And from there it would circulate and be repurposed in all different scams for years.Building an LED matrix is a fun project, but it can be a bit of a pain. Later it may emerge on criminal marketplaces to take on a whole second life. The attackers who took the data may monetize it themselves for months or years while they wait for law enforcement to move on from the incident. The Facebook breach will continue to have an impact long term, and if the data is in the hands of scammers it could evolve through multiple phases of use. "Your personal information, your name and what you do, your preferences and all of that tends to remain pretty static over the years, so unfortunately once the data is out there it becomes a threat."įacebook has also said that it will not provide free identity theft protection to breach victims, a common offering in the wake of a massive data exposure. "The type of data unfortunately in the case of Facebook is not something you can change easily, it’s not like a credit card breach where you can apply for a new card or change accounts," Malwarebyte's Segura says. And some of the ammunition they now have will last a lifetime. But when fraudsters are armed with accurate and extensive data, their attempts become that much harder to dodge. As always, monitoring financial and social media accounts for suspicious activity, avoiding messages that suddenly create a sense of urgency to act on something, and staying suspicious of links and unexpected communications are all ways to avoid scams. While the stolen data could fuel online scam campaigns for years, consumers have little recourse against malicious advertising and persuasive phishing and spam attacks. This is one of the most complicated impacts of the Facebook breach. "Many people do not realize the effect the recent Facebook breach has had on their risk for identity theft or know how to protect themselves." "Facebook is the new stolen credit card in terms of the data and value it provides criminals," says Tom Kelly, CEO of the identity protection company ID Experts. Phishers and BEC scammers could also use details from the breach to send convincing messages externally, posing as a company's client, for example, or a disgruntled customer. You're a lot more likely to think an email is really from your boss if she's referencing your upcoming birthday, and the work trip you went on to Cleveland in the fall. ![]() And having such granular data about people would enrich all sorts of phishing attacks and so-called "business email compromise" scams, in which attackers try to gain access to email accounts within a business to gain credibility, and then influence malicious activity like payments to the attacker. Segura points out that a trove like the one stolen from Facebook would be valuable for launching massive malvertising campaigns that try to entice web users to click on malicious ads, since it contains so many indicators of a person's background and preferences. If you were compromised in the Facebook hack, they now also potentially know where you live, where you've worked, and where you've been.Īttackers can use that sort of detailed information in all sorts of other ways, as well. The more credible they seem, the more likely you are to pay them off. For example, in one popular scam, an email threatens to release compromising photos of you, and uses information like your old passwords and your phone number to make it seem like the attacker really does have dirt. The data not only helps improve the general verisimilitude of broad spam campaigns, but also makes it easier to specifically tailor scams to individuals. ![]() Granular data helps spammers craft maximally convincing emails, SMS messages, and calls. ![]() "It's a priceless database trove for marketers." (Here's how to find out if you were affected, and how badly.)Īll of which becomes particularly dangerous in the hands of spammers. Hackers could also have gleaned relationship status, religion, hometown, current city, work, and education info, depending on how fully victims had filled out their profile, along with the 10 most recent locations they checked into or were tagged in, and their 15 most recent Facebook searches. Fourteen million more had their username, date of birth, gender, devices they used Facebook on, and language settings compromised at the very least. ![]() The sophisticated daisy chain attack that the hackers pulled off garnered the names, phone numbers, and email of 15 million Facebook users. That shouldn't make you feel that much better, though, given just how much damage criminals can do with the kind of information stolen from Facebook. But a new report from The Wall Street Journal suggests spammers as the culprit instead. When Facebook announced at the end of September that it had suffered a data breach that ultimately affected 30 million accounts, it seemed, perhaps, like the work of sophisticated nation state hackers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |