Why you should delete facebook immediately

It’s been reported by both Insider and Recorded Future, that a user in a low level hacking forum on the Dark Web has published the account details and phone numbers of around 533 million Facebook users. 11 million of those are from the UK.

The leaked data that has been published is made up of a wealth of personal data. The data includes information that users have posted on their profiles. This includes email addresses, phone numbers, profile names, employment information, gender details and Facebook ID’s.

Although this information from the leak is over 2 years old, Facebook confirmed that they were made aware back in 2019 and released a patch for the leak, now that the data is out in the public domain it could be very very bad for you as a Facebook user.

you have to assume your details have been compromised

The type of data which has been leaked is seen as a gold mine for cyber criminals of all levels. The information could be used for hacking attempts or social engineering attacks.

One of the most prevalent cyber attacks in the last year has been that of social engineering. Social engineering in it’s simplest form is the use of deception and manipulation in order to gain confidential information, it’s widely known as ‘hacking humans‘. With this type of data already out in the wild it makes the criminals jobs so much easier and they can use this data to impersonate you and commit all sorts of crimes.

But this data is from 2019, why should i care?

Exactly how many times have you changed your phone number or email address over the last 2 years? Chances are you’ve probably used the same details for facebook for many years… I know I have! So you have to assume your details have been compromised. Now that criminals have this data, you may see a large rise in reports of phishing attempts and fraudulent claims. Your emails and texts may become innundated with phishing and smishing attempts in order to further exploit you.

but why should I delete facebook?

This isn’t the first time Facebook has been involved in a data leak and I can promise you it won’t be the last. Unfortunately there isn’t much you can do now that the data is out in the open but what you can do is:

1. Be vigilant to phishing or fraud attempts with your details.
2. Spread the word to your friends and family, say to them “Hey, have you heard about the Facebook data leak, keep an eye out for any suspicious texts, emails or calls, it could be a hacking attempt!“

What can I do if I don’t want to delete Facebook?

1. Enable MFA. Multi factor authentication.
2. Change your email associated with Facebook.
3. Update your password recovery details.
4. Tighten up your privacy settings.

You are never going to be 100% safe and secure when using the internet but the more you can reduce your digital footprint, the better.

Final Thoughts

Cyber security isn’t just geeks in hoodies sat in dark rooms. By creating a culture of talking about cyber security issues with our friends and families we can increase awareness and lower potential risk of being victim to cyber crime. I can’t speak for the whole of my generation but I can say this, we spend upwards of 6-7 hours a day, phone glued in hand, switching between social media accounts without really ever thinking of the security implications behind them. We live in a generation where our digital identity is paramount to feeling accepted but it’s extremely easy for these accounts to be compromised. We have power in sharing and reposting tweets and instagram stories so if you do see something in the news regarding a cyber attack, share it, spread the word!

M

For further information regarding the data leak, see links below:

https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T

https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/?utm_medium=email&_hsmi=119498507&_hsenc=p2ANqtz-_YoeuD-m-83Jjvy00xZTZM6fDX1twQpJ8_lhSodhFt8CjWFxHHcSrtwF3F0bhoncLEhbj9qH7VIy-LELYANnapuVqUZmgXZUGvuvVrKFzTxfWpQrk&utm_content=119498507&utm_source=hs_email

Phishing, vishing + smishing

In a recent post, I highlighted the threat of a recent phone scam involving the HMRC, in this blog post I’ll give you more of a breakdown of phishing, vishing and smishing and give you some examples of how cyber criminals will try to fool you in attempts to gain your details.

phishing

Similar to the art of fishing which is defined as ‘the activity of catching fish, either for food or sport’, phishing is the cyber equivalent where criminals actively try to ‘catch’ your personal information by using deceptive social engineering techniques in the hopes of gaining access to your accounts both personal and financial.

Phishing is carried out via email to obtain sensitive information or data. This is done by spoofing (faking) the email to look like it’s come from a trusted source but with subtle differences. These emails are designed in a way to make you click a malicious link which would take you to a fake website created by the criminals in the hopes that you enter personal information or allow the criminals to install malware (malicious software which could freeze your system or lock your files as part of a ransomware attack).

How does phishing work?

The two main methods criminals use in phishing attacks are links to malicious websites and including malicious attachments. Usually, malicious links will take you to cloned websites of ones you are very familiar with and the malicious attachments usually have ‘click bait’ names such as ‘INVOICE’ which then install malware on your device when opened.

Below is a picture I have taken from the brilliant http://phishing.org which highlights some red flags if you think you have received a phishing email. I have also attached a couple of examples so you know what to look out for.

COVID19 GRANT PHISHING EMAIL

scam email with link to phishing website

paypal phishing email

4 things to look out for

1. Legitimate companies will usually address you by name.
2. Legitimate companies will not ask for your sensitive personal information over email.
3. Phishing emails are riddled with spelling mistakes.
4. Hover your mouse over any link to see the destination of the URL.

VISHING + SMISHING

Vishing and smishing have the exact same concept of phishing but are just two specific ways in which criminals will try to steal your information.

Vishing is the fraudulent attack of making phone calls or leaving voice messages in the attempt to get victims to reveal personal information such as bank details and credit card numbers. During a vishing call, criminals will use social engineering techniques to get you to trust them and believe they are who they say they are. They will often spoof their phone number, so it looks like it’s coming from the official business it’s pretending to be. The most common vishing scam is vishing banking. These scams involve a call from someone who says they’re from your bank and that there is problem with your account or with a payment, they will then ask you to transfer funds to a different account to fix the problem. One of the most recent vishing scams is the HMRC tax fraud scam which I wrote about in my last post. 

Smishing is the fraudulent attack that uses misleading text messages to trick victims into giving your private information via a text. Smishing is the same scam as phishing and vishing but the criminals just use text messages in the hopes that you’ll trust this form of communication more. These text messages again may include links which will take you to cloned webpages asking you to input usernames, passwords, and credit card details. 

Below are a few examples of smishing attempts.

Final thoughts

Since the start of the coronavirus pandemic more and more of us have been victims of phishing attacks. This is due to criminals taking advantage of our new work from home lifestyle, we are more susceptible to these scams as we are making more calls than before, reading more emails, and generally communicating digitally a lot more than if we were still working in the office. Unfortunately, pandemic or not, criminals will take advantage of their victims in any way they can to benefit financially. Hopefully, this blog post has highlighted some of the things to look out for and will hopefully make you think twice before you click on that email from Amazon with your £1000 gift card (insert side eye emoji here). There are so many incredible resources just a google click away when it comes to phishing scams, many large businesses are aware of them and have their teams dedicated to dealing with phishing scams. 

Also a big thanks to Alex @ItsArtBabes for the awesome animation at the top of this blog.

New blog posts every Wednesday and Sunday.

M.