The Human Stories Behind Cybercrime, Part 2

Recently, SaferNet covered the stories of regular individuals and their brushes with cybercrime. We all have stories like these, which can make them the most impactful. Today, we’ll look at more in Part 2.

These stories were collected from around the web, including Heimdall Security, Telegraph UK, NY Times, Reddit, Buzzfeed, Medium, The Atlantic, Reader’s Digest, and various blogs.

Note: Names and some locations of the stories shown here have been changed to respect the individual’s privacy.

An individual in the UK loses money to a TV license phishing scam:

“When Jerry Tack received an email saying the TV license needed paying, he didn’t think twice about it.

Nothing seemed suspicious about the website he clicked on, so he entered his bank details – and began a chain of events that would lose him £9,900.

Jerry, from Hampshire, was among thousands contacted in what police called a “particularly nasty” fraud.

But the banks say they cannot reimburse customers who have mistakenly authorized payments to fraudsters.”

An American Woman Gets Hacked and Cyberstalked:

“When I first read the email from my hacker, I couldn’t stop screaming. I didn’t know what to do; I was in a state of complete shock and terror. I had sensed something was wrong, but this was my horrifying confirmation.

I was out to dinner with my friends when I got a Facebook notification that somebody in another state had logged into my account and tried to change my password. Thirty minutes later, I got an email from who I assumed to be the culprit. It said if I didn’t do what was asked of me, “every photo I have of you” was going to be posted on my social accounts, which he had gained control of. I had no idea what he was talking about until I scrolled down to the very end of the email.

There were two photos of me in my bedroom taken through my webcam. I later found out he had been spying on me for over a year, from my senior year of high school to when I received that first email during my freshman year of college.

I called my mom, who contacted the police immediately. They told me they were going to catch the hacker, but that it could be a slow process.

Meanwhile, I was busy wondering how this could happen in the first place. I must have opened an email with a link in it that allowed him to place malware, or malicious software, on my computer, which granted him complete access to my laptop. He was able to trace the keystrokes on my keyboard so he could learn my passwords and see what sites I was going to, and, creepiest of all, he was able to access my webcam 24/7.

I used to keep my computer open on the floor of my bedroom to play music while I was studying, changing, going back and forth from the shower—he saw all of that.

I was convinced this was some random creepy guy from a different country. Then I found out it was someone from my high school. I went to a huge school with over 3,000 students and never had any personal communication with him, though I knew who he was. The fact that I would pass him in the hallways at the same time he was doing such a horrific thing to me is so scary.

And sadly, I wasn’t the only one he did this to. There were 12 other victims, two of whom also went to school with us. I haven’t been able to confront him, and I don’t know that I want to. He plead guilty to hacking and extortion, and a trial date has been set for next month. I’m not sure what his sentence will be.”

A woman has her video surveillance Ring setup hacked after using a leaked password:

“After a Brookhaven couple’s Ring security camera was hacked, the terrified woman said a strange man yelled that he was watching her via the camera. The doorbell company says that the camera wasn’t hacked, but that the couple used a password that had been leaked or compromised.

The woman, who didn’t want to be identified, shared the video from the incident with local TV stations and on social media. The victim said she and her boyfriend installed the camera to watch their dog, Beau, while they’re at work.

When she noticed a light on the camera, she texted her boyfriend to ask why he was watching, and he replied that he wasn’t. That’s when the stranger spoke to her through the camera: “I can see you in the bed! C’mon! Wake the [expletive] up!”

The couple found someone had hacked their account on four occasions.”

An individual in Chicago falls for a phishing email and loses $2000:

“Alison Senft of Kendall County says someone hacked into her bank account and used the Zelle payment app to steal $2,000. Then her bank told her there’s nothing they can do, and she can’t even get ahold of Zelle.

Reporters discovered the fraudsters used an email registered to a Big Ten university to carry out a phishing attack.

That stress started in late November, when she discovered someone had used the payment app Zelle to transfer $2,000 out of her Fifth Third Bank account just in time for the holidays.

“If I could find this person, I would show them my children, and say ‘This is who you’re stealing from. This is who you are taking money from,’” she said.

She filed a fraud claim, but Fifth Third Bank said the transaction appears valid and they won’t refund her, even though the recipients had a phone number with a California area code.

“Don’t know anybody there,” Senft said. “I have called Zelle, I don’t know, probably 20 times; but I cannot get in contact with a person. But Fifth Third just keeps telling me, ‘contact Zelle.’”

She did get a response when she sent a Facebook message to Zelle, from someone saying they’d look into it.

But then when she tried to follow up, she suddenly couldn’t message them, and she’s somehow blocked from commenting on their posts.

“I was so frustrated. Please just, like, let me talk to you, tell this story, and give me some sort of answer,” Senft said.”

Jim on coming across what he thought was a trusted website:

“A couple of years ago, I bought some clothes online. The company seemed trustworthy and had a HTTPS secured website. I felt safe entering my card details. When I bought my item, I received a confirmation email and got the item in the mail. Everything you would expect

A few weeks later I was woken up by my phone beeping. I had two-factor authentication and someone was making multiple attempts to log into my email.

This worried me, so I checked my banking app. I found multiple unauthorized charges. I called my bank to get my credit card shut off. This left me without any money until payday, and I had to borrow money from friends until then.

After contacting the authorities, I found out it was likely that the shopping website was a front, or was compromised. I had handed over criminals my email and banking information willingly. I felt sick.”

Paul realizes the danger of using the same password for all his online services:

“I was signed up to many online services, like video games, social media, streaming site etc. I’m not certain how my details were stolen, but I found out my credit card was no longer working with international purchases. I started getting emails that all of my monthly subscription charges couldn’t go through.

I called my bank and they told me my card had been blocked for suspicious purchases. For example, there was a charge for a Dollar General in California, but I lived in the UK, and had never traveled there.

I realized that I had used the same password for everything, so when it was compromised on one site, it was compromised everywhere. The hackers must have seen my associated email and tried it across different banks and websites.

The incident scared me into better habits. I used multiple different passwords, 2FA where possible, and a VPN. I know being 100% isn’t possible but I have peace of mind knowing I am much more secure.”

Tom from the US on being duped by a fake Amazon website:

“A while back I was looking to buy an expensive item from Amazon, but I wasn’t sure about closing the sale because the price information seemed outdated and I was unsure if the item would work with my other equipment.

I wasn’t sure how to contact the seller, and tried searching for a phone number for Amazon on their website, but couldn’t find any. So, I googled it. I found a website that seemed just like Amazons, it had the logo and website address that seemed to fit. It had a number which I called. The man who answered seemed genuine and seemed to care a lot about my situation. After a few minutes of conversation, he asked to screen share into my computer. In retrospect, this seems dumb, but I had done it with so many other companies I agreed. He said he couldn’t find the item on his database and wanted to see it on my computer.

He got into my computer. I am not very tech-savvy so I wasn’t sure what he was doing. I saw files moving across my computer, and he brought up what he said was my IP address, and told me I had a virus.

He said it would cost $200 to remove the virus. At this point, I knew the call was not legitimate. I called him out on it, but wasn’t sure how to remove his access from my computer.

I noticed a lot of the files on my desktop started being deleted rapidly. Many of these were years of memories and photos of me and my grandchildren. I panicked and pressed the shut down button to turn off the computer.

I tried using System Restore a few times but it never worked. I lost of a lot of memories and I was very hurt by what happened. I know that you shouldn’t click links on emails or on Facebook, but I didn’t know hackers and scammers could get you through a search engine”

Sandra on getting her card details stolen online twice:

“I checked my bank account one day in 2011 after receiving some alerts and couldn’t believe my eyes when I saw I was $5000 in debt on my credit card. I called my bank and they told me I had made purchases in Germany for high-end electronics, which I hadn’t.

The next time happened in 2017, where I had $11000 taken from my credit card for purchases in China – It wasn’t me again.

I thought the first time was a fluke, but after the second time, I have become much more cautious online. I now use a VPN and I’m very wary about links I click”

Mark on a series of threatening emails made against his family:

“A couple of years ago, my family and I started receiving some very threatening, blackmail emails. We even got emails from our own email accounts. The person told us that they had hacked our emails and had access to all our accounts.

They told us they could see everything we did online, including accessing adult websites, which we had not. They said they had accessed our webcam and had taken footage of us also.

They demanded thousands of dollars to not send images and our personal information around the web, but I called their bluff.

I was still worried because the person had access to our email accounts. I changed all our passwords and started using a VPN. We no longer get the threatening emails, and have more peace of mind.”

Rita on a hacker taking over her email account and using it to send phishing emails:

“A number of years ago, my email account was hacked. I believed it was because I had clicked on an email link I shouldn’t have. I also had the same password on many accounts, which meant the hacker could get into other accounts of mine.

I got alerts in work from purchases on my card and panicked. I logged into my email (the hacker hadn’t changed the password!) and noticed my ‘Sent’ list was sending what now seemed like bogus links to everybody in my contacts list. It was then I realized they had gotten into my email and from there into my other accounts.

I had to ask my boss for the remainder of the day off so I could work through things with the bank to reverse purchases. I was on the phone and went through several managers to try to get everything back.

