BEFORE your mind goes to a dark or rude place, in cybersecurity language, Pwed, loosely translated, means that one's email account has been breached and exposed to hackers.
Image: Supplied
BEFORE your mind goes to a dark or rude place, in cybersecurity language, Pwed, loosely translated, means that one's email account has been breached and exposed to hackers.
I am not technologically inclined.
My expertise amounts to receiving and sending a basic email. I cannot do powerpoint or spreadsheets, and what not.
Whenever I face a computer-related challenge, I call my daughter in the UK and try to explain my dilemma, and most times she is able to help me.
When all else fails, I book an appointment with a technician to seek help. These young people can solve IT matters in an instant. I’m sure they laugh at me when I arrive with my handwritten questions and then write down how they resolved my problem in longhand, so that I have it handy the next time I’m faced with the same challenge.
Red flags
Anyway, there were a few red flags that I missed. On Sunday, April 19, I booked some tickets online, for the Protea Women’s cricket game.
I received my tickets via my email and went off to enjoy the afternoon. Later that evening, not having much to do, I decided to watch a movie on a streaming platform.
The first question that came up on the screen was: is this your account? To which I replied: "yes." The response on the screen was: “a PIN will be sent to your email. Please enter it to access your account.”
So I waited for the email. Nothing. Checked my phone and computer several times. Nothing. Called my daughter to ask if she had perhaps changed the settings remotely. Nope. So we all concluded that it was probably the server or poor signal. First red flag.
I tried to log on the next day, still getting the message that a PIN was being sent. Again nothing. So I call up my email service provider. After a wait of almost one hour, a consultant finally answered. He took me through a few things, adjusted the signal on his side, and told me to give it about one to two hours, and it will sort itself out. He toddled off, and I waited and waited. Nothing. No access. Still, no alarm bells were going off in my head.
A week earlier, I was constantly receiving emails stating that my mailbox was full. I had just deleted those mails without thought. Second red flag.
Anyway, come Tuesday, in a spark of alacrity, I remembered these funny emails, and decided that perhaps, yes, my mailbox was indeed full, and proceeded to delete old mail. My husband was out running errands while I was doing this. He sent me a message saying that he had received an SMS that my email password had been changed and there was a new password. (He got the SMS because he is the account holder). I replied that I had not changed anything. Third red flag.
When he got home, I told him that I hadn’t received any emails for the past three days. He decided to “chat” to the service provider. Well, that chat didn’t yield success. Some chat bot who probably uses AI to get answers was just wasting my time.
‘Mam, you have been hacked.’
I decided to take matters in my own hands and actually call the service provider again to ask what was going on. After a 45-minute wait, a delightful young man by the name of Ryan answered. I explained the problem. His first reaction was: “Mam, we do not send new passwords. You have been hacked.” Not the most comforting response, but nonetheless, he said: "don’t panic, we will sort this out."
He took me through the process in a very patient manner. On his instruction, I opened settings and followed his prompts. I had to check sent emails.
Click false. Then go to a section which said “phrases/words”.
To my utter surprise, there were 43 keywords in that folder. A few words like “bank, invoice, receipt, pro-forma statement, to name a few. Ryan told me that as soon as I use any of those keywords, the hackers are alerted by activity on my email.
And that is when they spring into action. If they are successful, one’s personal information, banking apps, tax stuff, online shopping and social media accounts can be accessed.
The new email that the hacker had set up was a simple “n”. So my email was hacked either when I had bought the tickets online or when I had tried to log on to the OTT platform. He had me take photos of each step so that if my banking app had been compromised, I would have proof that my email had been hacked. Anyway, following a reset of a new PIN, it would appear that my problem has been sorted out.
While I have heard of stories of other people being hacked, I was rather complacent and should have seen the red flags sooner rather than later. Ryan told me that he received at least a dozen calls a day from people whose accounts had been hacked. What I learnt from talking to him is that one always has to be one step ahead of the hackers. This is their living.
Valuable points
Some valuable points which I picked up during our conversation was do not use a PIN which is easy fodder for hackers, like your pet’s name or birthdays (neither of which I used). Always check your sent folder – hackers send emails from your email address to people on your contact list and ask for money or to click on a link.
Be mindful of emails where a lawyer from some foreign odd-sounding non-existent country tells you to contact them as some long lost (unknown) relative has left you a fortune. Of course, you have to pay a “commission” before you can access the fortune.
Beware of online competitions which will require your email and telephone number.
Some time back, I received a few telephone calls from Bloemfontein International Airport – customs department. Apparently I had sent a parcel to India, but it had been flagged as it contained drugs. To release the package, I had to pay a “fine”. I had great fun leading them on. The scary part was that they had my full given name and identity number. Eish, these scammers are too smart. They play on emotions by sending you an email saying: “I’m watching you.” Given that we live in a country where crime is spiralling, anyone saying that they are watching you is sure to raise one’s blood pressure.
Many among us cannot do without wi-fi, and of course, free wi-fi is available at malls and coffee shops. And we log on much to the glee and delight of hackers. Best not to take anything that is free. There’s always a price.
Ryan suggested enabling a 2F authentication, like a thumbprint or facial recognition as well as a PIN. That bit I knew because my bank had showed me how.
My takeaway from being Pwed is not to be complacent, and be aware of red flags even if it looks innocent. That’s where they get you. Of course, I had to inform a few close relatives and friends not to respond to any email supposedly from me asking for money, and to inform me if that happened.
I count myself lucky that my banking apps were not compromised in any way. It’s just the effort of waiting on hold, for up to an hour, listening to terrible music and being reassured that I was first in the queue. But then again, if Ryan spent almost 40 minutes with me while I negotiated his instructions and wrote everything down in longhand, I could understand why the wait to speak to a consultant took so long.
Until the next time.
Dr Sandy Kalyan