Three days at the mercy of internet crooks

Not even twenty-four hours after returning from Peru, I received a strange phone call that should have been a red flag but which I ignored because of either jet lag, stupidity or both. I didn’t recognize the caller’s Spanish accent, dripping with fake concern and assumed he was Peruvian. He ended every sentence with “joven” or “young man,” which didn’t sound like Mexican or Caribbean Spanish. He kept confirming the spelling of my email, and then reciting some four- or five-number codes. After fifteen or twenty minutes of this incomprehensible exchange, I hung up, which I should have done ten seconds into the conversation.

Then the “fraud alert” emails started to come in from banks and credit card companies, one questioning the validity of a twenty-thousand-dollar loan, another advising me that my PayPal card was now “linked” to my checking account, in addition to forty-thousand and thirty-five-thousand movements of cash. That’s when I realized the hackers had gotten into not only my email account, but also a separate email file Stew had created with the names and passwords of everything from credit cards to cooking websites. Stupid to keep such a file? Incredibly so, and Stew would be the first one to emphatically agree.

Not knowing what to do, other than responding to the “fraud alerts” coming in, we called Charles Miller, a local computer guru who ran a weekly column in Atención, often focusing on internet security. Charles is a sixty-something Texan with a syrupy drawl who lives in a small, second-floor apartment in the center of town with a room crammed with so many computers, monitors, wires, keyboards and other paraphernalia it looks like a mini version of NASA’s Mission Control. Charles has bailed us out previously from what seemed irretrievable computer catastrophes, such as hard-drive crashes, freeze-ups and monitors gone dead. Charles’s phone and email have long appeared prominently on our list of contacts.

In this latest hacking case, one of our cell phones, with our mail email accounts and applications, went blank. Before consulting with Charles we had done a “factory reset,” hoping we could then reload the email accounts. That sounded like a good idea but turned out to be another stupid move that left me with a blank phone that could only handle calls.

Instead, for over two hours, Charles, step by step, methodically carried out what looked to me like an exorcism of the errant email account which luckily had survived in Stew’s laptop, and allowed him to track down the hackers’ address who we think work out of somewhere in Mexico’s Jalisco state under the name of “Motorola,” and not Peru. Clicking on “details” in our email accounts Charles traced, and blocked, the contacts that had hacked our email. Back home I got another call from the hackers, on my cell which didn’t work except to put through phone calls, who this time offered to help me fix my WhatsApp account. I declined.

To resuscitate my cell phone, a task he admitted he doesn’t handle, Charles sent me to the Hospital de Celulares, a micro storefront in downtown San Miguel, where every inch of wall space is covered with some sort of cell phone accessory meticulously arranged. A young woman, who spoke no English, magically—to my eyes—brought my phone back to life. Several applications were lost in the fix, which I still have to repair. Better still, the young woman didn’t charge me anything probably feeling sorry for my electronic incompetence.

The Hospital is one of several miniscule storefronts in San Miguel dedicated to tiny slices of the market. “The House of Screws, Bolts and Washers,” deals with nothing but, no matter how odd, while a one-hundred-year-old and similarly tiny hardware store ominously called “The Volcano,” stocks all manner of stuff, including chemical powders and substances Home Depot probably wouldn’t handle. Each of these have come to our rescue during our time in San Miguel. .

We learned a couple or three lessons, possibly a few others, as the days passed. One was to put a credit cap on your charge cards, beyond which the bank will contact you to verify the validity of the charges. That simple trick, this time a good idea by Stew prior to this debacle, thwarted the hackers from moving large amounts of money. One can also set up a two-step verification method with some credit cards and vendors that require email or phone text confirmation of the transactions after the initial password.

Another good Stew idea is to use an application called Last Pass, which in essence is a data vault that stores all your passwords and other sensitive information. (In retrospect, he should have stored all the passwords and data in the Last Pass, rather than just some.) The application blocks and notifies you of any unauthorized attempts to access the information. In this case, Last Pass worked as advertised by blocking repeated hacking attempts. There’s a subscription fee of three dollars a month that is worth every nickel.

But whatever you do, don’t take any strange calls from sweet-talking Peruvians or Mexicans, for that matter.