It was a phone call that made my stomach sink.
My partner was scrolling on a very popular trading website when she clicked a continue button to go to the next page of views, only to be blasted by a piercing alarm, her laptop frozen with an urgent message on the screen to call Microsoft on this number.
She did. Followed instructions. Booted the laptop. Watched the cursor moving on its own.
Eventually she got suspicious and called me, only minutes after I hung up on a scammer with an Indian accent telling me he was from the computer company and my partner’s computer had been hacked, followed by another call I ignored that my phone said was from Washington DC.
“Tell me you didn’t call them,” I told her.
Too late, the scammer had been at it for about half an hour.
“Shut it down, turn it off,” I screamed.
The sheer terror at our private information and emails being exposed and the potential risk to our bank and even superannuation accounts was shattering.
She was the perfect target – a digital novice, alone and easily confused, especially as she had used a support service in the past and the laptop was supposedly protected by credible security software.
She was well aware of the random phone calls to ignore, we get plenty of those.
But what the heck was that dodgy link doing on a website used by millions?
The computer shop that cleaned up the laptop said it was a high-level operation and that scammers were becoming increasingly sophisticated and difficult to avoid.
It certainly wasn’t the first Microsoft impersonation scam they had seen.
It’s made me think that the current approach to internet fraud is failing consumers at the household, as well as the higher level business or government level.
The big hack attacks by criminals and state actors are capturing all the attention and resources but what about people at home shopping, doing their banking or checking and sending emails.
It is becoming an increasingly perilous business. Click on the wrong email in a blizzard of them, land on an ad or use an innocent looking button and you could be in real strife.
Is it all up to the consumer to keep track of the scams, the bulletins on spotting and avoiding them?
What responsibility should device manufacturers and sellers have?
My partner’s laptop didn’t come with a read this first safety document before using it.
Microsoft didn’t issue a home security guide when the software was loaded.
How do website providers and merchants ensure their pages don’t end up full of landmines?
Is government and business doing enough to build and maintain cybersecurity defences?
Like the way the internet itself has evolved, the tips sheet to stay safe, and cyber defences in general, appears to be a living document that continues to grow with every new scam or attack.
The ACCC or the AFP can issue all the updates or alerts they like but how on earth does an average person keep up with it all?
The computer shop was philosophical, saying there wasn’t much you could do to stop them except be careful.
And even extra security software was a waste of money.
Yes, we’re changing and strengthening passwords, using two-step authentification and basically being paranoid.
But experts say the flood of scammers is but part of the larger assault on digital infrastructure that may eventually include catastrophic attacks on things like the electricity network.
The dream of an interconnected world with a free flow of information and ideas may become just another dystopian nightmare.
Cybersecurity now starts at home, but governments and business need to move faster to build the digital fortresses and immune systems that will keep all of us safe.
Or we junk the internet as a nice idea that couldn’t compete with our darker angels.