Imagine you’re sitting at home and you get a text from an unknown number. It includes a photo of you – and a warning that it knows who you, your wife and kids are. If you don’t wire half my rent to the sender, “I’m going to ruin your life.”

While you’re considering whether to ignore it – it’s an old picture of you, after all – another text comes through. Then another. Followed by a phone call. You answer and there is no answer – only silence, you hang up only for the phone to ring again and again and again.

You block the number, but the texts keep coming and the phone rings again, but this time from another number.

I imagine this can be truly frightening. Except I don’t have to imagine. This happened to me in April.

I was shell shocked, especially after it began texting “deep fake” images of me to my wife and daughter, my son’s brother-in-law, whom I rarely speak to, even to people I know in the community and others I don’t, potentially irreparably harming my reputation.

After the initial bombshell subsided, I did what I later learned authorities advise victims to do. I called the local police and FBI. Blocking the numbers was to no avail. I called my cellular provider’s cybercrime extension; but after 5pm on a Friday, it was closed for the weekend (their customer service’s failure is another story).

For their part, the FBI said the calls often come from overseas, where they have no jurisdiction to respond.

Though I did weigh it heavily, I did not offer to pay the ransom.

We’ve all read about friends and strangers getting their emails, websites, social media accounts hacked or themselves “cloned” online. We gasp and sigh and offer our pity – all the while thinking some foolish act on their part exposed their accounts. I would never do that, we think to ourselves.

Then it happens to us and we get an instant dose of reality.

Internet security professionals say there are two types of computer users – those who have been hacked or attacked, and those who will. My experience – and those of nearly 860,000 Americans in 2024 – are frequent and growing. Human and bot attacks include identity theft, where someone impersonates you online. Ransomware occurs when you open a link – and unleash software that shuts down your system until you pay a ransom to get the digital “key” to unlock it.

The advent of artificial intelligence – in the hands of cyber criminals – has created highly sophisticated attacks. AI can provide criminal contact information for potential victims. Traditional and AI-powered hacks, phishing, email compromise and business interruption raises questions about Internet security, how we can protect ourselves and our online identities, and how powerless we are.

It also highlights how diligence in security and our response can help prevent or curtail such attacks. Fortune 500 companies have cyber security teams. But as individuals we are our team. So what can you do to protect yourself? I had the benefit of knowing and speaking with a white hat hacker, who helped me deal with this frightening situation. Here are my suggestions:

• Don’t panic. Shock is understandable. Collect yourself and tackle the attack head on. You can decompress after you’ve navigated your way through the crisis. Please note in my particular case, the attack lasted three hours.
• Always have your radar on. You lock your car and home, scan your surroundings when walking in public, even look for “escape routes” in the event of an emergency. With as much time as we spend online, we should be on high alert.
• Be vigilant against suspicious communications. These include “urgent requests” from “family members” needing money or sensitive data, and unsolicited contact from those unknown numbers.
• Look for inconsistencies in grammar, spelling, tone or details, especially if the sender supposedly is a contact you’ve corresponded with before.
• Ignore calls or texts from unknown numbers. It’s generally a good policy.
• Let calls from unknown numbers go to voicemail; if it’s important, they’ll leave a message.
• If you see an email you don’t recognise, read it if you wish. But never open or download attachments unless you are expecting them from the sender.
• Implement two-factor authentication, or 2FA. This security process requires users to provide two distinct forms of identification to verify their identity. It’s an added layer of security that goes beyond a password alone.
• Change passwords frequently and never write or note them somewhere another person or online snoop can find them.

In my case, it was not a phishing exercise, but a much more sophisticated attack. My white hat hacker friend advised me to switch off my phone line with my carrier (this varies by device). Once the AI bot realises the target has gone silent, it looks for a new one. Its goal is to make money.

I was instructed to disconnect my phone line from my carrier for three hours. The moment I disconnected it, the calls and messages didn’t only stop coming to me, but also my family and friends. I took the decision to reconnect the next day. I received no more calls nor texts. The bot had moved on to find its next target.

In some ways the damage was done, but for me the lesson was learned.

I pray you never are the target of a cyber-attack. If you are, let my shock and lesson learned help guide your response. Do more research on your own and be prepared to respond – all while hoping to never be either of the two computer users IT professionals warn us about.