[BreachExchange] Dallas-Fort Worth physical therapist warns anyone can targeted by cyber attack

Fri Jan 21 09:11:39 EST 2022

https://www.wfaa.com/article/news/local/dallas-fort-worth-physical-therapist-warns-against-cyber-attacks/287-dab3854f-16c5-48c4-9012-f6b5b03e78dc

SOUTHLAKE, Texas — A Southlake-area physical therapist who says Instagram
and a heavy dose of online interactions helped build her business, never
gave much thought to being an online ransom target.

A suspect, whom investigators believe targeted her all the way from Turkey,
unfortunately, proved her wrong.

"You can be the target. You don't have to be special. I'm a pediatric PT
page," Dr. Emily Heisey said of her Instagram. "I didn't think I was cool
enough to get hacked."

Heisey's practice, KinActive Kids, specializes in pediatric physical
therapy and chiropractic care.

This past weekend she said she received a direct message alerting her to a
copyright problem with her page. The alert, from a legitimate looking
Instagram/Meta page, told her to click on a link and enter her username and
password again.

"So, I clicked on the link and I signed in, and within three minutes in
real time saw my password my email and my contact phone number being
changed. It was that quick," she said.

The hacker started changing her page, locked her out and demanded $1,000 to
return control of it to her.

"We do have information on this individual that we will be forwarding to
the proper authorities," said Andrew Sternke of Juris Disputes &
Investigations, who worked with Heisey to recover control of the Instagram
account.

But, when the hacker found out the doctor had sought help he grew more
angry, making threats against Heisey's family and upping the ransom he
sought to $10,000.

"It scared me, in that I had put so much stock into Instagram," Heisey
said. "In three minutes for it to be taken away, yeah. Not only was I
scared, I was upset. I couldn't believe that two and a half years of hard
work could be taken away that quickly."

Cybersecurity experts, including an analysis by the company Cybersecurity
Ventures, have predicted that attacks like this could grow 15% every year,
costing companies $10.5 trillion each year by 2025.

"But as far as Dr. Emily's cybersecurity is concerned she is extremely
protected right now," said Sternke.

Sternke won't say in detail how he restored Heisey's Instagram account and
locked out the hacker, but he said everyone should be wary of phishing
attempts like this, that openly ask for usernames and passwords. He advises
people to sign up for two-factor authentication on social media accounts,
get a password manager set up, and make sure all security updates on
devices are current.

"This is something we can easily combat, just be educating others on the
importance of this, understanding all this works," said Sternke.

Heisey said she initially reported the hack to Instagram/Facebook/Meta when
it happened last weekend, but she has yet to get a response.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220121/59baa3c3/attachment.html>