SlideShare une entreprise Scribd logo

Anatomy of a hack

Télécharger en tant que PPTX, PDF
Mike Giovinazzo
Mike Giovinazzo

I was hacked and lost my IG account. A very disappointing experience and I see it happen to so many friends. So here is how I was hacked and some ways you can learn from my mistakes.

Médias sociaux
1  sur  19
Anatomy of a hack ... What you need to know … How you can learn from my mistakes
Background and Context • As many of you know my Instagram Photography account was hacked • I thought I knew what to do, and what not to do BUT I too got fooled • This is what happened to me … • Step by step … so you can learn from my mistakes
July 17 – I was hacked • It took all of 10 minutes … and years of social media content, all my contacts, conversations, followers … POOFed • They seemed to think I was a “business” and hence I would pay to get it back
Those early steps … • I was outside doing BBQ for the family, not really paying attention to my phone • A “Hello” message pops up from a model I photographed a while back • She wants to know if I sent her a “strange screen”. • “No I did not !! “ I replied “do not click on it – it’s likely a virus “ • She wanted to know if I’m getting them too
The Big Mistake … • I explain “I’m fine”, but then get a text message that indeed seems funny • I report it as spam, and delete it. • Tell her I just deleted a funny message, BUT I never clicked on it. • She’s gets another and so do I, asks if we are getting the same message • I send her a screen shot - MISTAKE • It looks like a partial message ending in “…” BUT it had enough for the hacker to retype the link and use it !!!!
In Retorospect … • I knew not to click on anything • And I sent “her” just a graphic with no active link ! • Plus when I look back it seems that the link in incomplete • YET – it seems the hacker had enough to reconstruct the link and use it. • By now we are having dinner and this chat is behind me
All within 10 minutes … • As we ate a series of messages were sent to my email… • Your password was changed • A login happened from a new device in Port Harcourt, Nigeria !! • Two - Factor authentication is enabled • You email was changed to verifyg080@gmail.com
An hour later I see these messages • Sensing something is happening I’m wondering what’s up • My phone is getting a pile of texts with a “recovery code” • This “model” is now asking if I have gotten these 6 digit codes and can I sent her a screen shot so she can compare them to hers • Alerted I check my emails are see what’s happened • BUT clearly the hacker still needs something and keeps messaging
Trying to recover … • I can’t log into my IG Photography account, but my other two OttawaPhotographyMeetups and @OttawaModelManagement are ok • I check my Facebook and change passwords on all my other accounts • With the help of a friend we find the online guide of what to do and it says to go to the original email and click … “REVERT THIS CHANGE”
BAD Documentation • PROBLEM … there is no such link in the email • The only link is Secure Your Account and that leads back to the previous page of help text saying we should click … “REVERT THIS CHANGE”
Next Tact ?? • The next suggestion is to “click forgot password” • This sends a message to the Hackers e-mail (since they changed it) • I get nothing but a new barrage of texts from the hacker saying they can see me trying to access the account … Do I want it back ???? • So I use “try another way” and request a code to my phone. • That moves me to the next step, BUT before I can reclaim the account I need to enter the hacker’s 2-factor authentication code !!!
Must be a better way to get it back… • All my IG accounts and my Facebooked are linked together • When I’d log into one, I’d have access to the others, but now it appears there is the concept of a “Meta Account Center” that controls which accounts can log into which other accounts. • Not sure why the Hacker didn’t or couldn’t use this to get to all the other accounts, but they detached my hacked account from my Account Center. Yet Facebook still sees the hacked account as my main IG business account. So I can see if the hacker messages anyone pretending o be me
One more possibility ?? • IG Documentation says you can reclaim you account if you take a selfie video and submit it. They compare your selfie with the IG account images and see if that is really you. • Well I tried, because the profile pic on Facebook is me, but my IG account was for photography and all the images there were of other people I’d photographed. Dead End 
Try, try, try … or start again ? • I asked all my friends to report @MikeGiovinazzoPhotography was hacked • Reported @MikeGiovinazzoPhotography as impersonating me • We finally found buried in the IG app a place to REPORT A PROBLEM • So I prepared an outline of what happened and included the screen shot of all the emails I got within 10 minutes with the password change, Nigeria login, new 2FA, changed email. NOTHING HAPPENED !!!! NO REPLIES !!! So now what – start again ???
Worried About Others • I now use Facebook to monitor who the hacker might target next by impersonating me • I also alerted everyone I can using Facebook personal account, business account and my other IG accounts. • FUNNY – as soon as I used the word HACKED on Facbook a pile of people who do not follow me and are not my friends MAGICALLY appeared sending me links to hackers who in turn would recover my account . Yeah !! I ignored these
Stale Mate ? • So my Facebook page remains linked to my Hacked IG account • I can see anyone who comments or messages me on the old account • It even possible to message them back via my Facebook Business Suite inbox • If I do that the Hacker would see I still have partial access to the account, but I suspect they know because they are still pestering me for the 6 digit authentication codes being sent to my phone.
What are they missing … • The hackers starts texting me looking for the 6 digit codes being sent to my phone • Clearly they are still missing something • Then I get similar messages to my eMail • Finally they use my cell number and start sending Whatapp requests I think they still want to detach my cell from the hacked account and/or detach my Facebook account
In the end … • I just gave up on Meta – they do not respond to hacks and for whatever reason do not care or just do not have the resources to investigate • I started again and created @MikeGiovinazzoPhotographer as opposed to @MikeGiovinazzoPhotography • I started re-adding friends to IG (but slowly because when I tried to do too many IG said I was abusing a feature and would “suspend my account” ??? • I renamed my Facebook account to match my new IG account • I have yet to somehow link my new IG with my Facebook photography page • There are still 1000’s of images linked to my hacked account and some still are tagging me using the old IG so I never see those images • It’s a bother for everyone to retag older images so I have to learn to let go. PLUS searches still find the old IG so new people looking for me sometimes go to the wrong place. • Ideally I could get the old account reinstated or deleted all together to avoid confusion
Lessons Learned • Most hacks start with the most innocent “Hello” from some account you know • If the messages seem out of character check with that person VIA OTHER channel such a text, phone call, email, different social media app … NEVER ask the HACKER “are you real?” If necessary challenge them with something they would not know (Where did we meet When did you last see me) • Turn on 2-factor authentication. Yes it can be a pain but if you have a limited number of trusted devices it is manageable. • NEVER click on a link someone sends you. Even if you know them and the message is innocent (This is funny, You’ll love this, Is this really you, …) • Do not share anything from your phone, not even a screenshot

