Account Takeover Recovery for Melbourne Families: Get Your Email, Socials, and Banking Back After a Phishing Scam

Your mum forwards you a text she clicked yesterday about a missed parcel, and now she can’t log into her email. By the time you sit down at her kitchen table in Glen Waverley, the attacker has already reset her Facebook password, sent a “help, I’m stranded” message to her contacts, and is poking at her MyGov. Your teenager, meanwhile, has had their Instagram hijacked from a fake “copyright violation” DM and the recovery email no longer belongs to them. Account Takeover Recovery from Cyber by Exegesis is the engagement designed to get your family’s accounts back in a deliberate order — and lock the door behind you.

The problem

ACCC Scamwatch lists phishing as one of the most-reported scam categories in Australia, and phishing is almost always the front door to an account takeover. A single click on a fake parcel notification, a fake bank SMS, or a fake “your account has been suspended” email gives the attacker a password — and from there they pivot. They reset the recovery email. They turn on a mailbox forwarding rule so you stop seeing security alerts. They use the captured email to reset the password on the bank, the retailer with the saved card, the MyGov, the school portal.

ACSC guidance for individuals and families is clear that recovery is not just “change the password”. The order matters. You recover the email account first because it controls everything downstream. You audit forwarding rules and connected apps because those are how the attacker stays in after you change the password. You then walk the downstream accounts — banking, social, retail, government — in the right sequence. Most families try to do this in a panic at 9pm on a Sunday and miss steps.

What Account Takeover Recovery does

Cyber by Exegesis runs a fixed-scope recovery engagement designed for an Australian household:

• A triage call to map every account in the blast radius — the compromised account, every account that uses it as a recovery address, and any account sharing the same password.
• Coordinated recovery with the affected provider (Google, Microsoft, Meta, Apple, your bank, MyGov, retailers) in the order that actually works, using each provider’s published account-recovery channel.
• A forwarding-rule and connected-app audit on the recovered mailbox — the two places attackers hide so they can come back after you change the password.
• A device check across the family’s phones, tablets, and laptops for the session tokens and saved logins that survive a password change.
• Multi-factor authentication turned on across the recovered accounts, with backup codes stored somewhere your family can actually find them again.
• A short written report covering what was recovered, what is still being disputed with a provider, and what to watch for over the next 30 days (including any OAIC notification you might receive if a provider determines an eligible data breach).

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is recovery and hardening. We are not your bank’s fraud team and we don’t replace a police report; we coordinate the recovery so the family is not doing it alone.

How it works

1. We start with a 20-minute call to identify the compromised account, the family members affected, and any money already moved — if funds have left a bank account, we tell you to call the bank’s fraud line before we do anything else.
2. We map the account blast radius with you on a shared document — every downstream account that uses the compromised email as its login or recovery address.
3. We recover the foundation account (usually email) using the provider’s official recovery path, then immediately audit forwarding rules, filters, connected apps, and active sessions.
4. We work down the list — banking, social media, retail, MyGov, school portals — recovering or hardening each one, turning MFA on, and recording backup codes.
5. We deliver the written report and a 30-day check-in window for any provider disputes still in flight.

Why this matters in Melbourne

Melbourne households skew toward the cross-generational pattern this engagement is built for — adult children helping parents in Doncaster or Brighton, parents managing accounts for teenagers in Bentleigh, share houses in Brunswick where one compromised email exposes four people’s deliveries and bank cards. The phishing scams ACCC Scamwatch flags most often — fake parcel notifications, fake toll-road notices, fake bank SMS, fake MyGov messages — land equally on a 17-year-old’s phone and a 75-year-old’s iPad. A Melbourne family that recovers an account in the right order, with forwarding rules audited and MFA turned on, closes the loop the attacker is counting on staying inside.

Sources

• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• eSafety Commissioner (for image-based abuse or cyberbullying that follows a social-media takeover): https://www.esafety.gov.au/
• OAIC Notifiable Data Breaches scheme (for provider-side breach notifications you may receive): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Account Takeover Recovery (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Account Takeover Recovery for Melbourne families

We are sequencing engagements by the foundation account type (Google and Microsoft mailboxes first, Apple ID second, social-media-only takeovers third). Join the waitlist with the compromised account type and how many family members are affected — we will tell you when we are ready to take a brief from your household.