Well, you wouldn’t believe this. Even though I have been in Cybersecurity for some time now, and write about it every day, I almost feel victim for a Phishing scheme yesterday. I am in the process of doing an entire rebrand of my business, and part of that will be a brand-new website, to be coming soon. Well, I paid my webmaster yesterday to do the work from PayPal account.
All was fine until minutes later I got an email from PayPal saying that I needed to contact them right away for some kind of dispute. Well, I looked at the link in the email, it was not malicious, and everything else looked fine. I logged in, and everything seemed to be fine. So, I called PayPal immediately, and they said that they never sent an Email.
The whole thing seemed weird to me, so I took the usual steps to safeguard everything. But this only underscore just how sophisticated Cyberattackers have become. Even to trained professionals in this area can still fall victim, despite taking all of the precautions and even more.
What really piqued my curiosity is that I got this Email just minutes after I placed my transaction.
So not only is the technological perspective being implemented, but also the Social Engineering aspect as well, but preying upon emotions using fear tactics. This only underscores and even more myself, never respond to an Email unless you are expecting it or know the receiver. If you have any sort of doubts, always contact that individual or entity first from where the Email seems to be originating from.
That is what I should have done in the first place, and boy, was I mad at myself. Well anyways, this also underscores just how prevalent fraudulent activity has been and will become in 2020. According to a recent study entitled “RiskBased Data Breach QuickView Report 2019 Q3”, there were a total of 183 security breaches, which exposed 7.9 billion records.
This represents a Year Over Year (YOY) growth rate of both 33.3% and 112%, respectively.
More details on this study can be found at this link:
So, just to even further magnify how bad Fraudulent Activity really is, here is a listing of the top 6 Fraud Breaches that have occurred so far in 2019:
*Activity on the Dark Web:
As I have written about before, once a Security or Fraud related breach has occurred, most of the stolen Personal Identifiable Information (PII) ends up for sale on the Dark Web. Here are some of the statistics on this so far for 2019:
Dubsmash (162 million)
MyFitnessPal (151 million)
MyHeritage (92 million)
ShareThis (41 million)
HauteLook (28 million)
Animoto (25 million)
EyeEm (22 million)
8fit (20 million)
Whitepages (18 million)
Fotolog (16 million)
500px (15 million)
Armor Games (11 million)
BookMate (8 million)
CoffeeMeetsBagel (6 million)
Artsy (1 million)
These are the entities or websites that have been hacked into, and the number in the parenthesis indicates how many PII records eventually made its way to the Dark Web.
In this hack, there was a Mongo DB (database) that contained well over 150 Gb of marketing data. Over 800 million PII records were stolen, from the following named folders in the database:
Emailrecords (count: 798,171,891 records)
emailWithPhone (count: 4,150,600 records)
businessLeads (count: 6,217,358 records)
*First American Financial Corporation:
Here in the United States, this is the largest real estate title insurance company to exist. This simply means that by being the proverbial 800-pound gorilla, there will be tons of valuable information and data that is stored. Because of this, the business also fell victim to a Security Breach, in which 885 PII records were stolen, dating back all the way to 2003. This included such data as bank account numbers, mortgage and tax filings, Social Security numbers, driver’s licenses.
Based in Austin, TX this is a business entity that which develops and implements SMS based solutions SMBs all over the world. They work with almost 1,000 cell phone operators and has a reach of 5 billion subscribers. Their entire platform was hosted on Azure (from Microsoft), and their databases was hosted on the Oracle Marketing Cloud. This stored over 604 Gb worth of information and data. As a result of being such a well-known, dominant player, over 1 billion PII records were hacked into and stolen. Examples of what was hijacked include the following:
Full Names of recipients, TrueDialog account holders and TrueDialog users
Content of messages
Phone numbers of recipients and users
Dates and times messages were sent
Status indicators on messages sent, like Read receipts, replies, etc.
TrueDialog account details
*Orbivo Smart Home:
This is a vendor that makes Internet of Things (IoT) products for those American consumers who want to make their homes into “Smart” ones. They have over 1 million customers worldwide, and because of all of the inter connectedness that their products bring, it is no wonder that they became a prime target for the Cyberattacker. In this particular instance, over 2 billion PII records were stolen from countries all over the world, which included the following:
The United States
The United Kingdom
*The Social Media Sites:
Now, how can we forget about this one, especially that of the notoriety that Facebook has brought onto itself??? Information and data on all subscribers and end users are stored across various databases and servers all over the world, one of them being the ElasticSearch server. This particular site contained 4 Tb of PII records, of which, 4 billion records were hacked into and stolen. This breach makes it one of the worst ever in terms of a breach originating from one source.
My Thoughts On This
Well here you have it, the top 6 Security and Fraud Breaches that have transpired so far in 2019. It will be for interesting to see what 2020 will bring in. And one year from, now I will probably be writing on the very same topic. Just a few trends to keep in mind, from my Cybersecurity perspective:
*The Cyberattacker for the most part, will still take their own sweet time in order to study their target in order to find any weak spots to covertly penetrate into and stay in for a long time, and stealing prized PII records so that the victim will not even know about it until it is too late.
*In other instances, such as the one that happened to me yesterday, the Cyberattacker could also act quickly and decisively in order to prey upon your fears and levels of anxiety. For example, this will most likely take place via Phishing Attacks, such as what happened to me.
For example, after you make a purchase, you could very well receive an Email or even a phone call alerting you to take some sort of action. Be very careful of these, as it is very easy to fall victim into them.
In the end, nobody or any business is safe and can become a victim of a Cyberattack. If you do become one, then all that matters is that you mitigate the damage ASAP. Thus, in this regard, it is very important to keep checking your bank and credit card activity on a daily basis, at least 2X a day.