The Born Freelancer Gets Hacked!
This series of posts by the Born Freelancer shares personal experiences and thoughts on issues relevant to freelancers. Have something to add to the conversation? We’d love to hear from you in the comments.
The Born Freelancer Gets Hacked!
My digital nightmare began with a click.
When the email arrived, purportedly from my email provider, my mind was elsewhere.
A text had arrived at the same moment, severely dividing my attention.
The email asked if I was missing several replies I was expecting. It claimed a certain number of them had been blocked. For more details, I had to click the link.
Well, as it happened, I had been expecting several clients to reply to recent inquiries and had heard nothing. It made sense, to my distracted brain, that their replies were in digital limbo.
My cursor hovered over the “click” button.
A short time out
As a veteran freelancer, I knew the dangers lurking online. Bad actors try to trick us into providing details (called “phishing”) to rob us of our identities and drain our credit cards. Others, more technologically oriented, try to trick us into downloading malicious “malware” with which they can steal our passwords or take control and “lock down” our computers, holding them for ransom.
For all the anti-virus software, our computers’ biggest vulnerability remains the human factor—that is, any appeal to our needs and weaknesses. Simple and basic social engineering may emotionally trigger us into doing whatever it is they want us to do.
Consider the email I was about to click.
It claimed certain replies were being blocked. That appealed to my ego—of course my clients had replied, they would never simply ignore me. It also appealed to my deepest suspicions—of course it’s the technology at fault. And it correctly presumed my distracted mind would not notice the telltale giveaways of its illegitimacy until it was…too late.
Back to the action—Click!
Right away I knew it was a mistake.
Multiple images appeared in a rapidly flashing succession of unknown websites until, after the hard drive produced a noise like shifting gears in an old Model T Ford, it froze.
In what seemed like hours, but was probably no more than seconds, I disconnected from the Internet.
But it was too late.
I had allowed myself to be hacked.
Stupid, stupid, stupid. How could I have been so stupid?
This question ran through my mind until the advice of a tech-savvy colleague brought my old computer back to life, well, a kind of life. Based upon what had happened the odds were it could now harbour insidious malware. Or some portion thereof.
I can look at its files but it can never be trusted again to roam the Internet (where it could fulfil its malicious destiny) unless I pay more than it is worth today and take it to a computer repair service.
Freelancing means living within a budget. I decided the money I would have spent on repairs (had I not backed up my files) would be better spent on a newer used laptop.
With no immediate access to the Internet, my local public library came to the rescue. Using their publicly accessible computers I was able to keep in touch with the world. Thank you public libraries everywhere!
Lessons learned
- Back up your files. Many computers do this automatically to “the cloud” but I prefer a daily manual backup to an external drive. Accessing “the cloud” may not always be possible
- Never click links in unsolicited emails. Seriously. I knew this and still I clicked. They attempt to evoke a response from you exploiting your vulnerabilities. Is my account frozen? Has there been a mistake I need to put right? Or in my case, had I been missing emails? Sooner or later a socially engineered question may arrive that will click your buttons too
- Inspect emails closely. When, afterwards, I looked at the bogus email, I realized it didn’t use quite the right graphic logo. Some of the grammar was wrong too, as if written in a hurry
- If asked for personal information, DON’T GIVE IT. It may seem legitimate but probably isn’t. Do not call numbers on it to determine its authenticity. Those are probably fake too. Call the number you already have or check that company’s website
- If you suspect you’ve downloaded anything malicious, disconnect. Don’t go online again until it has been “cleaned” by a trusted computer repair service. Using another computer, change all email and log-in passwords and all saved passwords. If a credit card number was stored, cancel it immediately
- If you become the victim of ransom-ware, don’t pay. Consider your computer a write-off. (I’m assuming your files are safely backed up.) Contact the police
The takeaway
What was the end-game of my purported hackers? Planting a key stroke logger to steal my passwords or to shut down my computer until I paid a ransom?
I’ll never know. I had pulled the plug before the malicious activity was able to fully manifest. But I know it wasn’t going to be anything good.
As freelancers we have no corporate IT department constantly overseeing our online safety to turn to in our hour of digital despair. We have to safeguard our time online to the best of our abilities.
So please allow my holiday gift to you to be this advice: Never take your online safety for granted. When you least expect it, you might be manipulated by the most simple and basic social engineering.
Don’t say it couldn’t happen.
I know because it happened to me.
Have you ever suffered any online attacks or security lapses? What did you do about it? Please share your experiences using the “Comments” feature below. And yes, it is SAFE to use!