Account Takeover Recovery for Perth Individuals: Get Back Into the Account a Scammer Just Locked You Out Of

You clicked a link in a message that looked like it came from Australia Post, or your bank, or Microsoft. You entered your password and the code from your phone because the page looked right. An hour later you cannot log into your email. Your inbox is empty or full of strangers’ replies. Your social accounts are posting things you did not write. Your bank is calling about a transfer you did not authorise. Account Takeover Recovery from Cyber by Exegesis is the engagement designed to get a Perth individual back in control — fast, methodically, and in the right order.

The problem

ACCC Scamwatch lists phishing among the most reported scam categories in Australia, and the mechanics almost always end the same way: an attacker holds a credential, then uses it to pivot. The email account is the master key — once it is taken, password resets cascade across banking, retail, MyGov-linked services, and social media. Most people try to recover the wrong account first (the one they noticed) and lose the email account in the meantime. They reuse the same password on the new account. They forget the attacker may have added a forwarding rule, a recovery phone, or an app password that survives a simple password change.

ACSC guidance for individuals and families is clear that recovery has to happen in a specific order — email first, then financial, then everything that uses email as a recovery channel — and that every device the compromised account touched needs checking before the account is trusted again. Most people doing this alone, at 11pm, panicked, get the order wrong.

What Account Takeover Recovery does

Cyber by Exegesis runs a fixed-scope recovery engagement for individuals whose accounts have been hijacked:

• A triage call to map every account the attacker may have touched — email, banking, MyGov, social, retail, cloud storage — and decide the recovery order.
• Coordinated recovery with the affected provider (Google, Microsoft, Meta, Apple, your bank’s fraud team) using each provider’s published account-recovery process.
• A full sweep of the recovered email account for attacker persistence: forwarding rules, filters, alternate recovery addresses and phone numbers, connected apps, and active sessions.
• A downstream reset of every account that uses the compromised email as a recovery channel, with unique passwords stored in a password manager and multi-factor authentication enabled where the provider supports it.
• A device hygiene check on the phone and computer the credential was entered on — because if the credential leaked from malware rather than a fake page, the new password leaks too.
• A short written report covering what happened, what was changed, what to watch for over the next 90 days, and whether the incident may need to be reported to Scamwatch, your bank, or (if a service you used had a breach) referenced against an OAIC NDB notification.

Cyber by Exegesis is the cyber consultancy line of Exegesis — the same company behind the DRMO live product. This engagement is recovery, not prevention; we get you back in, lock the door behind us, and hand you a hardened setup.

How it works

1. We take a triage call within the waitlist response window, list every account in scope, and decide the recovery order — email and any account holding money come first.
2. We walk you through each provider’s official recovery process side by side, so the account is recovered to you, not to us, and the audit trail stays clean.
3. Once the email account is back, we sweep it for attacker persistence — forwarding rules, filters, recovery contacts, app passwords, active sessions — and revoke anything we did not put there.
4. We reset every downstream account that used that email for recovery, set unique passwords in a password manager, and turn on multi-factor authentication.
5. We check the device the credential was entered on, document the incident, and tell you what to report to Scamwatch and what (if anything) to flag with your bank.

Why this matters in Perth

Perth’s time zone is a quiet contributor to the problem. A phishing message that lands at 9pm AWST hits an attacker working business hours in another country, who has two to three hours of head start before most Australian bank fraud lines are at full staffing. By the time a Perth individual notices the takeover the next morning, the attacker has often already exfiltrated the inbox, redirected the recovery contacts, and made the downstream moves. A coordinated, ordered recovery — rather than a panicked overnight battle with provider help pages — is the difference between getting the account back in days and losing it.

Sources

• ACCC Scamwatch (National Anti-Scam Centre): https://www.scamwatch.gov.au/
• ACSC guidance for individuals and families: https://www.cyber.gov.au/protect-yourself
• OAIC Notifiable Data Breaches scheme (where a service that held your data has had an eligible breach): https://www.oaic.gov.au/privacy/notifiable-data-breaches
• eSafety Commissioner (where a hijacked social account is being used for impersonation or abuse): https://www.esafety.gov.au/
• Cyber by Exegesis — Account Takeover Recovery (waitlist)

Join the waitlist

Join the waitlist — first access when Cyber by Exegesis opens Account Takeover Recovery for Perth individuals

We are sequencing recovery engagements by account type (email-first hijacks ahead of social-only hijacks) and by urgency. Join the waitlist with the account type that was taken and the approximate time it happened — we will tell you when we can take a brief.