DON’T fall foul of a common scam after reports of a major online leak – even if you haven’t had any private info exposed.
Just last week, security experts said they’d uncovered as many as 16 billion leaked nuggets of personal info linked to popular apps and websites.
AlamyCyber-criminals will hope to take advantage of the news around a ‘data leak’[/caption]These reportedly included leaked logins – private usernames and passwords belonging to unsuspecting users.
Security experts have debated over how “new” the info in the databases is – but one thing is certain: there’s plenty of personal data circulating online.
Chances are, at least some of your info will have been exposed over the years through a combination of breaches and leaks.
But even if your data hasn’t been exposed, this latest “database leak” still spells trouble for your online security, experts have told The Sun.
That’s because when there’s news of a big “leak” like this, cybercriminals often target web users with related scams.
Rik Ferguson, the VP of security intelligence at Forescout, told The Sun that this “opens the floodgates for scammers”.
“Honestly, it doesn’t even matter that the data itself is mostly old, recycled, or even completely made up,” Rik told The Sun.
“The headline grabs attention, it spreads fast, and that’s all the cybercriminals really need.
“What we’ll see now, almost guaranteed, is a wave of social engineering, things like fake tech support calls, emails claiming your accounts are compromised, texts that urge you to click a link “right now” to secure or update something.”
He added: “Cybercriminals don’t need fresh data; they just need fresh worry. This kind of news gives them a credible excuse to contact people out of the blue, sounding plausible and urgent.
“So, the best advice is to slow down, take a breath. Treat unsolicited contact (or scare stories from well-meaning friends on Facebook) with a solid dose of cynicism.
“Your first response might be to react quickly, especially if the message is laced with urgency or fear. But that urgency is the oldest trick in the book. Scammers rely on pressure.
“They want you anxious, flustered, or off balance. They want you to be doing, not thinking. If someone’s telling you to act immediately, that’s your cue to pause.”
For instance, you might see tech support scams or “infected computer” warnings.
Criminals will be hoping that you’re worried enough about the news of a leak that you might act without thinking – clicking on a dodgy link or calling a number because you’re worried about your cybersecurity.
For instance, after the Marks & Spencer cybersecurity incident, experts warned of the danger of crooks taking advantage of the confusion around the attack.
“Stay vigilant for phishing messages pretending to be from M&S or other companies you’ve dealt with,” said NCC Group threat intelligence head Matt Hull.
A similar warning came from Check Point’s Charlotte Wilson, who said: “We often see a spike in phishing emails, fake delivery texts and scam calls after breaches like this, particularly when order history or usernames are involved.”
AlamyCrooks often use tech support scams to install dangerous apps on your device[/caption]And the same advice is true for this latest news: it’s a prime chance for crooks to trick concerned users into making a mistake.
“Discoveries like this breach are a pertinent reminder of just how easy it is for sensitive data to be unintentionally exposed online,” said Keeper Security chief Darren Guccione.
He added: “When login data is left unprotected, it can provide fuel for phishing attacks, account takeovers and identity fraud.”
But some experts suggested there wasn’t any major reason to panic.
Brian Higgins, of Comparitech, told The Sun: “The data referenced in the media is an amalgamation of several previously reported incidents.
“So it’s reasonable to expect that any users affected should have been aware of the problem and taken action when the individual threats were first identified
“The knee-jerk headlines may well fuel a slight uptick in activity from unscrupulous vendors or cyber criminal organisations.
“There’s a possibility some may exploit the fact that the data has been collected in a single repository, for example. Still, since it’s not a new breach and the facts are slowly becoming clearer, it’s doubtful any major impact will ensue.”
HOW TO SPOT THE SIGNS OF A TECH SUPPORT SCAM
Tech support scams can work in several different ways.
But they all have the same end goal: to scoop up your info, put dangerous “malware” on your devices, or steal your money.
You might receive a message over text or email – or even a phone call – saying that your device has been compromised.
DON'T PANIC – BUT ACT FAST
Here’s advice from The Sun’s tech editor Sean Keach…
This is a massive breach of privacy – it’s not the first, and it won’t be the last.
There’s no surefire way for you to avoid being caught up in an attack like this, and you can’t take back the info now it’s out there.
But what you can do is safeguard yourself against sinister crooks using this info against you.
