Forgot your password?

How Recent Well Publicized Data Breaches Increase The Risk of Phishing and Account Takeover Attacks

By Edited Aug 30, 2016 0 0

Caution Tape

Caution tape with sun setting behnd it

Caution Tape
Credit: Stephen Bicker Photography

Recently, it came out that Target had been the target (pun intended) of another data breach,
this time involving the names, phone numbers, mailing addresses and e-mail addresses of an
estimated 70 million customers according to NBC News (http://www.nbcnews.com/business/

The people who stole this data most likely intend to sell it on the black market. The debit card
numbers, credit card numbers, and pins stolen are a clear threat, and anyone affected should
contact their bank and credit card companies to make sure that they are protected.

But what about the stolen addresses, names, and phone numbers? What kind of threat would that
pose? What could criminals possibly do with a list like this? It’s not like someone could take
this information and use it to empty your bank account – or is it?

Let’s take the following hypothetical situation: John Doe is one of the 70 million people affected
by the data breach. He is really concerned about it now, but life goes on, and 6 months down the
road, he has completely forgotten about the incident. Then he gets an e-mail. The email claims
to be from Acme Bank (or insert whatever nationally known bank you are part of) reporting that
they are doing routine account maintenance, and to protect his security, he needs to verify his
address. He clicks on a link that looks like the bank’s web address. After all, it has the bank’s
name in the web address. He is then directed to a very official looking bank website. Even the
look and feel of the website is consistent with the bank’s. The website says, “Please confirm that
your address is correct by submitting your account number, pin, and password.” The address
on the website is correct, and John has no reason (from his perspective) to be suspicious. After
all, if it was not his bank, how would they have his correct home address (keep in mind he has
forgotten by this time that his home address was stolen)? John enters the information and clicks

Little does John know that this e-mail is not from his bank. Rather, it is from a criminal syndicate
that purchased his and millions of other records from the hackers who stole his info from Target
over half a year ago. His bank account is quickly emptied along with every other person who
was fooled by the same e-mail John was fooled by.

You see criminals like this will send out the same e-mail(called a Phishing email) to all 70
million people that they have info for. They are counting on the fact that, in that group of 70
million, several thousand people will probably be customers of the bank they are targeting, and
of those, several hundred or even a thousand or two will be fooled by the e-mail and click the
link and give them the passwords and pin codes necessary to empty their bank accounts.

So what can you do to help protect yourself from this type of crime? The following online safety
tips can help protect you:
• NEVER give out your pin or password
• If you get an unsolicited e-mail request to take action from your bank, call your bank’s
phone number that is listed in the yellow pages and confirm that the e-mail is valid
• Watch out for URLs that look strange. For instance "www.acmebank.com" and
"acmebank.accunt.78f7sffd8sf7.com" are completely different websites most likely owned
by different organizations. The latter is more than likely attempting to look like the
former, but with very nefarious motives
• Before entering any information on even a trusted website, make sure that the web
address begins with “https:”, not “http:”
• Watch out for e-mails that are missing information that you would expect the
organization that they claim to be from to have
• Never ever open an attachment that comes in an unsolicited e-mail
• Keep your antivirus software updated
• Consider purchasing an ID theft and account take over monitoring service
Keep in mind that this list is not exhaustive, and it is important to always be vigilant no matter
what you are doing online.



Add a new comment - No HTML
You must be logged in and verified to post a comment. Please log in or sign up to comment.

Explore InfoBarrel

Auto Business & Money Entertainment Environment Health History Home & Garden InfoBarrel University Lifestyle Sports Technology Travel & Places
© Copyright 2008 - 2016 by Hinzie Media Inc. Terms of Service Privacy Policy XML Sitemap

Follow IB Technology