Hacked


For those of you who are in my e-mail address book for my personal account, you probably already know by now that my account was hacked this weekend.

It was a simple e-mail message, with no subject line, no body, no signature. Just a hyperlink. Anybody who knows anything about me knows that I don't do this. As a writer, I am compelled to write something that would set up the link. Ninety-nine percent of the time, I have a subject line. The only time I leave one off is if I get caught up in writing the message and forget. But that's rare.

Luckily, many of you figured that the e-mail was not from me. Thanks to those of you who brought the matter to my attention.

This is the first time in almost 20 years of having an e-mail account that I've been hacked. I felt violated. I was pissed. I created my Roland Axam account, hoping that I could avoid spammers and junk mail. I didn't give much thought to hackers, and I guess that's the thing about being hacked: you never know when it can happen and there's probably not a lot you can do to guard against it.

A couple of years ago, I received a call from my credit card company. They told me that there had been some atypical activity on my card and wanted to confirm that I had performed the transactions. But first, they wanted to ask some security questions, starting with my mother's maiden name, which I immediately provided.

"That's incorrect," I was informed. "You had recently changed your mother's maiden name."

Now think about this: my mother's maiden name had been changed. The name that she was born with was no longer valid.

"How does someone change a maiden name?" I asked. "Tell me how that's possible."

"Hmm... " pondered the representative, the gears turning, the idiocy of the situation taking shape. "Can I have your address?"

I provided the information. Again, it was incorrect.

"You called to provide a change of address and requested a secondary cardholder card."

"What information was provided to make these changes? My birth date? That's common knowledge. What else had been asked? Did the person know my mother's maiden name? I mean, the name that you had on file; not the name he changed it to?"

"I don't have that information, but he must have had enough information to get the address change and the secondary card. So I take it you didn't make a purchase at Best Buy in Toronto for $13,000? Did you get a cash advance for $5,000?"

"No and no!"

And thus began my first incident of identity theft. It took some time, but the charges were reversed, a new card was issued, and my credit remains untarnished. And I implemented a few added security precautions: if I go into a branch of my bank to make a change to my credit card, I must provide my passport and I must speak provide a verbal password. On the phone, I have two verbal passwords. If I don't get any one of them, they are to deny me (more to the point, the imposter) any service.

For my e-mail account, I have changed my password and have implemented a security feature where an access code is sent to my smartphone whenever my account is accessed from a computer other than my usual three.

This hacker was somewhere in Vietnam. I doubt they'll be able to access my devices from there.

But, of course, to believe I won't be hacked again is foolish. I just hope it takes another 20 years before it does.

Comments