Level 3 Communications

Stephanie Walkenshaw

On the 12th Day of Christmas, I Sent Explicit Content… A Cautionary Tale of Hacking

Here’s what happens when your phone gets hacked and somehow an inappropriate phishing text makes its way to your nephew’s mobile phone, with the appearance that it was sent by you – his aunt.

First, I’m in disbelief that something like this could happen to me. I work for a tech company; I’ve produced videos about safe cyber practices like two-factor authentication and passphrases with numbers substituted for letters. This can’t happen to me.

But then my nephew sends the offending item back to me, and well, it is offensive. Reality sets in.

No problem, I think, “I’ve got this.” I jump online to make an appointment at my mobile provider’s nearest onsite tech support. Except, they can’t see me for five days. Five days? Who can wait five days with a compromised phone? Especially with the threat of Gammy and PopPop and my coworkers next on the list to receive such vivid imagery.

Ok. Next option. I engage my provider’s online chat support and, after a reasonable, yet nonetheless excruciating amount of time, the human on the other end of the webosphere advises me to wipe my phone.

“It might be overkill – but that’s what I’d do,” he says in tone that’s a little too matter of fact considering what he’s telling me to do. He sends a link to the instructions, which advise the following:

  • Ensure you have the latest operating software installed on your phone. (Admittedly, I didn’t – a big mistake, as software updates are imperative to addressing new security vulnerabilities.)
  • Back up all phone contents to the cloud. (Regular back-ups, I’ve learned, are a powerful weapon to combat ransomware; if you regularly back up your data, ransomware may slow you down, but it won’t devastate you.)
  • Go to Settings to access the Erase function.

So then I do it. I erase all the content on my phone.

But here’s what I didn’t anticipate: I’ve now got myself a new phone. Except it’s not new in the “shiny-new-oh-so-fun-I-love-my-new-phone” kind of way.

It’s new in that awkward, randomly seeing somebody I used to know kind of way. My phone, the one I’ve relied on for the last nearly two years, is now a blank slate, a device that doesn’t know me or my preferences; it’s a stranger to me.

Regret immediately sets in. “Oh no. What have I done? How will I function in the world?”

I can’t reinstall the back-up from the cloud because, as the oh-so-helpful chat advisor warned, doing so could also reinstall the infected application. So each application needs to be manually reinstalled from the app store. Let me ask you to stop for just a minute and look at your phone. How many apps do you have? Do you know how many are interconnected? Do you have a list of all of them? I didn’t.

So, each of my applications, many of which had so conveniently been tied to each other, now require me to login and reconnect… Not just Facebook and Twitter, but my FitBit app and Waze and everything else I’ve made a part of my daily life. Gmail. LinkedIn. Media sites. All of it.

Not to be forgotten: work connections. I have to be connected to my work email when I’m away from the office, so now I need to request a new VPN token from my IT department to re-install my company’s email exchange application.

When I want to stream music from my phone on the way home? Oh, well, I have to reestablish the connection from my phone to my car.

In other words – it’s a pain. And it takes a lot longer than you’d think.

Let me be your cautionary tale this holiday season: check and recheck your email and social accounts’ open instances, security settings, passwords and authentication protocols. You can learn all about how to do this in our Internet Safety series. I’ll certainly be watching it again!

Do this now, and you may very well avoid the awkward dinner conversation my family is bound to have around the holiday table this year about why Aunt Stephanie is sending everyone inappropriate pictures.