Step 1
The main fear here is that criminals have bagged a load of passwords.
That’s why you need to switch on two-factor authentication on every account that you have.
Normally that’s a login code that is sent to you via SMS text.
They prevent crooks from logging into your account even if they know your password.
Step 2
Even better, don’t bother with SMS and use a proper authenticator – like the Google Authenticator, a free app that you can download right now.
This generates the same kind of log-in code, but it’s safer than SMS, which is an old and more easily-hacked system.
Step 3
Also, make absolutely sure that you’re not re-using passwords anywhere.
If crooks have one password and you’ve re-used it, they now have access to several of your accounts.
Use a password manager like your iPhone’s iCloud Keychain or the Google Password Manager.
They will generate strong and unique passwords for all of your accounts – and then remember them so you don’t have to.
Picture Credit: Sean Keach
And you’ll be asked to hand over a log in, install some kind of security software, or making a tech support payment.
Depending on what you hand over, you could find your online accounts broken into, your bank balance wiped out, or your computer spied on. Once a crook breaks into your accounts or device, they can potentially spy on your texts or photos, make purchases, and so much more – so not falling for scams is extremely important.
Never hand over any info or money to someone who has contacted you out of the blue.
If they’re claiming that they’re from a reputable organisation – like Microsoft or Apple – then you’ll want to contact the company directly using the number on their official website.
Don’t use any contact info that you’ve been sent by a stranger, as it’s easily faked.
“Whether it’s an email that looks like it’s from your bank, a text pretending to be your delivery service, or a call claiming to be tech support, the smart move is always the same, don’t respond directly, go to the source,” Rik told The Sun.
“Log in via the official website, not a link you received out of the blue. Call the company back on a number you already know or can find on their website.
“Or just check in with someone you trust, a quick gut-check with a colleague or friend can save you a whole world of pain.”
If someone is rushing you into making a decision, especially when private info or money is involved, then that’s a major red flag that something is amiss.
Reputable cybersecurity and tech companies won’t just text you out of the blue to tell you that you’ve been hacked and need to pay a fee.
And if they’re asking you to click a link to install an app on your machine, that’s a clear warning sign that they’re trying to compromise your device.
If you ever install any cybersecurity software, do so by going to the official website of a reputable company. Don’t install anything sent to you by a stranger – it’s dangerous.
HOW TO SEE IF YOU’VE BEEN CAUGHT UP IN A LEAK
If you’re worried that you’ve been caught up in a breach, there’s an easy way to check.
Go to the website HaveIBeenPwned here.
This website tracks lists of leaks and breaches over the years.
The HaveIBeenPwned website can reveal if your email address has been caught up in a data leakHaveIBeenPwned / The SunAnd you can enter your email address to see if it’s been caught up in any.
You’ll be able to see the exact leak that your email was exposed in, as well as any linked data – like an address, phone number, or password.
The website will also send you alerts when your email address is found in another leak or breach.
That way, you can quickly react and change your password, add two-factor authentication (like a text code) for logging in, and locking down your accounts.
EXPERT VIEW – THE SECURITY ADVICE
Here's what Rik Ferguson, VP of security intelligence at Forescout, told The Sun...
“For what it’s worth, anyone is a potential victim, even me after 30 years in the business, so don’t beat yourself up,” Rik said.
“Last year I fell for a coincidentally well-timed SMS phishing message and gave away my Netflix password before I stopped to think.
“What saved me? I use a password manager, so every website has a different, unique password.
“That slip didn’t snowball into something worse.”
He gave The Sun the following advice:
Don’t reuse passwords. Use a unique one for every website. Built-in or third-party password managers can help. Writing them down at home is also fine, just keep the list secure. Stronger beats newer. A long, randomly generated password is better than changing a weak one regularly. Don’t click unknown links. If you weren’t expecting it, ignore it. Go directly to the official website or make a call instead. Turn on two-factor authentication wherever possible, it’s simple and effective. Warn others. Talk to friends and family. Scams spread faster when people don’t know what to look for.Picture Credit: Forescout
Read More Details
Finally We wish PressBee provided you with enough information of ( Why your pics, texts and money are in danger after major ‘data leak’ even if your info wasn’t exposed )
Also on site :