Innocent text message over dinner helps hacker infiltrate NSW business owner's account

A New South Wales woman who helped a friend after they were locked out of their Facebook account ended up falling for a scam that railroaded her small business page.

Patricia Lyons thought it was a "feasible scenario" when her friend contacted her on Messenger while she was making dinner, asking her to take a screenshot of a text message to help her get back into her account.

But the text message she sent back to her 'friend' allowed a hacker to infiltrate her woodturning business' Instagram, which took away an important marketing tool.

READ MORE: One image had coach banished from Facebook

The text message Lyons sent back to her 'friend' allowed a hacker to infiltrate her woodturning business' Instagram.

Australians lost more than $3.1 billion to scammers last year, according to the Australian Competition and Consumer Commission, but it's not just the dollar value that's at risk.

Lyons had followers all over the world and then found herself locked out of her account, watching her posts be deleted one by one from her son's phone.

She had also taken the necessary security precautions to keep her account secure, including a strong password and two-factor authentication, when she responded to her friend who had contacted her through her own account.

"She would arrange for the text to get sent to me and it stressed 'do not click the link'," Lyons said.

"All I had to do was screenshot the message and then send it to my friend on Messenger, and that would prove that we are friends.

"What I didn't know was that there is a screenshot hacking scam out at present."

Lyons said once she sent back the screenshot, the hackers were able to access her phone remotely with a session token.

"On my phone, of course, I never log in and out of Instagram, which means the session token was open for them to go in," she said.

READ MORE: How hacker's chilling webcam takeover left Aussie business in tatters

READ MORE: Why you should never charge your phone at free airport stations

Lyons believes it is possible the loss of followers has affected her future sales and while she has a new Instagram account, she does not have as many followers as she did before.

Small businesses can be particularly vulnerable to hacking due to a lack of resources and dedicated IT departments, according to My Business general manager Phil Parisis.

The latest data from Microsoft shows hackers are conducting 921 password attacks every second, a 74 per cent increase from 2021.

Parisis said weak passwords are "one of the top causes of data breaches and cyberattacks" for small businesses.

"Make sure staff undergo regular security training exercises to follow password hygiene best practices, including identifying and reporting suspicious emails and messages" he said.

Two-factor authentication is also strongly recommended for extra protection.

Lyons' advice to other small business owners is to "confirm everything first".

"If it's something different that doesn't happen every day, ignore it or confirm with the person via a phone call that it's them."

Sign up here to receive our daily newsletters and breaking news alerts, sent straight to your inbox.

Related Posts

Innocent text message over dinner helps hacker infiltrate NSW business owner's account
4/ 5
Oleh