08/07/2025
The anatomy of a cyberhack.
WARNING:THIS IS A LOOOOOONG READ!
This started last week. I'll give a play by play so you can understand how these things play out.
Last week on Friday, at about 6pm, a client text me that he has some issue with trying to restore his Coinbase account. He said "they" were in his computer for an hour and then disconnected.
This immediately seemed odd to me since Coinbase wouldn't be connecting to client computers to help them, I thought. MAYBE they do now, but it's outside of their purview. They are a "bank" and not a tech support company. I think maybe since crypto accounts can be high dollar, they started helping clients to make sure their account hasn't been hacked, etc. But still seemed unlikely. The only companies that would connect to client computers would be Microsoft, Apple and remote tech support companies like mine.
So I ask him why Coinbase is getting on his computer and what number he called to talk to them. He doesn't reply and then on Saturday at 5:30 pm he responds that it seems to be working OK. I again ask him what number he called and stated that 3rd parties don't usually access computers for remote support. Again, he doesn't respond.
So finally on Monday at 5:15 pm we get on a phone call together since he had some other minor problems to fix and I wanted to see about fixing those and I also wanted to ask about this Coinbase issue. I thought it would be a 10-15 minute call. Well, it blew right through my exercise time (I still did my exercise) since the call lasted until about 7:30 pm.
So, now finally, is what happened. He hadn't use his Coinbase account for several years and was trying to login. He couldn't reset his password, so his wife started to help him. Like most website/companies these days, they don't just post a 1-800 number on their page to call them. I get it. With Internet based companies, they can have millions of clients/customers and if they had to handle a phone call for every issue, they'd need thousands and thousands of tech support people. By not making it easy to call on the phone, they w**d out the issues that aren't that important and the issues that people fix with self-help and the issues that clients find answers from someone else, like me, etc.
His wife search on Google for phone number for Coinbase tech support. As many of you know, and many people don't know, hackers will get results in search engines that have fake numbers. I've had clients call fake support for NETGEAR, Google, Apple, and now Coinbase. These hackers are sophisticated. They know each phone number and which company it relates to. So when they answer, they can say they are Coinbase tech support. Even if they aren't sophisticated, they can just answer the phone and say tech support and the client will spill the beans and say, I'm having trouble logging into my Coinbase account so they then put on their Coinbase hat and pretend to be Coinbase tech support.
[On a side note, another client had trouble getting into his bank account. While I'm talking to him on the phone, his phone rings and he answer it and assumes it's the bank tech support and just starts telling him his problem. He said it was the same guy he talked to the other day, so maybe it was legit, but the guy on the phone (I could hear) didn't introduce himself or give his name, etc. I resolved that problem for now since the bank couldn't even fix his 2-factor properly.]
So back to this Coinbase client. Once I determined that he had a hacker access his computer, I said we'd need to wipe his computer clean since hackers now install remote software and sometimes install a second more hidden (less detectable) piece of remote software. This software can take screenshots and send them to the hacker. It can log keystrokes like passwords and send them to the hacker. It can search for and transmit files to the hacker in the background. It can do these things without slowing down the computer and file sending can be very slow to not use up a lot of Internet bandwidth.
So I get on the computer with the client and first find the history where they searched for the Coinbase number and could tell it was fake. I said we need to contact Coinbase to see what else to do. They said we can't contact them. I go to the support page and look around a bit and get to the contact us page and then there's a few questions and then finally a prompt to call my client. We click that and within 5 minutes, they called. My client missed the call since it didn't ring (since we were on the phone, so it probably did the call waiting beep which he missed) so we did a few things like waiting and requesting a new call and we finally got their tech support - the REAL Coinbase tech support.
