A ‘phishy’ tale of being hacked, attacked and temporarily unplugged

I never thought that this was going to be the longest ever flight, from Kolkata to Delhi.

As I sat messaging my husband that I was all boarded and good, a message on X popped up from a mutual who is a professional singer and more importantly, trustworthy. The message asked me to vote for her to host a podcast on Spotify. I told her that I was about to take off and would do so once I landed.

Ping. Ping.

She was desperate. “Please do it quickly, it matters a lot to me.”

And as I clicked on that link, my handle was hacked.

I have never felt so spectacularly stupid in my life.

There is a special kind of humiliation reserved for people who fall into traps they have spent years warning others about. I have been that self-appointed digital watchdog, forwarding cautionary messages on family groups, “Don’t click on suspicious links,” with the authority of a cyber-police. And there I was, clicking away like an overenthusiastic lab rat pressing the wrong lever.

I realised what had happened in that very second.

And at that exact moment, as if choreographed by the universe for maximum dramatic effect, the air hostess appeared beside me and said, with a polite but firm smile, “Ma’am, please switch off your phone.”

I wanted to tell her that my phone had, in fact, switched me off.

But rules are rules. So I obeyed.

For the next two and a half hours, somewhere between 35,000 feet and absolute despair, I sat there imagining my digital self living a parallel life. A much more active life, I must add. My hacker, it seemed, had suddenly become more social than I had ever been, messaging people, sending links, networking with an efficiency that would put most corporate professionals to shame.

Frankly, it was impressive.

I have taken days to reply to messages. This person took seconds.

At one point, I even wondered if I should let them continue. Perhaps my engagement rate would finally improve.

But the real shock was waiting patiently for me on the ground.

The moment I landed and switched my phone back on, my inbox delivered the final blow, a calm, clinical email informing me that the email address linked to my X account had been changed.

Changed.

Just like that.

To something that sounded less like a person and more like a Wi-Fi password created in a hurry, “[olomudavid493@gmail.com](mailto:olomudavid493@gmail.com)”.

I stared at it, somewhere between disbelief and a very personal sense of betrayal. Not only had this person hijacked my account, but they had also had the audacity to rename my entire digital existence after what sounded like a distant cousin I never invited to family functions.

Years of carefully curated opinions, sporadic wit and occasional brilliance, handed over to “Olomu David 493,” who, I imagine, was now running my account like a small but ambitious startup.

Reality, however, was far less amusing.

My account had turned into a hyperactive salesperson, enthusiastically distributing dubious links to unsuspecting followers. It was as if my personality had been replaced overnight with someone who believed deeply in urgency, persuasion and possibly pyramid schemes. Fortunately, most of my followers knew me too well, more than I understood myself. They refrained from clicking on the link.

In a moment of rare decisiveness, something I usually reserve for choosing desserts, I deactivated the account.

It felt dramatic. It felt final. It also felt necessary.

There is, of course, a peculiar grief that one feels when a social media account is lost. It is not just a collection of followers; it is a carefully curated extension of oneself. Opinions, jokes, fleeting thoughts, moments of validation, all neatly archived and suddenly gone.

And yet, what stayed was oddly reassuring.

The messages that followed, on other platforms, on calls, through concerned check-ins, were real. People asking if I was okay, people warning others, people stepping in where a password had failed. A mutual also messaged that his elderly father had just escaped a digital arrest bid.

It made me realise that while our online identities can be hacked, duplicated, and misused, our “actual” selves are far less fragile.

Still, I have learned my lesson.

For the last couple of days, I look at links the way one looks at street food during monsoon, tempted, but deeply suspicious. And if anyone ever messages me in a panic, asking me to click on something urgently, I will respond with wisdom, restraint and possibly verify whether it was actually sent by the person.

Because if there is one thing this incident has taught me, it is this:

In the digital world, urgency is often the first sign that you should slow down.

END OF ARTICLE