In total, it took nearly a full week to get my accounts back, and there were a few I never did.”

Nathan taking a financial hit from what he suspects was a compromised website:

“A few years ago, I was on vacation with my fiance in Europe. One night, I got a text alert from my bank saying that my bank was charged almost $1000 for the purchase of a camera. I was suspicious of the text itself, so I call my bank. They confirmed the text was from them, and the charge really had gone through.

I talked for a while with my bank, but had to wait nearly a month for the transaction to reverse.

Thinking back, I had been doing research for work previous to our trip, and ended up on websites that were full of ads, and generally felt like they were sketchy. I believe I may have received a keylogger or some kind of virus from these sites that could catch my credit card information.

I am much keener on security now, I have heavily secured both my fiance and I’s computers and phones. We both use VPNs and take fewer risks online.”

A journalist from the US on falling for a classic coffee-shop scam:

“I was in a coffee shop not long ago, doing some work on my laptop. I connected to the wifi, not realising it was a fake access point set up by hackers. I ended up staying in the coffee shop for most of the day, and during that time I logged into two different bank accounts I had.

Only a few hours after leaving, the bank notified me to say one of the accounts was used to make online purchases around the country.

It was heartbreaking because I hadn’t seen the notifications when they came through initially, and by the time I realised it many purchases had been made.

It took a long time to work through the fraudulent transactions with the bank. It was a nerve-wracking and frustrating experience.”

Caleb on ignoring some transactions due to his use of Amazon:

“A while back, I saw some odd transactions of my bank account. This was during the COVID lockdown, and I had been making a lot of Amazon purchases. Because of that, I disregarded the transactions as items I bought and hadn’t arrived yet.

Over the following days, many more transactions came in – From websites ranging from womens’ cosmetics to fashion.

I realised it was a scam, and notified my bank and the police. I didn’t get a full refund, and the hacker made off with just over 500 euro.

I felt really stupid. I had been using a VPN on my phone for a long time but had stopped for a few weeks because I thought it was draining the battery. It was in that time the hacker most have got the information off my phone somehow.”

Josine on using the same password:

“I was hacked about a year ago. It was because I used the same password on multiple sites.

One of the sites was hacked, and the passwords were leaked. As far as I know, hackers sold these passwords to other hackers, along with the associated email address.

I began getting locked out of multiple accounts. Thankfully I did notice it pretty early, so I was able to recover all of the accounts.

I’ve since changed all my passwords, and have multiple. I’ve also used 3 different emails for different websites, just to be safe.”

Colin on a hacker using a script in tandem with his email and password:

“About two years ago, I got a notification from my bank that a $1299 charge had been made with BestBuy. I logged into my BestBuy account and saw the order, and it was due to ship to my address. I contacted BestBuy and they refunded my account. When they had, I changed my password and deleted my credit card information from their website.

Later on that night, I got an email saying I had a new Netflix login. I went to check out the account, and there was a new device on it I didn’t recognize. I disconnected all my devices and changed my password.

I went back to sleep and woke up to hundreds of emails – easily over 500. Every email was from a different legitimate website, mostly welcome messages. Obviously, it wasn’t me who signed up for any of them.

I used the same password for BestBuy and Netflix. I realized the hacker had gotten my details and possibly used a script to try to log into as many services as possible, many of which ended up being services I had never used so it just signed me up.

It took me days to go into every single account I had and get a unique password for each, as well as take my credit card info off the websites. For safety, I decided to cancel my card and get a new one too.”

Kevin on his girlfriend receiving a high-fidelity phishing text:

“My girlfriend and I have been saving up for a 6-month trip next year, using separate bank accounts. We live in a major city in Europe and rent makes up a large amount of our paychecks, so it can be difficult to save anything without cutting corners and being frugal at every turn.

Recently, my girlfriend got a text from her bank. She followed the link, and it took her to a high-fidelty page that looked exactly like the banks. She even asked me to look over it – We both work in IT and are very aware of scams. She entered her credentials, and the browser opened her banking app, making it seem like nothing was wrong.

A few days later, she realised 10,000 euro had been taken from her account – All her savings for the trip thus far. She was distraught, and I was angry at the hackers and myself for not picking up at it.

We went to the police and contacted the bank. The police told us they couldn’t do anything except put out a warning for others regarding the text. The bank told us they would need to investigate the issue which could take 72 hours.

We spent the next 3 days feeling extremely down and stressed. Thankfully, the bank reimbursed the money. We are even more cautious now, knowing that months, and sometimes years of worked can be wiped clean in a mistake that might only take a few seconds.”