Urgent warning to every Aussie with an email account: 'This is insane'
Michael said if it wasn't for two-factor authentication then hackers could have all gained access to his account.
A young Aussie worker has issued a stern warning to everyone with an email account after he was nearly hacked dozens of times. Michael Saliba recently received a message that revealed someone had successfully signed into his account.
Thankfully he had two-factor authentication (2FA) enabled so the hacker was stopped in their tracks, but the 24-year-old Melbourne resident discovered a feature on his Microsoft email account that showed all the recent sign-in activity. He told Yahoo Finance what he saw shocked him.
"My stomach dropped," he said. "When I clicked it, there was just all these different countries of people trying to log in."
RELATED
Aussie's tragic reason for paying hackers $479 to 'hack back' stolen Facebook account
Aussies jump on global trend to break up with 'price gouging' Coles and Woolworths: 'So simple'
ATO warning over tax deduction claimed by millions: ‘Common myth’
"That was all within like a five-day period, like, I would say dozens of attempts worldwide.
"And I didn't even like check further down the track, because I was like, this is insane."
When the "tech-savvy" worker initially got the email telling him to update his details due to the unauthorised sign in, he knew immediately not to click the link provided.
While it might have been a legitimate link from his email provider, he said you can never be too careful these days with Aussies losing millions of dollars to scams.
He said his private information was involved in a 2018 data breach and it was only when he checked online that he discovered his email account and password could be accessed by hackers.
Thankfully he's updated his profile since then, but he issued a warning to everyone to make sure you have 2FA enabled, otherwise people anywhere in the world could get into your account if your details have been leaked.
"My company has a policy where you have to set [2FA] up," he told Yahoo Finance. "But for personal use, it's pretty much up you if you want to set it up or not.
"Some people find it annoying to have to get a text message every time they want to log in, but I am on that more cautious, tech savvy side, so I just have everything [enabled]."
What is two-factor authentication?
Two-factor authentication is available for accounts of all different shapes and sizes. Some are provided in-house, but there are also 2FA websites and apps that you can use.
It's basically just another line of defence to stop unwanted people from accessing your emails, social media and other types of profiles.
You usually have to add your phone number or secondary email address to your 2FA profile and when you sign into your account, you'll get a text message, call or email with a code.
This means anytime someone tries to sign in, they'll have to have that additional access to your phone or email to get any further.
Sites like Facebook and Gmail will have this built in to their service, but you can also download services like Okta, LastPass and others that are separate to your account.
Saliba told Yahoo Finance that in addition to 2FA, he uses a service called Password Generator, which gives him a new password every single time he logs in. It might sound cumbersome but he reckons it can make a huge difference.
Get the latest Yahoo Finance news - follow us on Facebook, LinkedIn and Instagram.
How do I protect myself from scammers?
Aussies lost $2.7 billion to scams last year, with 601,000 cons reported to authorities, according to a new report from the Australian Anti Scam Centre.
That's down from a record $3.1 billion the year previous, however, the number of scams reported went up by 18.5 per cent. Over 65s were the hardest hit and only group to take a higher loss in the last year.
Investment scams are the most prolific, with $1.3 billion lost, followed by remote access scams ($256m) and romance scams ($201.1m).
Scamwatch warns to beware of the following scenarios:
It’s an amazing opportunity to make or save money
Someone you haven’t met needs your help - and money
The message contains links or attachments
You feel pressured to act quickly
They ask you to pay in an unusual or specific way
They ask you to set up new accounts or Pay ID
What should I do if I think I’ve been scammed?
Contact your bank and report the scam. Ask them to stop transactions and stop sending any money.
Report the scam to Scamwatch here and make an official complaint to police here.
Watch out for follow up scams, particularly ones promising they can get your money back. Scamwatch warned one in three victims of a scam are scammed more than once.
Lastly, get support for yourself. You can talk to a financial counsellor or reach out to BeyondBlue on 1300 22 4636 or here for an online chat or Lifeline for crisis support online here on 13 11 14.
You can also contact IDCARE to “reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation”.