This is where more problems developed since the tech support is not the best. There was a little bit of a language barrier which I'm good at navigating (lots of practice over the years) and she recommended locking the account. I said that we already have access to the account so what will locking do? She said that it will be locked and the client will need to send verification info (driver’s license and 3D face picture) to unlock the account. Well, that wasn't working properly and for now, my client can't get into his account. So, he HAD access and by locking it he doesn't now. Sure, a hacker can't get in either, but once it's unlocked, if a hacker gets the password and redirects his text messages to get the 2FA code, he can login.
The odd thing is that the hacker was in the computer and could have transferred the money and he didn't. It was in the 4 digits amount so not peanuts, but still a good prize. Maybe he was hoping to get more. The back account wasn't connected to Coinbase so maybe he was hoping to get the bank account reconnected and then buy more Bitcoin and THEN transfer it out and get a bigger payday.
At one point, my client said that the "tech support" (i.e. hacker) fixed him account since he could now login. I stated that may be the case, but he's still a hacker and was in your computer. Just because a locksmith (who turns out to actually be a thief) fixes the locks on your house, doesn't mean he's going to exact more damage and theft later. And I think his wife was the one who finally fixed the login. The problem was that the reset emails were going to the spam folder and she didn't see them.
Had they called me I could have tracked the emails to see if they got delivered and I would have check the junk mail folder anyway, since I know to do that.
So in the end, this was a combination of leaving an account dormant for a while, trying to get back in, not knowing where the reset emails went and then getting a wrong number for support and letting a hacker on the computer.
Had they just decided to contact me to fix this problem which was more serious (involving actual money) than the other problems that needed being fixed (such as finding the photos to put them up as wallpaper), I could have mitigated the problems from the beginning and not spent the first 2 hours and 15 minutes on the phone at the end of the day 3 days later.
He doesn't want to go through the hassle and pay to wipe the computer clean. I've done as much as I can to clean things, but I cannot guarantee anything. There's no way I would know the 100 places to look for malware on the computer that even automated scanners cannot find.
Now, why did I write all this? I want to let you all know how easily and quickly things can go sideways and how costly it can get to fix things after the fact. This is a problem like leaving the bath running on the 2nd floor with the drain plugged and leave the house and forget about it. You come back to a flooded downstairs with 10's of thousands of dollars in repairs.
In the near future, I will make up a flyer you can print. If you are so inclined, you can give to mainly to the elderly you know: parents, grandparents, friends of your parents, etc. I will outline some simple steps to take and I will put my phone number on it. I will answer any quick questions via phone or text or email such as is this email legit, if this text for real, is this phone number for this company the real number, etc. If I don’t answer right away, it’s not a big deal. Most issues are not that important that they must be handled right this minute. The hackers will get mad at you, like they did with my client, if they say they are uncomfortable with what’s going on. They use fear and psychology to intimidate. Most of the time (like 999 times out of 1,000) these emails, texts and phone calls and fake security message that pop up on s screen are fake and you're safer ignoring them than acting on them. What's the worst that will happen? If your mailbox fills up, you stop getting email and it can be fixed. If someone calls fake text support and gets them on their computer, the damage can be great. They can monitor the computer for days, weeks, months and build up and attack plan and then one day, strike out and transfer all the money, lock the Apple or Google account which basically renders the phone useless and take over Facebook and other. online accounts and move on to trick and infect more people.
There are no exact stats on the money lost by elderly (over 60) to hacks, but some numbers are between $4.8 billion and $28.3 billion with a B! And those numbers are most likely underreported and some losses may not be reported at all. To me, this is WWIII. We have enemy nation states attacking our elderly (civilians) on a grand scale and getting billions of dollars to fund their country. North Korea, for instance, makes a lot of money this way by state sponsored hackers that turn the money over to the government to buy weapons, etc. This has to stop.
If you have any ideas of what might help, let me know. I’m only one person and I can help everyone. Perhaps some phone service for the elderly that can approve incoming and outgoing calls for the elderly so that they don’t get connected to the wrong people? Software can only do so much and any methods to block the hackers are quickly met with the hackers coming up with new ways around the blocks. It’s a cat and mouse game.
