This is kind of a long story. Feel free to skip to the bottom for key takeaways, but I’m sharing the complete tale of how I learned my lesson on cybersecurity the hard way, so you don’t have to. You know, in the spirit of behavior change!
It all started at around 4:45 pm on a Thursday. Feeling a bit restless, I opened Safari on my phone to search for the address of an industry event that I was planning to attend later that evening. When I opened Safari, I was interrupted by this pop-up notification:
In a state of panic, I called the phone number on my screen. I know what you’re thinking: Obviously don’t call the phone number on your screen, dummy. It’s clearly a hoax.
Well, unlucky for me (and my IT manager), I thought that it was totally legit. As I listened to the soothing hold music on the line, I contemplated what kind of suspicious activity could be happening on my phone. Both my work and personal email accounts are on my phone, as are all of my contacts, my social media profiles, and I’ve used it for online banking.
“Oh no,” I thought, “I really hope this hacker doesn’t steal all of my money, email something terrible to my boss, or text my ex-boyfriend.”
Real thoughts in a real crisis, people.
Anyway, after contemplating my doom while on hold for a couple of minutes, a friendly man answered and introduced himself as an Apple Certified Engineer. He asked me about the reason for my call, and I explained the pop-up notification. He asked about the make and model of my phone, which I offered without hesitation.
He told me that he needed to scan my device, and kindly asked that I plug my phone into the nearest computer. Not thinking twice, I dutifully obliged.
Before long, my new friend the Apple Certified Engineer was “scanning my network for malware.” He suggested that I make myself a cup of tea while we wait, since I’d been so patient throughout the call.
I felt a little better after the tea.
After returning with my cup of Earl Grey, my new friend told me that my network had been hacked by a virus called “Koobface” and that it was imperative for me to have it removed right away.
He told me that he was going to connect me to a higher level Apple Engineer in my area that could fix the problem. My wits suddenly coming back to me, I told him that I’d rather have my IT manager handle it. I hung up the phone and frantically around my office yelling, “Our network has been compromised! Our network has been compromised! Where’s Don?!”
Our IT manager, Don, had left for the evening to have dinner with his family. I called him on his cell phone to tell him about the crisis. He answered, and as I began to tell him the story, it dawned on me that I’d called a hacker on my phone and given him everything he needed to hack into our network.
Don loudly asked me to never do that again.
He fixed my computer, though, and our network was just fine. A happy ending, after all!
So the bottom line is ….
Never ever call a phone number on a pop-up notification. Instead, go to the alleged source of the pop-up (in my case, Apple) and call the number on their website to confirm if the pop-up is real. And tell your IT manager what’s going on before you even dream of connecting your device to your work computer. Just because a customer service representative puts you on hold, and then soothingly tells you to make a cup of tea does not mean that he’s real.