top of page
LMM Designs LOGO © LMMD
Business Folk LOGO © LMM designs
WFH Setup

Blog

Post.

Search

Online Security & Hacking Concerns

Online hackers are everywhere! It's their full time job, and nobody is safe from the threat. Please update your passwords, add 2 Factor Authentication where possible, and NEVER click fear-provoking emails or messages saying you've lost access to your account!


I know, it sounds dramatic, but it's all too real. I have been supporting a number of friends, clients and family members whose security has been threatened. Here's what I've learnt and some recommendations.


A person in plaid shirt falls upside down; text reads "DROWNING IN ONLINE SECURITY". Top is grayscale, bottom is teal.

Hacking Story # 1


I recently had an interaction with someone who had multiple linked Facebook & Instagram business pages. With no apparent warnings, their account was hacked. They first noticed they had lost access to their Facebook pages. Later, passwords were changed and they were locked out of accounts. Over a period of months, hackers gained access to their many email accounts, Microsoft and Apple profiles. It culminated in hackers sending a link requesting they verify their identity to regain access to missing accounts. Understandably, they clicked the link (which installed malware on their iPhone) then entered their face ID from various angles, as prompted, to verify they were the account holder. The hackers now had external access to their phone and face identity using hacking technologies unknown to most of us! Their phone suddenly had a green light on it. The phone then went black and was unable to be turned on or off. Let's just say, it was a terrifying ordeal and we all gained extra grey hairs in the process! I found evidence of them accessing accounts from various locations across the globe (in this case Nigeria, Cambodia, Egypt, Sydney and more).


Phishing Story # 2


I received an email from a "family member" informing me they had shingles, had fallen and smashed their phone and needed me to assist them by email correspondence. Appearing fishy ("phishy") I immediately contacted them. They were well and fit, and their phone in perfect working order! I then started madly chasing down the hackers. They'd accessed my relatives Bigpond/Telstra account and setup a forwarding address to a fake email account. It was almost the same except 1 digit, and could easily have been missed. They were then able to send emails as my family member to all their contacts *phishing for more victims. They could use the email account to reset passwords and find evidence of all their personal details, and bank accounts. A traumatic ordeal, but we successfully stopped them by taking immediate action.



These are just two of many stories out there. I urge everyone to stay alert to scams and protect themselves where possible. And if you suspect you've been hacked, reacting promptly is key. Remember, most international hackers are "working" while we sleep! Don't be afraid to report it to police and keep screenshots of evidence - this may come in handy down the track.


Phishing versus Spam

Spam generally relates to unwanted/unsolicited inbox messages. However, spam can be from attackers looking to gain access to your computer or personal information. Mark all unwanted messages as spam!


Phishing is more sinister in that it appears to have come from a reputable source and attempts to manipulate the recipient into disclosing personal details, transferring money, or clicking on sinister links to install spyware onto your devices. These messages may come from people you know and trust (whose accounts have been hacked) so it is critical to remain vigilant against such crimes. If unsure, don't click it!


Phishing and Spam happens mostly by email, but is becoming more prevalent via phone and WhatsApp messaging, as well as via Facebook Messenger, and Instagram Direct Messages (DMs).


REPORT AND BLOCK

Stay Alert to Scams

NEVER CLICK AN EMAIL REQUESTING FACE VERIFICATION ~ this is an attempt by hackers to put malware on your phone and then use your Face ID to remotely access your device and supposedly protected apps & accounts!


BE CAUTIOUS PROVIDING PERSONAL DETAILS OVER THE PHONE ~ Are you 100% sure the caller is legitimate? If there’s any uncertainty, hang up and ring your bank or account provider yourself to confirm legitimacy.


VERIFY SENDER EMAIL ADDRESSES ~ legitimate email addresses will be the same URL extension as the official website ~ e.g. wix.com accounts will come from accounts@wix.com NOT pay@wixaccounts.com (example only).


CONFIRM BANKING DETAILS ~ Hackers are known to intercept legitimate invoices and change with banking details. Recommend confirming banking details when making first time payments to a new supplier or updating account details for an existing account.