Recommandé

2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat HonanJoel Cardella
 
Ebay & PayPal Incognito Stealth eBook PDF
Ebay & PayPal Incognito Stealth eBook PDFEbay & PayPal Incognito Stealth eBook PDF
Ebay & PayPal Incognito Stealth eBook PDFAuction Essistance
 
Ebay incognito
Ebay incognito Ebay incognito
Ebay incognito Kevin Clarke
 
Paypal
PaypalPaypal
Paypalkatzewhel
 
Hack for security
Hack for securityHack for security
Hack for securitySiddharth Solanki
 
$2300 in 3 days using twitter traffic
$2300 in 3 days using twitter traffic$2300 in 3 days using twitter traffic
$2300 in 3 days using twitter trafficIDLIB
 
Using Social Media Safely & Effectively by Jenna,Victoria, and Sofia
Using Social Media Safely & Effectively by Jenna,Victoria, and SofiaUsing Social Media Safely & Effectively by Jenna,Victoria, and Sofia
Using Social Media Safely & Effectively by Jenna,Victoria, and Sofialukemcpherson
 
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!Melinda Caldwell
 

Recommandé

2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat HonanJoel Cardella
 
Ebay & PayPal Incognito Stealth eBook PDF
Ebay & PayPal Incognito Stealth eBook PDFEbay & PayPal Incognito Stealth eBook PDF
Ebay & PayPal Incognito Stealth eBook PDFAuction Essistance
 
Ebay incognito
Ebay incognito Ebay incognito
Ebay incognito Kevin Clarke
 
Paypal
PaypalPaypal
Paypalkatzewhel
 
Hack for security
Hack for securityHack for security
Hack for securitySiddharth Solanki
 
$2300 in 3 days using twitter traffic
$2300 in 3 days using twitter traffic$2300 in 3 days using twitter traffic
$2300 in 3 days using twitter trafficIDLIB
 
Using Social Media Safely & Effectively by Jenna,Victoria, and Sofia
Using Social Media Safely & Effectively by Jenna,Victoria, and SofiaUsing Social Media Safely & Effectively by Jenna,Victoria, and Sofia
Using Social Media Safely & Effectively by Jenna,Victoria, and Sofialukemcpherson
 
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!
Secret Facebook Strategy that Generates $100 Instant Daily Payments Revealed!Melinda Caldwell
 
Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In DubaiDubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubaikojalkojal131
 
Values Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdfValues Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdfSoftServe HRM
 
Unveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the StarsUnveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the StarsSocioCosmos
 
Amplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing ServicesAmplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing ServicesNetqom Solutions
 
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw DigitalTop 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digitalmacawdigitalseo2023
 
The--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media PitchThe--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media Pitch17mos052
 
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECTTHE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT17mos052
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 

Contenu connexe

Dernier

Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In DubaiDubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubaikojalkojal131
 
Values Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdfValues Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdfSoftServe HRM
 
Unveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the StarsUnveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the StarsSocioCosmos
 
Amplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing ServicesAmplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing ServicesNetqom Solutions
 
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw DigitalTop 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digitalmacawdigitalseo2023
 
The--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media PitchThe--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media Pitch17mos052
 
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECTTHE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT17mos052
 

Dernier (7)

Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In DubaiDubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
Dubai Calls Girls Busty Babes O525547819 Call Girls In Dubai
 
Values Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdfValues Newsletter teamwork section 2023.pdf
Values Newsletter teamwork section 2023.pdf
 
Unveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the StarsUnveiling SOCIO COSMOS: Where Socializing Meets the Stars
Unveiling SOCIO COSMOS: Where Socializing Meets the Stars
 
Amplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing ServicesAmplify Your Brand with Our Tailored Social Media Marketing Services
Amplify Your Brand with Our Tailored Social Media Marketing Services
 
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw DigitalTop 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
Top 5 Ways To Use Reddit for SEO SEO Expert in USA - Macaw Digital
 
The--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media PitchThe--Fraud: Netflix Original Media Pitch
The--Fraud: Netflix Original Media Pitch
 
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECTTHE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
THE FRAUD NETFLIX ORIGINAL MEDIA PITCH PROJECT
 

En vedette

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

En vedette (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Anatomy of a hack

