I’ve been hacked, advice needed please
Discussion
Hi All,
My life was hacked today. Without giving too much information away, what I thought was a secure password application on my Mac was somehow accessed, my mobile phone ported to another provider, and attempts made to access significant funds.
I need to know where to go to get my computers security audited as I’m concerned that they still have access to my data. Are there specialists where I could take my devices for testing?
My life was hacked today. Without giving too much information away, what I thought was a secure password application on my Mac was somehow accessed, my mobile phone ported to another provider, and attempts made to access significant funds.
I need to know where to go to get my computers security audited as I’m concerned that they still have access to my data. Are there specialists where I could take my devices for testing?
Pippage said:
Hi All,
My life was hacked today. Without giving too much information away, what I thought was a secure password application on my Mac was somehow accessed, my mobile phone ported to another provider, and attempts made to access significant funds.
I need to know where to go to get my computers security audited as I’m concerned that they still have access to my data. Are there specialists where I could take my devices for testing?
Obviously cancel all cards etc asap.My life was hacked today. Without giving too much information away, what I thought was a secure password application on my Mac was somehow accessed, my mobile phone ported to another provider, and attempts made to access significant funds.
I need to know where to go to get my computers security audited as I’m concerned that they still have access to my data. Are there specialists where I could take my devices for testing?
What password app ?
Dougie.
Pippage said:
Perhaps my machine has a Trojan /keylogger/remote access installed?
Obvious questions:What anti-virus / anti-malware software are you using??
Do you recall clicking a link that didn’t do what you expected, maybe in an email that seemed to come from someone you know? (This can at least tell you when the hack started)
Without knowing the specifics of your situation, I can offer some standard advice I provide to victims of similar crimes:
- Report the incident to Action Fraud if you haven't already
- Change passwords for everything that matters to something strong and unique for each account
- Use app-based two factor authentication
- Check your email account(s) for forwarding rules, particularly if the accounts are related to a business (common tactic in mandate frauds)
- Back up your devices regularly
- Keep secure, offline (i.e. air-gapped) backups of all important files
- Notify your financial providers, and consider registering with CIFAS
There is more information available from SEROCU and NCSC.
In terms of auditing your devices, there are plenty of companies that can provide this service, however it'll be expensive. For phones, factory resetting is the easiest, cheapest solution provided you're confident all your data is safely backed up (iCloud, Google Drive etc.). For computers it's more subjective. Macs can be factory reset, PCs may need to be wiped and re-installed. You should be able to do all of this yourself, provided you're confident your data is securely backed up.
As you've been the victim of SIM-swapping the offenders are probably UK-based; there are going to be viable lines of enquiry for the police to follow; you should be referred to your local force's Cyber Crime Unit by Action Fraud.
If you want any further advice or assistance, feel free to PM me.
- Report the incident to Action Fraud if you haven't already
- Change passwords for everything that matters to something strong and unique for each account
- Use app-based two factor authentication
- Check your email account(s) for forwarding rules, particularly if the accounts are related to a business (common tactic in mandate frauds)
- Back up your devices regularly
- Keep secure, offline (i.e. air-gapped) backups of all important files
- Notify your financial providers, and consider registering with CIFAS
There is more information available from SEROCU and NCSC.
In terms of auditing your devices, there are plenty of companies that can provide this service, however it'll be expensive. For phones, factory resetting is the easiest, cheapest solution provided you're confident all your data is safely backed up (iCloud, Google Drive etc.). For computers it's more subjective. Macs can be factory reset, PCs may need to be wiped and re-installed. You should be able to do all of this yourself, provided you're confident your data is securely backed up.
As you've been the victim of SIM-swapping the offenders are probably UK-based; there are going to be viable lines of enquiry for the police to follow; you should be referred to your local force's Cyber Crime Unit by Action Fraud.
If you want any further advice or assistance, feel free to PM me.
Buy a new pc. Use this as a known good start point and rotate all your passwords across your services, starting with email.. Avoid installing apps right now.
Air gap the existing devices but don’t yet reset them. Buy some decent AV and scan those devices. You need to know how this happened.
Not sure on your phone but your provider should be able to help? Patently trying to control your other factors of authentication.
Also login into Facebook and Google et al and deauthorise all accounts related so they can’t login to them through a compromised account.
Air gap the existing devices but don’t yet reset them. Buy some decent AV and scan those devices. You need to know how this happened.
Not sure on your phone but your provider should be able to help? Patently trying to control your other factors of authentication.
Also login into Facebook and Google et al and deauthorise all accounts related so they can’t login to them through a compromised account.
First thing to do is pull your computer's network connection. That stops anything getting worse.
If they got access to your password app then I can only assume there is a Keylogger running on it. That or you used a very weak password.
Buying a new computer is a little over the top. You need to find how you got done .
Moving your phone is sneaky. That's so they can get past phone authentication, which just about every bank and app relies on now. I assume you've setup a new 2FA phone number now.
If they got access to your password app then I can only assume there is a Keylogger running on it. That or you used a very weak password.
Buying a new computer is a little over the top. You need to find how you got done .
Moving your phone is sneaky. That's so they can get past phone authentication, which just about every bank and app relies on now. I assume you've setup a new 2FA phone number now.
Yes but incident response from a pro at short notice is circa 1350 a day or 435per hour if you want someone same day.
I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
Just a thought here but do they need access to your computer to port your number? Last time I ported my number from Smarty to Three it was amazing how easy it was.
Years ago I managed to port the same number from O2 (in my dads name) to EE (in my name) with no questions asked.
I reckon they have got your details from the dark web, ported your number to access F2A and tried to access banking?
Years ago I managed to port the same number from O2 (in my dads name) to EE (in my name) with no questions asked.
I reckon they have got your details from the dark web, ported your number to access F2A and tried to access banking?
Taita said:
Yes but incident response from a pro at short notice is circa 1350 a day or 435per hour if you want someone same day.
I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
Where would one enquire though, internet searches are bearing no fruit.I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
the-norseman said:
Just a thought here but do they need access to your computer to port your number? Last time I ported my number from Smarty to Three it was amazing how easy it was.
Years ago I managed to port the same number from O2 (in my dads name) to EE (in my name) with no questions asked.
I reckon they have got your details from the dark web, ported your number to access F2A and tried to access banking?
I think my computer and password manager was compromised, so 2fa credentials were accessed. Tragically I alerted my mob provider who blocked the pac code and transfer but it want through anyway. Years ago I managed to port the same number from O2 (in my dads name) to EE (in my name) with no questions asked.
I reckon they have got your details from the dark web, ported your number to access F2A and tried to access banking?
Pippage said:
Taita said:
Yes but incident response from a pro at short notice is circa 1350 a day or 435per hour if you want someone same day.
I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
Where would one enquire though, internet searches are bearing no fruit.I can't see much need for it tbh, rebuild you devices, rotate credentials, get on the phone to your mobile provider and lodge complaint and tell them its not good enough - they will have anti sim swap procedures.
Also check all your emails in https://haveibeenpwned.com/
Did you have 2FA set up on your password manager and was that mobile?
Usually these things are pretty simple as people are creatures of habit. They will know your email and a password from a previous hack (check on haveibeenpwned) then they will hijack the mobile number to get the 2FA.
I would highly recommend swapping to token based 2FA and not using SMS. Secure the password vault and the token vault with a hardware token.
Usually these things are pretty simple as people are creatures of habit. They will know your email and a password from a previous hack (check on haveibeenpwned) then they will hijack the mobile number to get the 2FA.
I would highly recommend swapping to token based 2FA and not using SMS. Secure the password vault and the token vault with a hardware token.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff