Data Security: Stories of Breach and Phish

Clever people learn from others' experiences. Here we collect recent data breach and phish cases, and provide methods and suggestions to protect your privacy from social engineering and malware.

 Is my email breached?
(Check data breach event.) Check if the email breached  
Powered by HIBP(Have I Been Pwned)
 Learn how to do in 5 minutes
 Stories for Data Security
No:1 - By Huan Miles
Cybercriminals Use SEO to Target Search Results
Search Engine Optimization (SEO) is a technique that helps websites appear more often in search engine results and rank higher than other websites. Legitimate websites use SEO, such as easy-to-remember URLs and relevant keywords. Unfortunately, cybercriminals can also use SEO for their malicious websites.

Cybercriminals use SEO by adding tons of popular keywords to their website and creating multiple links that redirect you to their website. Cybercriminals can also pay third parties to visit their website, making it appear more reputable and popular to search engines. If you visit one of these malicious websites, you may be tricked into downloading a malicious file or providing your personal information.

Follow these tips to keep yourself safe from malicious search results:
  • Always hover your cursor over a link before you click, even when using a search engine. Look for spelling mistakes and overly long URLs that can hide a website's actual domain.
  • Avoid search results that include a long list of random or repeated words and phrases. That website could be using excessive keywords to draw in traffic.
  • Visit trusted websites directly by entering the URL in your browser's address bar instead of using a search engine to find the website
No:2 - By Huan Miles
A Spear Phishing Case
Recently, researchers at Fortinet observed a sophisticated phishing email sent to a Hungarian diplomat. In the email, cybercriminals disguised themselves using the first and last names of an employee in the diplomat’s IT department. In this case, the diplomat believed the email was suspicious and forwarded it to the actual employee in the IT department for investigation.

This case is a perfect example of a popular attack called spear phishing. Spear phishing attacks are targeted at a single person or department with information that cybercriminals want. In these attacks, cybercriminals research the specific person or department and figure out who they talk to frequently. Then, the cybercriminals send a message to the person or department, pretending to be someone they know and trust. It’s essential to watch out for these attacks because they can happen to anyone, not just diplomats or executives.

Follow these tips to stay safe from spear-phishing attacks:
  • Don’t open attachments or click on links in emails that you were not expecting.
  • Check email headers to make sure you recognize the sender and any other recipients.
  • Reach out to the person who allegedly sent the email by phone or in person. By reaching out to the alleged sender directly, you could save yourself and your organization from a potential spear-phishing attack
No:3 - By Huan Miles
Fake emails Target Users of Credit Unions
Recently in the United States, the National Credit Union Administration (NCUA) warned of increased cyber attacks targeting credit unions. Credit unions are typically small non-profit institutions with very loyal customers, making them the perfect target for cybercriminals.

In most credit union scams, cybercriminals send fake emails that appear to be from your credit union. The phishing emails vary from signature requests to incoming payment notifications, but each email directs you to click a link for more information. The link leads to a fake login page for your credit union. If you try to log in on this page, your username and password will be sent to the cybercriminals. Once they have access to your account, they can make unauthorized charges, empty your account, or send and receive illegal wire transfers.

Follow the tips below to stay safe from similar scams:
  • Never click on a link in an email that you were not expecting.
  • Whenever you receive a notification email, ask yourself questions such as: Did I sign up for email notifications? Have I received alerts like this in the past?
  • When you’re asked to log in to your credit union, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site, not a phony look-a-like
No:4 - By Huan Miles
SMTP Relay Services Scam
Simple Mail Transfer Protocol (SMTP) is the standard method mail servers use to send emails. Organizations typically use an SMTP relay service to send mass emails, such as marketing materials. Some organizations use Gmail as an SMTP relay service, but unfortunately, cybercriminals have found a vulnerability in the Gmail service.

Cybercriminals can spoof any organization that also uses Gmail as a relay service. For example, let’s say that a legitimate organization owns the domain sign-doc
Follow the tips below to stay safe from similar scams:
  • This type of attack isn’t limited to Gmail. Other SMTP relay services could have similar vulnerabilities. If an email seems to come from a legitimate sender, remain cautious.
  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you need to verify that an email is legitimate, try reaching out to the sender directly through phone call or text message
No:5 - By Huan Miles
Surplus of Supply Chain Scams
Throughout April, Shanghai and other major cities in China have been on lockdown due to recent COVID-19 outbreaks. Along with the ongoing war in Ukraine, these lockdowns have drastically impacted supply chains for industries worldwide.

We expect to see another wave of supply chain-related phishing and social engineering attacks. Cybercriminals could use this news to spoof shipping delay notifications, create fake advertisements for hard-to-find products, or write misleading articles about well-known organizations that the shortages could impact.

Use the tips below to help you spot supply chain scams:
  • Never click on a link or download an attachment in an email that you were not expecting.
  • Watch out for sensational or shocking headlines about the world’s supply chains. These headlines could lead to articles containing misinformation or false information intentionally designed to mislead you.
  • If you are expecting a shipment and receive a related email, confirm that the email is legitimate before clicking any links. Look for details such as the order number, the purchase date, and the payment method used for the purchase
No:6 - By Huan Miles
Scam Through Multi-Factor Authentication
Multi-factor authentication (MFA) can help you protect your online accounts by requiring that you approve login attempts before you can access the accounts. However, if you accidentally approve an MFA notification that you didn't request, cybercriminals may be able to access your accounts and personal information.

