Cell phone hacker creates havoc

Hackers are creating misery for people who use cell phones, credit cards and computers, according to local bankers who receive requests for help from customers after their accounts have been hacked.

Recovery can take days to weeks, according to Steve Gresham, president of the Bank of Holly Springs. They have a fraud department to handle credit or debit card theft.

Sometimes when a cell phone had been taken over by hackers, as was the case for Sarah Fay Sawyer, recently, she took action immediately by calling her bank and working with Information Technology (IT) specialists to reset her cell phone ID password. She reached out to her ID theft protection provider.

Sawyer was the unwitting victim of an iPhone hack and takeover and there was a steep learning curve in recovering her phone and as much of her data as could be saved.

She said her Venmo wanted payment since the hacker ran through it to a money order.

“But the bank did not authorize it,” she said.

At the time she was hacked, a voice came on the phone and told her not to get an attitude with him and not to text him, she said.

“I’m still dealing with it,” she said, in the fourth week since her incident.

She was driving from Oxford to Clancy’s Restaurant to meet a friend for lunch when the hack occurred as she was texting her son. She said a voice came on the phone and told her not to get an attitude with him.

“This is how quickly it can happen,” she said.

Lynn Duncan with ID Theft Solutions said the lack of close attention to emails, texts, or social media messages increases the person’s vulnerability because the messages make you panic and many people click before they think.

“We’re busy. Always doing things on the run and when these messages interrupt our day, we just want to get the problem solved and move on and we click the link or answer the message,” Duncan said. “I think people’s phones and computers are getting bombarded with messages like,’ this is the third attempt to contact you,’ or ‘if you don’t respond we’ll lock your account’ or ‘your Amazon order for over $2,000 is about to be shipped, click here to cancel.’ “she said.

Be especially vigilant for scam calls, texts and messages or emails during busy seasons such as tax season, summer vacation and Christmas holidays when there is an uptick in attempts to scam through phishing emails and texts. Beware of messages that purport to be from IRS, police department, bank, or anyone asking for your personal information

“Once a party gets access to your name, date of birth and/or social security number, scammers can open up multiple accounts in your name, file fraudulent tax returns or use your information to obtain employment, leaving you with the tax bill, among other things,” Duncan said.

“Scammers are even mimicking your child’s voice and calling, alerting you they’ve been in an accident or being hurt by the caller. Take a second to breathe and think before you respond. Don’t give your personal information to anyone who has contacted you. Don’t click on links sent to you in emails or texts.

“Instead, always check by contacting your bank, Amazon or Venmo or whatever account directly with the numbers you have on your billing statement to see if the charge is true.”

“For the hackers, it’s the luck of the draw,” Duncan said. “It may not be a person but a bunch of bots. Beware of shame. You don’t want to tell anybody about falling for it. I get comments from victims like ‘you will not believe and I knew better.’ “

Sawyer’s first steps were to freeze accounts with her banker, then look for help getting her passwords to accounts and even her Apple ID changed. That took lots of effort and a number of players just to recover her phone.

“I’ve got 20 pages of notes,” she said. “I changed all passwords. The scary part is that it’s tied to your bank account.”

Sawyer said the incident “has definitely changed her life.”

“I’m more aware, but I think everything you get can be a scam or hack. You do have to take all security measures. Contact the right people immediately - the bank, the phone company. The main thing is keeping that information off your phone.”

How does she feel?

“I felt so violated because they had my accounts,” she said. “I felt irritable, violated, and vulnerable all rolled into one. It happened so fast. It’s hard to tell what’s legit and what’s not legit.”

Tracy Davidson, with Byhalia Bank, provided some thoughts on how bankers help customers and ways to try to avoid becoming a victim. He said there are more and more customers getting hacked.

“There has been an uptick over the last month and a half,” he said. “We’ve had five hacks of our customers.”

More computers and cell phones are now being hacked, not just credit card fraud that bankers see.

He said popups and companies people are familiar with can be the way the hacker gets in.

A person may get a call saying it is Netflix or a call the hacker says is from Amazon, saying, “We’re closing your account. People should not respond to that number,” he said.

Instead, the person should check directly with their provider of, say Netflix, Amazon or Microsoft, he said.

“They are phishing. A lot of times you may open something. A good virus software is definitely a plus. When they gain access to your device, they are acting just as if they are you.

“Public awareness is absolutely the key.”

One customer was hacked and was asked for ransom, he said.

“Here’s the thing about it. This is an embarrassing situation for people. I try to find out if you have given them personal information. Be vigilant in opening emails. People get on the computer and go to order something and they don’t know if it’s fraudulent,” Davidson said.

Fraud and hacking have always been around, but it seems to be intensifying, he said.

“We don’t know how they get this stuff (your information),” he said. “Even if you get an email from a bank, don’t open it. Call your bank yourself, not the number on the email.”

Davidson said there are lots of things people can do to catch fraudulent activity. Look at credit card and bank account statements to make sure no one has used them except you, he said. You can get your bank to notify you when your credit card has been used.

“Be really vigilant,” he said. “Use good antivirus software that may weed out fraudulent emails. Electronics is a good tool, but you have to manage it and keep up with it.”

John Cosper, with New Creature Computers in Byhalia, said he was able to reset Sawyer’s Apple ID password after he reset her email passwords.

“Once we had that settled, we reset passwords on Venmo,” Cosper said.

When they logged in, they saw two charges on Sawyer’s Venmo and found an additional one later. Her Venmo account was shut down as a precaution even though they changed the password.

A two-factor or multi-factor identity authentication is often set for email accounts and bank accounts and Microsoft Office accounts.

“Some corporations are requiring verifying with a cell phone number or alternative address or business address,” he said.

Cosper said he gets two or three calls a month from customers who want to recover their accounts and data.

Cosper is a member of the Byhalia Area Chamber of Commerce and does IT work for them.

Who are the victims?

Cosper said the hackers tend to target people who don’t have a lot of IT knowledge, such as older adults who did not grow up in the age of computers.

“Once they are in the computer, they can do anything they want,” he said. “I really hate these people. They prey on people inexperienced and take their life savings at one time.”

People should beware of bogus emails, malware and popups saying they are Microsoft and “you have a virus.”

“They are finding new ways to spoof people who are running behind (in knowledge). It is their inventiveness,” he said, “that runs ahead of the software weaknesses in such products as Windows. Once we know what they are doing, we have to close that window.

“It’s everywhere, Microsoft more than Mac, which used to be impervious to attack. Microsoft and Apple are having to stay ahead of them.”

Another person who asked for his name to be withheld, said his credit card was hacked and he closed his account, only for hackers to reopen his old account in his name to be hit again. The hacker had his social security number, he said. That was about three months ago after first seeing an unauthorized purchase of about $600. He closed his account. But the hacker reopened the account, charging over $2,000 for a purchase at TJMax.

He said since he didn’t reopen the account he refused to pay. Credit card issuers did not report those unauthorized purchases to his credit bureau.

“I froze all my accounts,” he said. Yet, worry still lingers, he said.

Bankers are not immune to having their credit cards hacked, said Steve Gresham, president and CEO of Bank of Holly Springs.

Fraud departments are getting better at preventing credit card or debit card fraud, he said.

Someone in Mexico attempted to use his card and he got a call to see if he had tried to use it.

“It happens a whole lot,” he said. “A lot of people are attempting to hack into cards. It’s not rare. The customer will call to file a dispute and if it is a fraudulent purchase, they get their money back.”

The problem for the cardholder is it takes the bank time to recover the cardholder’s money by the bank.

“The biggest issue is the inconvenience with waiting to get a card back or to get issued another card, which can take from seven to 10 days,” Gresham said.

Molly Jenkins, with the Bank of Holly Springs fraud department, explained how they get calls from customers who have had their computer hacked.

“They get you to log on to online banking so they can see your balance, then they will make a transfer,” she said.

That was the case in Sawyer’s iPhone hack.

Jenkins said the bank goes in and deletes the customer’s online banking profile.

“We tell them to log out of online banking and turn off their computer or phone after they log off,” she said. “The hackers usually give up.”

Jenkins said the bank may get two or three hackers a month using online banking technology.

Gresham said if a person knows they will be taking a trip out of the area, they can call the bank and let the fraud department know where they will be traveling so the bank can make sure their card remains active on the trip.