It started on August 4. My grandson, a college sophomore, and his girlfriend were playing video games in the living room. I was working on the first draft of my third mystery when an alert from my bank popped up on my phone. There were two charges that weren’t mine. The largest charge was from a nightclub in Las Vegas. I called my bank and explained I was in California and that was not me. They cancelled the card and I walked into the living room and told the two teenagers about what happened. I thought this was a teaching moment for young adults just beginning to handle their own accounts. I remembered joking that maybe I should be in Las Vegas.
Grandson left for college in Colorado and about a week later a new card came. I used it once to get the oil changed in my car. That’s when the bottom dropped out. The next day another alert popped up on my phone. My new card was used: $50 at Taco Bell and $800+ at a Home Depot store about 30 miles from my house. I called the bank again. They cancelled the card again. When I asked what was going on and how could I prevent it, I didn’t get much of an answer.
A day later, when I tried to sign into Comcast to read email, I couldn’t. My password had been changed. I went in and changed it back. An hour later, it was changed again. The hacker who I will call Null and I went back and forth about ten times during the day. Eventually, Null went to sleep, I guess, and everything quieted down. I began to change passwords for my accounts, primarily one other bank, a healthcare account and a few other things. The next morning, my Comcast password was changed again. (And yes, during this I was calling Comcast customer service for help.)
By now, I was in panic mode. A friend recommended that I call the credit agencies and put a freeze on my accounts. I did that immediately. That was the first positive thing I did. Then something strange happened to my landline which is part of my Comcast account. The phone rang once and after half a ring, it stopped. There were no messages left. I began to browse online through my Comcast account, hit the button for settings and saw that my calls were being forwarded. I unclicked the forwarding button, wrote the phone number down, saved the changes and called the number. It was nothing but a full mailbox. Then three alerts popped up on my phone from bank 2 which only has a credit card associated with it. One was for a purchase made from a mobile phone. The other thanked me for opening an account to pay all my bills. I called that bank immediately and they bumped me up to the head security honcho who shut down the whole account. She mentioned that since there already was an alert (from the credit bureaus) on any accounts, the purchase of $900+ didn’t go through. They gave me a verbal password to use the next time I called in.
I have an excellent internet security program (or so I thought) and I ran a long scan, about five hours. It turned up Nothing. Nada. Zilch.
During this password changing game I played with Null, once I signed on and the opening page was all in Spanish. Null had made a mistake. He had forgotten to change it back. Later that day, my healthcare system began to call me and leave recorded messages in Spanish.
By this time, I wasn’t sleeping at night. I needed to do something, but I wasn’t sure what. I began to reach out to friends for help. That was the second positive thing I did. One suggested resetting the modem. Didn’t help. I traded in the old modem for a new modem at least two times. Made no difference. It was then I realized that spyware was in my computer recording key strokes. I went to the local police and filed an incident report. I even talked to the officer in charge of fraud.
Computer savvy acquaintances said to shut down my computer, unhook the modem and do all my password changing and online banking from somewhere else. That was the third positive step I took. I spent numerous hours at my son’s house using his computer and Null was seemingly frustrated. I would check my Comcast setting daily to make sure the main password was secure, and the call forwarding was disabled. They were, but I did find that copies of my emails were being forwarded to a g-mail account. I turned that off and changed my password again, probably for the 15th time. I passed the email address along to the police.
I was beginning to feel somewhat secure when I noticed that if I signed into Comcast on my cell phone and forgot to sign off, another user named Null was signed on. It took many hours before I reached Comcast security, but eventually they picked up the phone and they found an app had been activated, telling my hacker whenever I signed on. They deleted the app and my phone became my own again.
There I was, virtually secure, I hoped, but with an unusable computer. A techie friend stepped up and put in a new hard drive. Bye-bye spyware. Currently, I am tentatively using my computer, still doing online banking somewhere else, but changing some inconsequential passwords on the updated computer. So far so good.
I hope you are still reading. I know this is long but these past two weeks were a nightmare. I didn’t lose any money, but I lost a lot of sleep and peace of mind. And time. I lost a lot of time. I want to tell you what I have learned.
1. Don’t use the same username and password for all your accounts. I did. The spyware that infected my computer loves names that don’t change. If it finds one password and one username, it scans your computer. Guess what pops up? All your other accounts with those same usernames and passwords.
2. Don’t automatically click on weirdo links or any links. If you receive an email from your bank or Amazon or Microsoft, for that matter, call them and find out if they contacted you.
3. Sign up for two-step verification. That saved Null from getting into my Amazon account.
4. Besides banks and healthcare, don’t forget to alert other accounts like department stores or home good stores, essentially any place you have an account. Tell them what is going on and ask to put a freeze on all your accounts until you call them back.
5. Use your network of friends as your first line of attack. Mine sent me in the right direction.
If this happens to you, act quickly. Null and his hacker buddies know that you will eventually figure it out and shut things down. In this case, time is not your friend.
Now that all accounts are secured, the mystery writer in me, wants to find Null. Maybe I’ll go sit in the Taco Bell where he spent so much of my money (the bank’s money, actually) and suss him out. More than likely, this whole ordeal will show up as a secondary plot in the book I’m currently writing.