Signs of Phone Hacking

When you take a phone call or use your camera you'll notice orange and green dots on your phone... this is normal! If you notice those lights are on when you are NOT using phone or camera then it could be a sign your phone has spyware installed. This may show up in the far right hand corner of your screen.

iPhone Settings to Prevent Malware Attacks

  • Search SETTINGS for CALL RECORDING > turn green toggle OFF

  • SETTINGS > search APP PRIVACY REPORT > turn ON

  • SETTINGS > click your name > ICLOUD > turn messages OFF (I personally turn off everything, iCloud except notes)

Use Encrypted Password Software (i.e. 1Password)

In light of escalating security risks, I strongly endorse the adoption of the *1Password application as your designated online filing system. *1Password is the name of the security software and is not to be confused with the use of single passwords! It represents a singular unique password to access your full vault of passwords. 


1Password features an encrypted login and password storage mechanism. It is essential to safeguard your accounts with unique passwords and the ability to store Two-Factor Authentication (2FA - One Time Password) within the one application. The 1Password application facilitates seamless integration across phones, tablets and computers (Mac & PC friendly) with easy syncing. This makes online protection a lot simpler. You can setup as an individual or create a family account to give children access their own vault of logins, files and passwords. There are Teams and Business options available, but it's a good idea to trial on an individual plan initially, then upgrade as required.


I've used the 1Password application for over 10 years now and it's an absolute game changer in business and life admin. Starting at around AUD$50/yr, it's an affordable investment in peace of mind. I carry my virtual filing system with me, wherever I go. Reach out if you need to book an hour with me checking over your settings once signed up. More info here.


Installing browser extensions, downloading the app on computer, phone and tablet, and checking 1Password's autofill settings after adoption is integral to the ease and function of the powerful app.


Password Settings in Internet Browsers

I highly recommended exporting all passwords auto-saved in Safari, Google, Firefox, Edge or any other browsers. Import them into 1Password and delete from your browsers.


EXAMPLE. GOOGLE > Password Settings

Here you will no doubt find an alarming number of logins your browser has prompted you to save. Hackers can access all these details if they know your Google login (including bank/accounting details if auto-saved).


  • Google Account settings preview showing options for saving passwords, auto sign-in, password alerts, and exporting/importing passwords.

2 Factor Authentication (2FA)

2FA is a secondary code sent to your phone, email or chosen authenticator app. Newer technologies allow for trusted Authenticator Apps to store 2FA codes that refresh every 30 seconds, while some online accounts still require text or email security codes. I recommend using 2FA directly through 1Password so it's one less step in the login process (it will autofill if setup correctly).


I used to recommend Google Authenticator App, but am reluctant to do so now. If your google/gmail account gets hacked, they can access all your 2FA codes through this app. They can also access your passwords autosaved in your browsers, as mentioned in section above. The same security risks apply with Microsoft Accounts, browsers, and the Microsoft Authenticator App, as with any other authenticator apps linked to outside email accounts. Instead I recommend using the encrypted platform 1Password to store your one-time passwords (2FA) securely.

Passkeys

Passkeys are a new secure technology replacing the need for passwords. They are designed to provide a more convenient, more secure, passwordless sign-in experience on websites and apps, but are not universally available at present.


Again, I prefer to save Passkeys in 1Password over Apple's new "Passwords" App (formerly referred to as Keychain). If you check the "Passwords" app on you're iPhone, you'll likely find a bunch of saved passwords and passkeys you didn't know were there.

Passwords

Avoid using Google, Apple or social media accounts as an easy login option, this is risky. Instead, use a unique and individual passwords for all logins. I know this is hard, but it's critical. If a hacker gets into 1 account, they can then access accounts that use the same login credentials. Create long passwords, 12 characters minimum (the longer the better), with a mix of characters, uppercase and lowercase letters, and numbers (not your birthday or postcode). Obviously, this is easier to do with the adoption of the 1Password application as mentioned above.


High Target Accounts for Hackers

As a priority, I recommend changing your passwords and adding 2FA to the following accounts hackers are known to be attacking:


  • ⁠META / FACEBOOK / INSTAGRAM (more on this below)

  • SOCIAL ACCOUNTS: i.e. SNAPCHAT / TIKTOK / X (Twitter) / PINTEREST, etc.

  • MICROSOFT / HOTMAIL / OUTLOOK / LIVE / SKYPE (same login for all accounts)

  • ⁠EMAIL PROVIDERS

  • TELSTRA / BIGPOND - High risk as Telstra have wiped their hands of Bigpond and related security.

