Don’t Get Hacked Abroad: 5 Horrific Stories of Internet Fraud & Identity Theft

It’s an afternoon like any other, and you’re working away busily on your laptop, when suddenly this appears in the middle of your screen:

“Your files are encrypted. To get the key to decrypt files you have to pay $500 USD.”

It’s a joke, surely? But you’re not allowed to click it away, and you can’t access any of your files anymore.

Welcome to the nightmarish world of ransomware, where a virus-like piece of software infects your system and locks it down until you pay up. The longer you leave it, the more the price goes up—and as New York Times writer Alina Simone’s mother found, even the process of paying up is fraught with misery.

How You Can Prevent This From Happening

One way you can protect yourself from ransomware is by treating it like a virus—by installing a credible antivirus service (for example, AVG, avast! or even Bitdefender’s flagship antivirus software) and keeping it updated.

Another smart thing you can do is habitually backup your most important data into a secure cloud-based service (I’m a huge fan of Backblaze). If you can recover everything important, this nightmare turns into nothing more than a nuisance—and you can wipe your data, clean your hard-drive, change your passwords and get back to work without having a dime extorted out of you.

This is the DEFCON 1 of internet security breaches: when someone steals your computer from right between your legs.

Let’s be clear here. These days, hardware theft isn’t just the loss of a few hundred dollars of tech gear (or, if you buy Apple, a few thousand). It’s what’s on that gear that has the potential to keep doing you damage for years and years to come. Think about what’s on your device right now. What’s here?

Saved passwords? Phone numbers, addresses, personal messages? A few naked selfies? Maybe more than a few?

Luckily, there are powerful and highly satisfying ways to turn the tables and get your stuff back.

Enter fellow travel blogger Matthew Karsten, who had his laptop stolen in Panama City. An avid follower of the Golden Rule of Internet Security, Matthew had previously installed a piece of tracking software called Prey Project. He activated it, and he waited for the thieves to boot up the stolen laptop.

Three months later—bingo.

Prey Project gave Matthew access to the laptop’s camera, allowing him to spy on the thieves and take screenshots of their faces that could later be used to prosecute them. But in fact, he never needed to. With the help of readers of his blog, he tracked the thieves down and confronted them—and they handed over his laptop without a fuss.

He even got photos of the thieves picking their noses and browsing the web for transvestite prostitutes. The full, glorious story is here.

How You Can Prevent This From Happening

The lesson is obvious: you can’t do anything once your stuff has been lifted, so you have to adhere to the Golden Rule and install tracking software and other security measures before the proverbial brown stuff hits the fan. It’s your best hope of getting your stuff back—and as Matthew Karsten can attest, it really, really works.

(This should also teach you how vulnerable your webcam can be! Treat it as permanently “live” and don’t discuss or show personal information in front of it.)

If someone can intercept your private data, they may gather enough of it to convincingly pretend to be you. They can use that information to withdraw money, sign up for credit cards, and make purchases online. It’s better known as identity theft—and it affects approximately 15 million people in the US every year.

Take the story of Amy Krebs, victim of an identity thief who managed to open more than 50 accounts for credit, purchases and utility services—all under Krebs’s name and address, sending everyone straight to her door when it was time to pay.

Her impersonator was eventually caught, but because of local laws the thief escaped jail time—and for Krebs, the road to vindication was a long and distressing one:

“When you are a victim of identity theft, you are put in the position of having to prove who you are to a greater extent than the criminal had to to get goods and services. You’re treated like you’re trying to get out of paying for something.”

(Thankfully, not all identity thieves are clever enough to get away with it.)

How You Can Prevent This From Happening

First step: be aware of attempts to tamper with your data. Leading the pack is the aforementioned Bitdefender BOX, which I outlined here last year. This internet security solution will protect every single device connected to your home network, scanning for unusual activity, blocking intrusions originating from suspicious web addresses, and giving you secure access to its diagnostics even when you’re not at home.

Next—and this is the one everyone messes up at some point—avoid using the same passwords for different accounts! Use a reliable password manager (I use Dashlane) or create your own system for storing and remembering different passwords.

Lastly, most importantly, and hopefully most obviously, be careful about giving personal details in a non-secure channel online, and never give passwords, bank card details or other confidential information over an unsecured connection. (For online payment services, look for the padlock symbol in your browser’s URL frame, along with “https”, suggesting a secure link.)

If they’re asking for truly confidential data, they’re guilty until proven innocent—so make sure they’re absolutely, 100% who they say they are before you do what they’re asking you to do.

Yes, really. The right (or perfectly wrong) code placed in the right place can force your hardware to do things it was never meant to do—and damage it irreversibly.

Take the Mac. Macs are famously locked up tight against malicious attacks—but no computer is perfectly safe, as security researcher Charlie Miller discovered in 2011. Thanks to a firmware vulnerability, Miller was able to fry the batteries on a number of Apple laptops.

Hackers now have the ability to access your devices and overload their hardware to the point they melt or even explode. Think about that for a second. Think about where you put your phone when you go for a walk (tip of the hat to Samsung Note 7 users). Think about going to your laptop in the morning and finding it’s been reduced to metal junk. Think about losing it all.

There’s no way back when that happens.

How You Can Prevent This From Happening

Due to the severity of this problem, hardware manufacturers are on high alert for these kinds of vulnerabilities, and usually very, very quick to issue updates that fix them. Your job is to install those updates as soon as they’re available.

Never leave those updates queued up.

The oldest trick in the book is to send you an email that looks just legitimate enough to be plausible—and gets you to click a link that cracks your security wide open.

And it’s the oldest trick because it still works, time after time. Even consumer issue experts fall for it, like this one from Which? magazine in 2012. But nothing gets close to the blunder the CEO of FACC, an Austrian aircraft parts manufacturer, made in 2016.

Using a form of scam e-mail called the “fake president incident”, thieves convinced CEO Water Stephan to transfer money to an account for an apparently-authorised but secret acquisition project. The sum? 42 million Euros ($47 million). Yeah. They company managed to block around 11 million Euros from being transferred—but the rest? Never seen again.

Needless to say, FACC now has a new Chief Executive Officer.

How You Can Prevent This From Happening

Spam filters to maximum! Treat any unsolicited e-mail with suspicion, especially if it contains links and attachments, or if something looks….off, somehow. No reputable online service will ask for your secure details over an unsecured line, so that’s a dead giveaway.

Next, if you become aware that an email is spam, don’t just delete it—tag it as spam, forward the e-mail to the security team of the company it’s pretending to be from, so they can investigate and take action—and then Block the sender.

Next, monitor suspicious activity from certain email addresses and websites. Bitdefender blacklists malicious websites, so that’s a good place to start. Also, get used to looking at the e-mail addresses of the e-mails coming your way—it’s usually easy to spot the spammy ones (say, [email protected] or [email protected]).

But above all, cultivate a healthy skepticism for any “too good to be true” offers or requests for sensitive data that come your way.

Your best defense is your wits. Use them wisely.