Account Takeover Recovery for Sydney Families: Get Your Email, Socials, and Bank Logins Back After a Phishing Scam

Your mum rings on a Saturday morning. She clicked a link in a text that looked like it came from Australia Post, typed her email password into the page that opened, and now she cannot get into her Gmail. Her Facebook is posting things she did not write. Her bank has called about a transaction she does not recognise. She is panicking, you are panicking, and nobody in the family is sure what to lock down first or in what order. Account Takeover Recovery from Cyber by Exegesis is the engagement designed to walk a Sydney family through that recovery, in the right sequence, without missing the downstream accounts that will get hit next.

The problem

ACCC Scamwatch lists phishing as one of the most commonly reported scam categories in Australia, and the National Anti-Scam Centre regularly publishes alerts on the impersonation patterns driving it — fake Australia Post, fake myGov, fake bank, fake delivery platforms, fake job recruiters. The credential theft is only the start. Once an attacker is inside an email account, they pivot: they read password-reset emails, they harvest contacts, they change recovery phone numbers, they set hidden forwarding rules so you stop seeing the bank’s alerts. Within hours, a single phishing click can become a compromise of email, social media, retail accounts, and the financial accounts that share that email.

Most families try to recover one account at a time and miss the sequence. They reset Facebook before they have evicted the attacker from the underlying email. They change the bank password on the same device the attacker is still on. The ACSC’s individuals and families guidance is clear that recovery has to be coordinated — the device, the primary email, the recovery channels, and the downstream accounts, in that order — or the attacker simply gets back in.

What Account Takeover Recovery does

Cyber by Exegesis runs a fixed-scope recovery engagement for one household, one incident:

• A triage call within the engagement window to identify every account that may be affected, starting with the primary email and working outward to socials, banking, myGov, retail, and any shared family accounts.
• A coordinated reset sequence: device check first, primary email recovery and clean-up second (forwarding rules, recovery addresses, app passwords, active sessions), then downstream accounts in priority order.
• Direct walkthrough with the affected family member — including aging parents or teenagers — at a pace they can follow, not a checklist dumped over email.
• Multi-factor authentication enabled on every recovered account, with recovery codes printed and stored where the family will actually find them.
• A short written summary of what was compromised, what was recovered, what to watch for over the next 30 days, and which reports to lodge (Scamwatch, the relevant bank, and OAIC where personal information of others was exposed).

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. Our scope here is recovery and hardening of the household after a phishing-driven account takeover. We are not your bank’s fraud team and we cannot reverse transactions, but we will sit beside you while you talk to them.

How it works

1. You join the waitlist and, when we open the engagement, we run a 20-minute triage call to map every account tied to the compromised email and identify the device the credentials were entered on.
2. We check the device for obvious signs of compromise and get it to a clean state before any password is changed from it.
3. We recover the primary email account — reset the password, revoke active sessions, remove forwarding rules and recovery addresses the attacker added, and enable MFA.
4. We work through downstream accounts in priority order (banking, myGov, socials, retail), resetting credentials and enabling MFA on each, and lodging reports with Scamwatch and providers where appropriate.
5. We leave you with the written summary, the printed recovery codes, and a 30-day check-in.

Why this matters in Sydney

Sydney households sit at the front of every impersonation campaign that lands in Australia — Australia Post, the major banks, myGov, Service NSW, and the delivery platforms Scamwatch has issued recent alerts on. Cross-generational households are particularly exposed: grandparents on shared family plans, teenagers using parents’ recovery emails, a single Apple ID or Google account tying together half the family’s devices. When one account in that web is taken over by a phishing click, the recovery has to be done as a coordinated piece of work — not as six separate panicked phone calls over a weekend. That is what this engagement exists to do.

Sources

• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• eSafety Commissioner (for any cyberbullying or image-based abuse exposed by a social media takeover): https://www.esafety.gov.au/
• OAIC Notifiable Data Breaches scheme (where a takeover exposes the personal information of others): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• Cyber by Exegesis — Account Takeover Recovery (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Account Takeover Recovery for Sydney families

We are sequencing engagements by household size and by the platform of the primary compromised account (Google and Microsoft first, then the major Australian banks and social platforms). Join the waitlist with a short description of what has happened — we will tell you when we can take your household on.