was quite gentle.
Then the giveaway happened next.
“Can you send me MTN recharge card (Airtime)?”
Immediately, I knew what had happened. While I was replying in the affirmative, I was on the phone to my mum asking for her password. As I logged into her Facebook, I saw a notice saying that her password was recently changed and last accessed in Tunisia.
As I was telling the person illegally chatting with me through my mum’s Facebook account to send me a number to text the recharge card to, I was trying to change her password.
I succeeded by sending a new link to her email and changing her password.
As I checked her sent messages to start letting the people that had been contacted that there was an intrusion, her Facebook logged out automatically.
The person had reset the password again!!!
I tried to reset the password again and lo and behold, I could not get into my mum’s email. The person also had access to that and had changed her email password. Luckily, my mum added a phone number to her account a long time ago.
THIS was the only reason I could get access to her email.
Going backwards and forward changing Facebook passwords with the intruder ended with my mum’s Facebook account being blocked.
In her Yahoo email outbox were sent messages to my sister with the attachment “pics”. Luckily, I contacted my sister before she accessed her email.
Of course, if my sister had opened that attachment, it would have continued spreading.
So even if you are protected, your loved ones are not. Meaning you are exposed in a way. All it takes is for that distant cousin to send an attachment “new family pics” to someone close for the virus to start crawling.
I’d advise everyone who is the “tech guy/gal” in their family to use this Easter holiday to help protect them by
Setting up 2 factor authentication for their emails (Google https://accounts.google.com/SmsAuthConfig; *Yahoo: https://edit.yahoo.com/commchannel/manage? and Facebook (https://www.facebook.com/settings?tab=security§ion=devices&view )
Installing Firefox or Chrome and letting them know it is the new “Internet”
Teaching them NEVER to open unsolicited attachments. If it is too tempting, they should forward it to you.
With the popular 2 Factor Authentication, you are sent a text with a one time password anytime your web account is accessed from an unrecognised browser or device. So for your email to be “hacked”, the person would need to have your phone too.
Quite hard if the idiot is in far away Tunisia.
Happy Easter holidays!
*Yahoo does not technically have 2 Factor authentication. But having your phone to receive reset information is a good idea.
PS: The time security questions protected us have long gone.