Without a Trace - Essayshark Account Hacking
Did they say December 2018 was a very good end of the year? they lied, especially if your essayshark account was hacked. Sio Leo, a member of the Academia FB Group shares how this scenario happened and how one can prevent this from happening again.
Essayshark Account Hacking
Yesterday and today have proved to be horrible for guys whose accounts were hacked by one or few individuals who I believe are active members in this group. In my case, I was doing rounds with my bae yesterday when I received a notification that my account has been suspended. I did not suspect any suspicious activity because at the time everything seemed normal. Besides, I did not understand why I was suspended but after I sought clarification with support, they informed me that it was a normal procedure for all writers.
Well, I told myself that if it was a normal procedure there is nothing else I would do but provide necessary documents. At night I uploaded several orders which I wanted clients to release funds before I could request my payment. Nothing looked suspicious except the suspension,so, I went ahead and made a request for funds without checking if the payment email was the same as the one I normally use. At Shark you cannot change payment email if you don't have the phone number. So, I had nothing to suspect since I have the number and no request had been made to the number to have the payment method changed.
Later, I went to bed because I was tired and with your account suspended and no orders running there is actually nothing else left to do. In the morning everything was normal until I was referred to Caleb's post about the hacking claim.
End of Year Shock!
I rushed to my laptop, logged in my account and quickly clicked the profile tab. Shock on me!. The phone number was different. The asshole changed the contact to 0793538747 registered under names Samwel Muiruri. I snapped, as it dawned on me that I was actually hacked. I also noticed that I requested payment to the wrong email. The hacker was smart, he just changed the payment email by removing and replacing one letter which made it difficult for anyone to notice.
How Did This Happen?
On November 20, 2018, a guy posing as a client created a fake order and under instructions, he uploaded a file with .rar extension and later on November 22, 2018 he created a different order with a file with .exe extension. What I found weird is that he insisted the instructions have two books but you need only one. At Essayshark, the company has a policy requiring every writer to download and view files uploaded by clients before placing a bid. I believe the policy is meant to alleviate number of cancelled orders if a writer is assigned a technical order which he/she cannot execute for bidding without checking order files. I personally downloaded the zipped file, clicked it and told the guy the file had no books. He left.
On November 22, 2018 I made a post here asking comp gurus to help me stop someone from hacking my accounts. I received numerous notifications that my account passwords have been changed successfully yet I was not even typing anything. I was alarmed, rushed to my other laptop, changed email loggin details and reset my recovery details. I kept receiving codes from google asking me to key them in to be able to change passwords etc.
Hacking Tool: KEYLOGGER
I believe the guy simply used a keylogger malware to dupe a few of us because we are ever hungry bidding for more orders.
"A common keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file that does all the recording and an executable file that installs the DLL file and triggers it to work" (Rouse, 2018). As explained by Rouse, the zipped folder had two empty files that only needed you to click. The program does not request for command to be installed on your laptop. After it has been installed, it monitors the keystrokes or any emails and passwords that you type.
How Do I Prevent This?
I am not an IT guy but I believe these steps can help you.
1. Never save your passwords in your browser. If you have delete them.
2. Install an effective antivirus e.g. Kasperskey.
3. If your antivirus notifies you of any potential viruses when downloading anything, cancel the download, scan your device and remove any recently installed program.
4. Install anti-keylogger programs e.g. spyshelter e.t.c.
5. If you suspect any hacking, do not change your passwords using the same device.
6. Change your OS if you cannot find an effective anti-malware or anti-keylogger.
I have attached a screenshot showing the files that I believe the guy used to access our devices. They could be familiar to those affected.
As I am typing, the malware is trying to monitor my keyboard for any passwords keyed in.
I feel sorry for all of us affected by this selfish, heinous, nefarious, and iniquitous act we must not condone in this industry.