Account Takeover Recovery for Australian Families: Getting Back Control After a Phishing Scam Hijacks an Account

Your mum calls in a panic — she clicked a link in what looked like an Australia Post message, entered her details, and now she’s locked out of her email. Or your teenager’s Instagram is suddenly posting crypto ads. Or your partner’s Gmail is forwarding everything to an address none of you recognise. Once an attacker is inside one account, they usually move quickly to the others — password resets land in the email they now control, and the family’s whole digital footprint starts to unravel. Account Takeover Recovery from Cyber by Exegesis is the engagement designed to get the account back, lock the attacker out of the rest, and stop the bleed across the household.

The problem

ACCC Scamwatch lists phishing as one of the most-reported scam categories in Australia, and the National Anti-Scam Centre publishes regular alerts on the lures currently in rotation — fake delivery notices, fake job offers, fake crypto platforms, fake bank messages. The click is rarely the worst part. The worst part is what happens in the 24–72 hours afterwards, when the attacker uses the compromised account to reset other accounts, harvest contacts, and impersonate the victim to family and friends.

Families face this in a way individuals and businesses don’t. The compromised account often belongs to an older parent or a child, who is embarrassed, frightened, and not sure what to tell you. Recovery forms ask for ID and recovery information the account holder no longer remembers. Two-factor codes are going to a phone the attacker may have already SIM-swapped. The ACSC’s guidance for individuals and families is the right starting point, but executing it under pressure — across multiple providers, multiple devices, and a relative who is upset — is where most families get stuck.

What Account Takeover Recovery does

Cyber by Exegesis runs a fixed-scope recovery engagement for Australian families:

• A triage call within one business day to identify the compromised account, the accounts likely to be downstream of it (email is almost always the root), and any payment or identity exposure.
• Coordinated recovery with the affected provider — Google, Microsoft, Meta, Apple, the major Australian banks, or the major retailers — using their documented account-recovery channels, not workarounds.
• A downstream-account sweep: every account that uses the compromised email as a recovery address gets its password and recovery settings rotated, in the right order.
• A device check across the household devices the account was signed into — sign-out of all sessions, review of installed apps and browser extensions, and a clean re-enrolment of two-factor.
• A short written summary of what happened, what was changed, and what to watch for over the next 30 days (including guidance on whether an OAIC notification or a Scamwatch report is warranted).

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is recovery and containment, delivered with the patience the situation requires. We are not your IT provider on an ongoing basis; we get the account back, secure the perimeter around it, and hand you a household that is meaningfully harder to hit again.

How it works

1. You contact us through the waitlist with a short description of which account, which provider, and what you have already tried. We respond within one business day with a triage call.
2. On the call, we map the compromised account to its downstream accounts, identify the household devices in scope, and agree the recovery order.
3. We work through the provider’s official recovery process with the account holder on the line — many providers require the real user to act, and we coach them through it rather than asking for their password.
4. Once the account is back, we rotate credentials and recovery settings on every downstream account, sign out all sessions, and re-enrol two-factor on a device you control.
5. We send the written summary, including whether a Scamwatch report, a bank dispute, or an OAIC-relevant notification is appropriate, and a 30-day watch-list.

Why this matters in Australia

ACCC Scamwatch alerts published over the last year — food-delivery impersonation, fake crypto platforms, job-recruitment SMS scams impersonating Amazon and YouTube — all share the same endgame: credentials harvested through a believable lure, then reused across the victim’s other accounts. Australian families are squarely in the target set. The ACSC’s individuals-and-families guidance is clear that recovery is faster and cleaner when it is done in the right order, across the right accounts, within the first few days. That is the window this engagement is built for.

Sources

• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• eSafety Commissioner (for cyberbullying, image-based abuse, or harmful content arising from a takeover): https://www.esafety.gov.au/
• OAIC Notifiable Data Breaches scheme (where a takeover intersects with an eligible data breach): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Account Takeover Recovery (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Account Takeover Recovery for Australian families

We are sequencing engagements by provider (Google and Microsoft email first, Meta social second, Australian banks and retailers third). Join the waitlist with the provider involved and a short note on the situation — we will tell you when we are ready to take the brief.