  • 1. Anatomy of a hack ... What you need to know … How you can learn from my mistakes
  • 2. Background and Context • As many of you know my Instagram Photography account was hacked • I thought I knew what to do, and what not to do BUT I too got fooled • This is what happened to me … • Step by step … so you can learn from my mistakes
  • 3. July 17 – I was hacked • It took all of 10 minutes … and years of social media content, all my contacts, conversations, followers … POOFed • They seemed to think I was a “business” and hence I would pay to get it back
  • 4. Those early steps … • I was outside doing BBQ for the family, not really paying attention to my phone • A “Hello” message pops up from a model I photographed a while back • She wants to know if I sent her a “strange screen”. • “No I did not !! “ I replied “do not click on it – it’s likely a virus “ • She wanted to know if I’m getting them too
  • 5. The Big Mistake … • I explain “I’m fine”, but then get a text message that indeed seems funny • I report it as spam, and delete it. • Tell her I just deleted a funny message, BUT I never clicked on it. • She’s gets another and so do I, asks if we are getting the same message • I send her a screen shot - MISTAKE • It looks like a partial message ending in “…” BUT it had enough for the hacker to retype the link and use it !!!!
  • 6. In Retorospect … • I knew not to click on anything • And I sent “her” just a graphic with no active link ! • Plus when I look back it seems that the link in incomplete • YET – it seems the hacker had enough to reconstruct the link and use it. • By now we are having dinner and this chat is behind me
  • 7. All within 10 minutes … • As we ate a series of messages were sent to my email… • Your password was changed • A login happened from a new device in Port Harcourt, Nigeria !! • Two - Factor authentication is enabled • You email was changed to verifyg080@gmail.com
  • 8. An hour later I see these messages • Sensing something is happening I’m wondering what’s up • My phone is getting a pile of texts with a “recovery code” • This “model” is now asking if I have gotten these 6 digit codes and can I sent her a screen shot so she can compare them to hers • Alerted I check my emails are see what’s happened • BUT clearly the hacker still needs something and keeps messaging
  • 9. Trying to recover … • I can’t log into my IG Photography account, but my other two OttawaPhotographyMeetups and @OttawaModelManagement are ok • I check my Facebook and change passwords on all my other accounts • With the help of a friend we find the online guide of what to do and it says to go to the original email and click … “REVERT THIS CHANGE”
  • 10. BAD Documentation • PROBLEM … there is no such link in the email • The only link is Secure Your Account and that leads back to the previous page of help text saying we should click … “REVERT THIS CHANGE”
  • 11. Next Tact ?? • The next suggestion is to “click forgot password” • This sends a message to the Hackers e-mail (since they changed it) • I get nothing but a new barrage of texts from the hacker saying they can see me trying to access the account … Do I want it back ???? • So I use “try another way” and request a code to my phone. • That moves me to the next step, BUT before I can reclaim the account I need to enter the hacker’s 2-factor authentication code !!!
  • 12. Must be a better way to get it back… • All my IG accounts and my Facebooked are linked together • When I’d log into one, I’d have access to the others, but now it appears there is the concept of a “Meta Account Center” that controls which accounts can log into which other accounts. • Not sure why the Hacker didn’t or couldn’t use this to get to all the other accounts, but they detached my hacked account from my Account Center. Yet Facebook still sees the hacked account as my main IG business account. So I can see if the hacker messages anyone pretending o be me
  • 13. One more possibility ?? • IG Documentation says you can reclaim you account if you take a selfie video and submit it. They compare your selfie with the IG account images and see if that is really you. • Well I tried, because the profile pic on Facebook is me, but my IG account was for photography and all the images there were of other people I’d photographed. Dead End 
  • 14. Try, try, try … or start again ? • I asked all my friends to report @MikeGiovinazzoPhotography was hacked • Reported @MikeGiovinazzoPhotography as impersonating me • We finally found buried in the IG app a place to REPORT A PROBLEM • So I prepared an outline of what happened and included the screen shot of all the emails I got within 10 minutes with the password change, Nigeria login, new 2FA, changed email. NOTHING HAPPENED !!!! NO REPLIES !!! So now what – start again ???
  • 15. Worried About Others • I now use Facebook to monitor who the hacker might target next by impersonating me • I also alerted everyone I can using Facebook personal account, business account and my other IG accounts. • FUNNY – as soon as I used the word HACKED on Facbook a pile of people who do not follow me and are not my friends MAGICALLY appeared sending me links to hackers who in turn would recover my account . Yeah !! I ignored these
  • 16. Stale Mate ? • So my Facebook page remains linked to my Hacked IG account • I can see anyone who comments or messages me on the old account • It even possible to message them back via my Facebook Business Suite inbox • If I do that the Hacker would see I still have partial access to the account, but I suspect they know because they are still pestering me for the 6 digit authentication codes being sent to my phone.
  • 17. What are they missing … • The hackers starts texting me looking for the 6 digit codes being sent to my phone • Clearly they are still missing something • Then I get similar messages to my eMail • Finally they use my cell number and start sending Whatapp requests I think they still want to detach my cell from the hacked account and/or detach my Facebook account
  • 18. In the end … • I just gave up on Meta – they do not respond to hacks and for whatever reason do not care or just do not have the resources to investigate • I started again and created @MikeGiovinazzoPhotographer as opposed to @MikeGiovinazzoPhotography • I started re-adding friends to IG (but slowly because when I tried to do too many IG said I was abusing a feature and would “suspend my account” ??? • I renamed my Facebook account to match my new IG account • I have yet to somehow link my new IG with my Facebook photography page • There are still 1000’s of images linked to my hacked account and some still are tagging me using the old IG so I never see those images • It’s a bother for everyone to retag older images so I have to learn to let go. PLUS searches still find the old IG so new people looking for me sometimes go to the wrong place. • Ideally I could get the old account reinstated or deleted all together to avoid confusion
  • 19. Lessons Learned • Most hacks start with the most innocent “Hello” from some account you know • If the messages seem out of character check with that person VIA OTHER channel such a text, phone call, email, different social media app … NEVER ask the HACKER “are you real?” If necessary challenge them with something they would not know (Where did we meet When did you last see me) • Turn on 2-factor authentication. Yes it can be a pain but if you have a limited number of trusted devices it is manageable. • NEVER click on a link someone sends you. Even if you know them and the message is innocent (This is funny, You’ll love this, Is this really you, …) • Do not share anything from your phone, not even a screenshot