For this project, the objective was to report on 3 recent cyber security breaches in order to gain a further understanding of how important proper data security is.
On November 3rd, 2021, Robinhood suffered a brief hacking incident that exposed the email addresses of about 5M users, full names of an additional 2M, and additional personal information for about 310 users. Hacking is when someone gains unauthorized use of someone's data; in this situation, the hacker attempted to levy its access to the sensitive information by extorting money from the company. Although the incident was quickly contained, Robinhood shared with its users that their account security settings could be adjusted through their site and app.
A separate article from CNBC suggested investing in an identity theft protection service as a precaution for future breaches. The easiest, and safest way, to protect your data from being breached in independent companies like this is to, of course, not share that information. In the absence of this option, I recommend only giving out personal information to websites you trust have decent security, and even then, limiting the amount of information is never a bad thing.
EMOTET was a prominent global malware taken down in January, 2021, but recently resurfaced. Malware is a catch-all term that applies to malicious software used by cyber criminals to gain access to a system, network, and/or data, usually with the intention of financial gain. EMOTET spread in the form of malicious Word email attachments, but it was particularly dangerous because it was "malware for hire" and allowed for other malware to be installed on any infected system.
EMOTET is making its return via TrickBot, a similar malware. ZDnet suggests installing cybersecurity patches as soon as they're available to protect yourself, as malware often exploits known security issues in order to infect computers. Prior to it's initial takedown, if you think you may have been affected, you can check your email's status here (there is some English available, but after inputting your email, Google Translate is your best bet). I also recommend investing in a cyber security service that routinely checks your computer for malware, like McAfee.
An elderly Australian couple was scammed out of over $50k in less than 24 hours, on November 14th, 2021, in an incident of internet fraud. The FBI defines internet fraud as, "the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them." In this incident, a fake Microsoft pop-up with a fake support number appeared on the elderly husband's computer screen and refused to go away. After calling the scammers, the couple granted the team remote access to their computer. After pretending to send the couple an intended refund of $250, the scammers then claim they accidentally sent $25,000 instead and need the money back. Since they still have remote access to the computer, when the couple tried to log into their bank to see if this was true, the scammers edited the webpage to reflect the deposit they claimed to have sent. From there, it became a back and forth of the scammers asking for their money back, and once it was wired, insisted that they hadn't received it and asked for it again. When the couple looked up the phone number for Microsoft support (because they suspected they were being scammed), the remote access once again allowed the scammers to link the couple to a phone number within their call center. When the couple called this number, they were scammed out of $4,000 more for an anti-virus software.
In order to protect yourself from internet fraud, you should never give remote access to anyone, even a support team, until you can verify their identity. If you already have given them access, but suspect you may be getting scammed, use a device that they don't have access to to double-check, verify, and search. It's not a bad idea to search up a phone number before you call it to see if it's been reported to belong to scammers, either.
Once you've lost money to scammers, it's incredibly difficult, if at all possible, to get even some of it back. But thankfully there are people who use their hacking skills for good, like the YouTube channel Scammer Payback. Linked here and below is a video where the YouTuber pretends to be a mark while taking down a scammer and warning potential victims. Hopefully this makes you feel a little more hopeful!
Through this project, I learned of the various ways companies and people can experience breaches in data security, and I learned the importance of having a security system in place. I will certainly be more wary of strange emails, giving out my data, and account security settings in the future.
11.09.2021