no script

It’s that time of year again when people want to be scared by stories of ghosts, ghouls and monsters! These stories can give us chills, but what about the real horrors that wait for us out there on the internet?

Like ghosts from horror movies, hackers and cyber criminals are out there constantly seeking a way to enter our (digital) world. They want to access your Facebook, your Instagram, your Paypal, your Amazon, your banking websites: everything. They might even use your information to try and hack your friends and family.

Scared yet?

Check out these 4 cyber security horror stories, below


Invasion of the Facebook Account Snatchers!

The Horror Story

You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed.

You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work.

Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account.

Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access.

Somebody has stolen your digital life from you!

The Reality

This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief.

So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years.

This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back.

What can you do to prevent this?

You should check your security settings on your Facebook account.

  • Check for any connected email addresses and remove old ones.
  • Make sure you have two-factor authentication enabled.
  • Lock down privacy settings to prevent people from using your Facebook account to gather information about you.

The Silence of the Phones

The Horror Story

You’ve had a great weekend up in the mountains, enjoying the clean air and beautiful weather. You phone hasn’t rung once, and you honestly haven’t missed it.

You pull into the driveway, and suddenly your phone blows up with messages, emails and notifications. It seems your bank card’s PIN has been changed and multiple withdrawals have been taken out of your accounts.

How was this possible? You set up two-factor authentication for all of these services, nobody should be able to access them without a code sent only to your phone.

You immediately call your bank, only to find that you have no cell service. You only got these messages because your home wifi connected. You can’t make or receive calls at all! Somebody has stolen your phone number. And with it, your bank information, your social media accounts, your email.

You see messages pop up from some of your friends, wondering why you’ve been asking for so much money…

The Reality

This is exactly what happened to Christine, who writes the Her Money Moves blog. She suspected that hackers somehow got to her money through her use of a mobile banking app, despite the fact that she never saved her password in the app.

It’s impossible to know how exactly they got access to her banking information, but they certainly took control of her phone number.

This kind of theft is becoming more and more common. With a few basic pieces of information, like the last four digits of your Social Security Number (perhaps from a website breach), somebody can impersonate you when calling your cell service provider. They might even go so far as to walk into a cell phone store and impersonate you, complete with a fake driver’s license.

Once they have your number attached to their phone, all of your two-factor authentication becomes meaningless.

What can you do to prevent this?

It might seem like there’s nothing you can do here, but there are a few important preventative measures you can take.

  • Call your cell phone company and set up a “verbal password” or PIN.
  • Make sure that this password is required for all account changes.
  • Make sure that web access to your account is highly secured and also uses two-factor authentication.
  • Once this is completed, try to hack yourself. Call you cell company from a friend’s phone and see if they’ll let you make changes without the pin.

210 Days Later

The Horror Story

You wake up one morning and find yourself locked out of your Instagram. Checking your feed, you can see that somebody has been deleting your photos, uploading other ones.

Somebody has stolen your Instagram account. You don’t want to care, but it’s an important part of your professional life. You had a verified account, surely it can’t be that hard to get it back.

But the company is run by ghosts. Nobody responds to your support requests. You try their website, but the “help center” is useless. Every article leads back to an article you’ve seen before, a form you’ve already tried. You wander this maze of “help” pages endlessly, submitting forms and getting no response.

And through all of this, nobody will talk to you. Not one single human has reached out to you about your issue. Days turn into weeks, and you try everything again. Weeks stretch into months. Still no response. You try every help form again, and again, and again.

Finally you realize that you are alone. Nobody is ever going to help you get your account back. The only replies you can expect are from robots: cold, uncaring, and unable to help you.

The Reality

Rachel Tsoumbakos detailed the arduous process of trying to get her account back in this blog. She submitted form after form, tried every support address she could locate, and nobody would help her.

Her blog chronicles months on end of trying to get her account back, as well as the process that finally helped her get access. Eventually, in the depths of the “lack of help” center as she calls it, she found this link: https://help.instagram.com/368191326593075 (but you may need to access it from your phone, not a PC).

She was contacted by what seemed to be a person but was probably just a bot, asking for a picture of her holding a hand written sign including a code they’d sent her. It took a few tries, and she found that writing in thick black marker was what did the trick.

After 7 months of waiting, she was finally granted access to her account again.

What can you do to prevent this?

First, do everything you can do lock your account down. The best way to deal with this is to prevent yourself from getting hacked in the first place. See our instructions for Facebook above, which include:

  • Check for any connected email addresses and remove old ones.
  • Make sure you have two-factor authentication enabled.
  • Lock down privacy settings to prevent people from using your Instagram account to gather information about you.

If you’ve already been hacked, here are a few Instagram resources:


The Purge

The Horror Story

After countless hours spent grinding enemies, you have amassed a Runescape collection rivaled by none. Some would say it’s just a game, but for you this is your life. After two years devoted to the game you’ve earned friends, fame and lots of money!

So when you see an ad for an app that will finally let you play Runescape on your phone, you can’t believe how lucky you are! This is just what you’ve been looking for. You click through, and are directed to what you think is the legitimate Runescape website to fill in some information.

They ask for your username and password, so you enter those first. You’re so excited that you don’t even bother to make sure you connection to the site is secure. When the next screen asks for your in-game bank PIN, you find it a little odd, but you can’t wait to get going so you enter it anyway. You authenticate your account, ready to be able to play your favorite game any time.

The next morning, the reality of your mistake becomes clear. You log in to find your bank account and character have been completely cleaned out. All 19 million dust runes, 4.2 million Marrentill herbs, 347,000 cballs, over 7,000 bandos pages, 106,000 potato seeds, 20,000 dwarf seeds… everything is gone. And all because you fell for their scam.

The Reality

You might think that after such a blow, quitting the game would be the only sensible answer. Instead, this experience helped reddit user zedin27 to enjoy the game all over again. Kudos to zedin27 for being an indefatigable optimist!

So how did it happen? This was a fairly complex phishing attack, using an ad as the entry point instead of an email or Facebook message. If zedin27 had been careful to check the page’s URL and make sure the site was secure, he would have noticed something amiss. As we covered in our blog on 7 Cyber Security Tips for Anyone Who Uses the Internet, pages designed to mimic real websites are easy to spot if you’re on the lookout.

What can you do to prevent this?

Phishing attacks are everywhere. Here are a few ways to protect yourself.

  • Be suspicious of links and attachments. Make sure the sender or website is who you really think it is.
  • When filling in forms, check for HTTPS in your browser. Usually you should see a lock icon if the site is secure. This is especially important for any financial sites or transactions.
  • Check the URL to make sure it’s really the site you think it is.
  • If something seems “phishy,” don’t follow any links provided. Open a new browser page and go directly to the site in question. This will prevent you from going to a faked version of a site you use often.

Cyber Security Doesn’t Have to be Spooky!

Are you interested in cyber criminals, what they do, and how they can be stopped?

A career in cyber security could be perfect for you! LeaderQuest offers accelerated training designed to help people with zero experience gain the skills and certifications they need to get hired in IT. Advanced cyber security positions will require more experience and training, but now is the perfect time to start.

If you’re interested in IT, click on the link below. We’ll contact you and walk you through a career assessment to see if IT is right for you!

GET STARTED