She responded to one of those “Final Warning we are going to close your account” thingys and gave her email address and password.
Bad grammar, nonsense technical jargon, and a link that went to here: fixedgearwizardewqeee. 3owl. com
After she “logged in” she gave her phone number as well.
So, what can she expect and what should be done. I already told her to change her password.
Most people use the same password on dozens of accounts.
Make sure she changes every account that uses the same password.
She should change her pw on any site which uses the compromised pw.
Some sites, like amazon/facebook, use email as the login. The hackers can try to login using her email/pw on those sites.
They may search for her email in user databases hacked from other websites. If so, they may find her user id on those sites and try to use her pw to login.
She should also do an extensive virus/trojan scan of her computer. The link may have downloaded a virus.
Make sure her phone provider does not allow 3rd party charges added to her phone bill.
I am thinking their bot may have gotten her password recovery information. She should probably change all that too, no?