TAMPA, Fla. — Bank accounts, social media profiles and even access to her cellphone were taken away by hackers. Now, a Tampa woman has a warning for others as she scrambles to get it all back.
Vanessa Cahuas is a court translator, real estate agent and mom by day. She has also built a following on social media and in Tampa’s Hispanic community.
On her company’s Licencia Para Divertirse page, she creates and posts social media videos highlighting local people, businesses and events in Hillsborough County.
“The community of Tampa follows me because they believe in what I put there, and I have 17,000 followers, and everybody you know trusts what I say,” Cahuas said.
Though after a recent scare, she’s hoping that trust isn’t broken.
“They put a picture of me with my bank account saying that I have done bitcoin and I make a lot of money, and inviting everybody to join,” Cahuas said, describing one of many posts made on her social media accounts after they were hacked.
“They got into my Facebook, my Instagram, my Hotmail account, my phone, I couldn't make any phone calls. They had everything,” she explained.
Cahuas believes it all started after she clicked a notification asking to verify her login. Not paying much attention, she opened the floodgates.
“It was like a horror movie because the messages [of my passwords changing] kept coming,” she added.
It’s a practice becoming even more common in recent weeks.
“It happens over 35,000 times a day, these, what we call account takeovers, most of the time it happens through social engineering,” Roger Grimes, a data-driven defense evangelist with KnowBe4, a cyber security awareness training company based in Clearwater, said.
Grimes says if anyone you follow posts anything abnormal, especially cryptocurrency-related, it's safe to assume it’s a scam.
On top of that, he says it's important to make sure your own protections are in place. If you get a notification, don’t click it. Go directly to the site or app and verify it’s real, usually the same notification will pop up there.
Also be sure to bolster your passwords, setting up multi-factor authentication for every site, and using a password manager.
“A password manager allows you to create and use and store really strong passwords that are unique and different for every website and service that you use. Those two combinations of using phishing-resistant multi-factor authentication whenever you can,” Grimes added.
Cahuas says she’s already got the fraudulent charges cleared from her bank and is working to get control over her social media and email accounts back. She’s also filed a police report with the Hillsborough County Sheriff’s Office.
She’s also considering just creating a new page for her Facebook but is sharing her story in hopes it can help at least one person avoid this nightmare.
“Hopefully it never happens to anybody,” she added.