My Crazy Life—Cybercrime During COVID-19 Lockdowns

“Nothing about you makes sense,” “You’re like something out of a movie,” and “You’ve lived a million lives, eh,” are all phrases that I have become accustomed to hearing from almost everyone I meet.  Most of the stories I share with people might lead them to believe that I am a tall-tale teller, possibly influenced by the legendary Davy Crockett, as I have had my own hunting-furry saga, but it just is not so.

Here is one of those kinds of stories, one that may seem like a tall tale but that I can assure readers is non-fiction as non-fiction gets.

Master Chief versus the parasitic infestation known as the Flood.

Early into the COVID-19 lockdowns, I was targeted by a cybercriminal who managed to obtained access to my email account and who hijacked my PayPal account after I clicked on a link to download a pirated version of the 2001 video game Halo: Combat Evolved.  Although I should have known better than to try for a pirated version, I had my friend on the phone and he agreed to download it if it worked for me.  After clicking the download link, a purpley Google Chrome icon appeared on my desktop—I knew it was malware, and it was at that moment that I knew I had messed up.

Being the positive person that I am, I thought to myself, “Well, if I could choose between a computer virus and COVID-19, I would always choose the computer virus.” What I also had in my favor was that this was an unsophisticated cyber attack, a prehistoric way of carrying out a cyber attack dating back to the early 2000s.  Despite my cyber skills not being as sharp as they once were, all I needed in this situation was the PayPal number notification to turn the tide and for this hacker to end up a casualty of war.

The story goes something like this: a few hours after my failed attempt at downloading Halo: Combat Evolved and while I was preparing for an accounting exam, my phone started to go crazy with non-stop notification pings.  I tried to wait out the pings, close to a minute, thinking that the non-stop ping sounds would subside, but they did not.  Looking at the screen, I was surprised to read that I had over one hundred unread emails and that they were continuing to come in.  At first, I thought it was a friend playing a prank on me, but then I remembered that purpley Google Chrome icon, and realized what was happening.

The hacker, who had obtained access to my laptop as a result of the malware, had proceeded to email bomb me through a spam service.  During that five- to ten-minute period where I was receiving non-stop spam emails, I managed to spot an email notification that I received from PayPal which stated that my PayPal telephone number had been changed, although he had tried to hide it by using  a number that also ended in “8999”, like my number.

Without that PayPal notification, my wallet may have been killed in action as a result of the cyber attack.  But this hacker was not the sharpest tool in the shed, and he had failed to account for the notifications during his email bombing campaign that alerted me, and that simple mistake sealed his fate.

For starters, I opened my banking app that was registered to my PayPal account, and I realized that the individual had purchased premium computer parts from a computer store in the UK, which turned out to be the UK’s version of Best Buy.  They were closed until 2 am EST.  This gave me enough time to reach out to PayPal’s loss prevention division, and they were also able to provide me with the new email and phone number that had been registered to my account.  With that, I had all the information I needed so I visited that city’s municipal police services website, and I submitted a criminal complaint.  At exactly 2am EST, I connected with the computer store’s customer support line, and we were able to cancel the purchase.

After four intense hours of leading my cyber defences and repelling the hacker’s attack on me, I was left with two choices: sing Leonard Cohen’s Hallelujah before going to sleep or pull an all-nighter in order to hunt down the hacker in an  America’s Most Wanted manner.  Since the COVID-19 lockdowns had me bored beyond belief, I chose to go on an adventure.

After a little bit of digging, I was able to find out the hacker’s exact location.  Since I had the hacker’s email, I decided to send him a screenshot of his front door, but before I did that, I felt the need to also show him that I could conduct bigger and better email bombing campaigns.  To my surprise, and after halting my email bombing campaign, the hacker actually responded to the email I had sent him with a screenshot of his front door, and he started giving me a list of excuses including that I “had no proof that it was him, and even if it was him who carried out the cyber attack, since he had not picked up the items he had not committed a crime.”, and it had me feeling like vintage John Walsh.  Surprisingly enough, we exchanged a few more emails, and the hacker’s tone changed altogether.  To be fair, it appeared that the hacker was remorseful for the potential harm his actions could have caused, but his ego was preventing him from saying, “Alek, I’m sorry.”

Our email exchange reminded me of the interaction that occurs between Frank Abangale Sr. and Frank Abangale Jr. in the 2002 movie Catch Me If You Can, where Frank Sr. fakes being angry at Frank Jr. after the principal tells him how Frank Jr.  impersonated a high school teacher to embarrass a school bully, but, in the end, both Franks can’t help but laugh.  Perhaps it was a mistake to not be more stern with him, but I was in a transitional period similar to Jules from Pulp Fiction.

For my part, I went over a few more things with him regarding his actions in a father-like manner. The exchange ended with me telling him how I was hoping for him to be able to turn his life around after this incident.  I like to think he did.