  • GOOGLE / GMAIL / YOUTUBE (same login for all accounts)

  • AMAZON / AUDIBLE (same login for both accounts)

  • ⁠EBAY

  • ACCOUNTING SOFTWARE: i.e. XERO / MYOB, etc.

  • ONLINE BANKING

  • ⁠PAYPAL

  • AFTERPAY


Consider Changing Email Providers / Upgrading your Plan


How many email accounts do you own? Have you checked over your security settings? Have you added 2FA or Passkeys to your email accounts? Is it time to consider a new email provider?


Beware of Bigpond!

If you are still using a @bigpond.com email address, I recommend considering an alternative email provide. Telstra & Bigpond no longer provide adequate security protection in my experience. Rest assured, you can forward existing bigpond emails onto your new email account. Don't forget to login to your MyTelstra app, add 2FA and move email notifications to a different email address.


Never trust an email from a friend or family member asking for help from a @bigpond.com account.

Is Gmail Safe?

Let me start by saying, I'm a huge fan of gmail! Gmail is reliable and secure provided your google settings are optimised with 2FA activated (refer instructions below) - I will elaborate on the benefits of Gmail in a future blog post.


Despite my love of Gmail I have now opted for paid gmail accounts for myself and my children, removing all ads, and improving spam filters. In some instances you can upgrade your current gmail account to to a paid plan if desired, which provides access to the full Google Workspace Suite, including increased Google Drive and Google Photos storage. Alternatively you can link your own domain to your Google Workspace account (i.e. yourname@chosendomain.com.au) but still use Gmail (Google Workspace) as your account platform - this is particularly important for businesses. I believe children and the older demographic are prime targets, as are those who struggle with ever-changing technologies that choose to skip security recommendations.


If you are a gmail user, I strongly advise logging in directly in your browser at www.gmail.com, or through the Gmail app on your chosen device. Mail handling platforms (Apple Mail / Outlook, etc.) strip some of the security features and functionality Gmail provides.


Laptop screen displaying Gmail inbox with options like Compose, Inbox, and Search mail. Background shows a blurred light bulb. Text relates to Gmail account security.

  • Don't forget to delete redundant email accounts.



Protecting Facebook & Instagram Accounts


Many social accounts are under threat, and may already have been accessed by international hackers at some point in time without you knowing. Here are a few pointers to keep your accounts secure.


Facebook / Instagram Settings

  • RESET PASSWORDS and create unique logins for all accounts - force logout of all your active sessions while doing so.

  • Enable 2FA on all accounts.

  • Do NOT LINK LOGINS - disable the ability to login from one account to another (this leaves you wide open for attacks).

  • Take the SECURITY CHECKUP in Accounts Centre here 

  • CHECK SECURITY on Facebook here

  • Update SECURITY SETTINGS as below:


VISIT accountscenter.facebook.com or check SETTINGS in the Instagram App:

  • Instagram settings screen showing "Accounts Centre" and "Password and security" options, with two-factor authentication details. Displays recommended actions for increased online security on linked Instagram and Facebook accounts

    Check WHERE YOU'RE LOGGED IN - only keep primary & known devices active.

  • Check TRUSTED DEVICES - delete any suspicious devices from unknown locations.

  • Settings screen shows options for logging in with accounts. "Can't log in to accounts" is listed for multiple profiles. Purple arrows points to recommended settings in Instagram Account Centre.

  • Please change LOGGING IN WITH ACCOUNTS settings so profile logins are unlinked (there is no need for this) - Rest assured, this does not remove the ability to cross-post from one account to the other.


Smartphone displaying colorful social media app icons like Instagram, X (Twitter), and Facebook. Text relates to Facebook and Instagram account settings recommendations and security checks.


The best way to protect yourself from hackers is to undertake your own security audit BEFORE the need arises. It's often too late taking action after losing access to your account, or after your bank account is drained.


Companies like Facebook make it almost impossible to be contacted and rarely provide resolution to fraud and hacked accounts. Always check settings thoroughly!



I myself faced IDENTITY THEFT in 2024 after my handbag was stolen 2 years prior - read previous blog post here for more information on identity theft, precautions and actions to take if this happens to you.


🔗 For additional information, visit these links:


SUBSCRIBE to receive the more tech tips and business tricks from LMM Designs.


Tell us, was this information helpful?

  • Yes, I'm keen to hear more.

  • Kinda, but I need help to action these steps.

  • No, I'm on top of online security.


Comments

  • Instagram
  • Facebook
bottom of page