A week ago, I spent close to 3 hours recovering my social media accounts from an ingenious person on the Internet. My dealings with this tenacious hacker are the subject of rebuke from most people who know me, but the conversation with this cyber criminal was interesting.
Let me tell you how it all started to provide context to this story.
On Monday of last week, I received a message from one of my friends on Instagram. The message from Sandy explained that she was participating in an online influencer contest and needed my vote to win. Being the helpful friend that I am, I accepted her request and stated that I was willing to cast my vote for her.
Sandy, or the person posing as her, gave me instructions on how to vote in this contest. It was as simple as sending her a screenshot of a message that I was about to receive from Instagram.
Trusting this request from an old friend and the inner workings of Instagram, I did as instructed.
The Realization of Trouble
Shortly after forwarding the screenshot of Instagram’s text message to me, I received an email notification of an unusual login into my account. Someone had accessed my account in Montreal, a city I had not visited in a while.
Thankfully, I had enabled two-factor authentication in all my accounts, and while it took some time to regain access to them, I recovered them fully.
You see, it wasn’t that someone had hacked my Instagram account (and potentially all linked accounts) that bothered me; it was more the realization that I had given them access to my social media that raised many questions.
In essence, the notion that they had hacked me made me wonder how vulnerable I was to intrusion.
So much so that I posted this to that same social media account.
The hacking was no feat of technological knowledge; it was a full and robust use of social engineering. This intrusion exploited my emotional vulnerabilities by appealing to my social disposition to help a friend with something simple – an uncomplicated gesture.
I will not explain the entirety of the ploy used against me here because it might prompt someone to use it against another person. But, I will say that I capitulated to the strong need to reach out to the person impersonating Sandy.
The conversation, which lasted hours, saw the exchange of ideas the hacker had used before, and they were open enough to show, statistically, their monthly success.
In the near future, I might share parts of those conversations if I decide that they don’t pose too much risk to innocent people on the Internet.
You can imagine how someone like me, who has made a long and lucrative career by exploiting people’s psychological and emotional vulnerabilities, felt after falling prey to social engineering.
It’s a reminder that we are all susceptible to manipulation in the proper context.
I felt silly and weak. And my friends who once lived in the underworld still mock my readiness to give in to simple requests by once-removed friends.
I don’t blame them for ridiculing me; similar mistakes have cost others much more than a few hours in front of a computer.
I’ll have more on this soon.