Account Takeover Recovery for Perth Families: Getting Your Email, Socials, and Banking Back After a Phishing Scam

Your dad rings on a Sunday afternoon. He clicked something in a text message about a parcel a few days ago, entered his details, and now he can’t log into his email. His phone has started getting password-reset notifications for accounts he hasn’t touched in years. You check his Facebook — already locked out. His online banking — the bank has frozen it but someone has changed the linked phone number. You don’t know what was in his email, you don’t know which accounts use it for recovery, and you don’t know what to fix first. Account Takeover Recovery from Cyber by Exegesis is the engagement designed to walk a Perth family through that exact sequence — calmly, in order, and without missing the downstream accounts that get forgotten until the next surprise.

The problem

ACCC Scamwatch lists phishing as one of the most-reported scam categories in Australia. The mechanics rarely change: a text or email impersonating Australia Post, a bank, the ATO, a streaming service, or a delivery platform sends the target to a fake login page. Credentials are captured. Within hours — sometimes minutes — the attacker is inside the email account, setting up mailbox forwarding rules, harvesting password-reset links, and pivoting to social media, retail accounts with saved cards, and banking apps.

The damage compounds because most family members don’t know which of their accounts use that email for recovery. ACSC consumer guidance is clear that recovery has to be sequenced — email first, because email controls every other reset — but families under stress almost always start with the wrong account, give up, or call the wrong provider. Meanwhile the attacker still has access.

What Account Takeover Recovery does

Cyber by Exegesis runs a fixed-scope recovery engagement for the affected family member and the household:

• A triage call within one business day to map every account likely connected to the compromised credentials — email, socials, banking, retail, MyGov, streaming, cloud storage.
• A sequenced recovery plan starting with the email account, because email is the root of the recovery tree for almost everything else.
• Coordinated reset across the affected providers, including help drafting the provider account-recovery submissions that get stuck without the right detail.
• A mailbox-rules and connected-apps audit — auto-forwarding rules and lingering OAuth tokens are how attackers retain access after a password reset.
• A device check on the phone or laptop where the credentials were entered, because some phishing kits drop follow-on malware or session tokens.
• A short written summary of what was recovered, what was changed, and the recovery contacts for the family to keep on file.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement is hands-on recovery work for a household; we are not a managed service and we are not a substitute for police or your bank’s fraud team, but we coordinate with them where it helps.

How it works

1. We confirm the scope on the triage call, identify the compromised account and the likely blast radius, and agree who in the family we are working with.
2. We map every downstream account that uses the compromised email for login or recovery, and we sequence them in the order they need to be reset.
3. We work through the provider recoveries with the family member on the phone or in a shared session — Microsoft, Google, Meta, the major Australian banks, MyGov, and the common retail platforms each have their own recovery process.
4. We audit mailbox rules, connected apps, and active sessions on the recovered email account, and we check the device the credentials were entered on.
5. We leave the family with a written summary, the new recovery contacts, and a 30-day check-in to make sure nothing re-emerges.

Why this matters in Perth

Perth households are often cross-generational and geographically spread — adult children in Perth managing parents’ accounts from Joondalup or Mandurah, or supporting older relatives interstate. The time-zone gap to eastern-states provider call centres alone causes recoveries to stall overnight, which is exactly the window an attacker uses to deepen access. A Perth family that has a sequenced recovery plan, contacts the right providers in the right order, and audits mailbox rules and devices afterwards closes the loop the phishing attacker depends on staying open.

Sources

• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• eSafety Commissioner (for related online abuse or impersonation arising from a takeover): https://www.esafety.gov.au/
• OAIC Notifiable Data Breaches scheme (where personal information held by an organisation was exposed): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Account Takeover Recovery (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Account Takeover Recovery for Perth families

We are sequencing engagements by household type and by the provider stack involved (Microsoft and Google email tenants first, then the major Australian banks and Meta platforms). Join the waitlist with a short description of the situation — we will tell you when we are ready to take a brief from your family.