In a new scam, cybercriminals are annoying you into approving an MFA notification. The cybercriminals hope that you will eventually approve a message to stop the notifications from sending. If cybercriminals figure out your login credentials for an account, they can send you repeated MFA notifications. Then, the cybercriminals can update the MFA settings in your account to send notifications to their device instead of your own. As a result, the cybercriminals can gain permanent access to your account and any personal information in the account.

Follow these tips to stay safe from MFA scams:
  • Never approve an MFA notification that you didn't request.
  • Create unique, strong passwords for each of your online accounts. If cybercriminals can't figure out your password, they won't be able to scam you with MFA notifications.
  • If you receive an MFA notification for an account that you aren't trying to log in to, immediately change your password for the account
No:7 - By Huan Miles
Europol Vishing Scam
Voice phishing, or "vishing," is a phishing attack conducted by phone. Vishing is a classic tactic that cybercriminals continue to use today. Recently, cybercriminals launched a vishing attack that impersonates Europol, the law enforcement agency of the European Union (EU). Cybercriminals use advanced techniques to disguise their phone numbers as an official Europol number on your caller ID.

The call starts as an automated message, stating that your data has been compromised and to press the 1 key to continue. If you press 1, you're greeted by a natural person who sounds polite and professional. The caller offers to help as long as you give them information such as your name, address, and identification number. Any information you provide will be delivered straight to the cybercriminals.

Follow these tips to stay safe from similar scams:
  • Never trust your caller ID. Cybercriminals can spoof phone numbers to look like a familiar or safe caller.
  • If you did not initiate the call, do not provide personal information over the phone.
  • Hang up if you’re not sure if a call is coming from a legitimate organization. Then, find the official phone number for the real organization and call them directly. Don't call the suspicious phone number agai
No:8 - By Huan Miles
Watch Out for Apple and Meta EDR Scams
In the United States, law enforcement agencies must obtain a court-ordered warrant or subpoena before requesting user data from a tech company. Since the request is urgent, tech companies must act quickly and trust the agency that issued the request. However, law enforcement agencies can bypass this process in extreme scenarios by issuing an Emergency Data Request (EDR). Unfortunately, cybercriminals have begun hijacking law enforcement agency email systems to send fake EDRs and gather sensitive user data.

Recent news has revealed that in 2021, Apple, Meta, and other tech companies responded to fake EDRs and provided user data to cybercriminals. This data included users’ addresses, phone numbers, and IP addresses. Now that this data breach is making headlines, we expect cybercriminals to use EDR-related data leaks as a topic in phishing attacks and social media disinformation campaigns.

Here are some tips to stay safe:
  • Be cautious of emails or phone calls that claim you or your organization have been affected by these data leaks. Typically, this sort of information is communicated through regular mail.
  • Watch out for sensational or shocking headlines about Apple, Meta, or other tech companies that have experienced EDR-related data leaks. These headlines could lead to articles that contain misinformation or false information designed to intentionally mislead you.
  • Protect yourself from potential data breaches by regularly updating your passwords, using multi-factor authentication, and limiting the amount of information you share with social media platforms and online service
No:9 - By Huan Miles
Pay Attention To New QakBot Email Scam
You may have seen a suspicious email that appears to come from a trusted source, such as a friend or a famous brand. But have you ever seen a suspicious email that appears to come from you? In a new scam, cybercriminals use their email addresses to send other users phishing links.

The scam works by using the newest version of malware called QakBot. Cybercriminals send you an email that contains a phishing link. If you click on the link, QakBot will be installed on your computer. The newest version of QakBot can record your keystrokes, steal your login credentials, and even access your email accounts.

If QakBot is on your computer, cybercriminals can use your email account to send phishing emails to users in your email threads. Using the “Reply to All” functionality, QakBot will send phishing emails to users you have already interacted with. Since the phishing emails will look like they came from your email address, they will appear more trustworthy and challenging to spot.

Follow the tips below to stay safe from these types of scams:
  • Watch out for urgency in emails or messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting, even if the email seems to come from someone you know.
  • Watch out for emails that contain only a short message and a link. If you’re unsure if the connection is safe, reach out to the sender by phone to confirm the email is legitimat
No:10 - By Huan Miles
MS 365 Is Targeted with Fake Voicemails
Cybercriminals continue to find new ways to trick users and steal their credentials. Sometimes, they even recycle decades-old tools that are not intended to be malicious.

For example, cybercriminals attack Microsoft 365 users with malicious files disguised as voicemails in a new scam. The scam works by sending an email with a voicemail file attached. The filename ends in "mth.mp3", appearing to be a legitimate MP3 file. However, the file is a malicious HTML file disguised using right-to-left override (RLO) functionality.

RLO was created 20 years ago for languages that read from left-to-right instead of right-to-left. Unfortunately, cybercriminals now use this functionality to make malicious files look safe. For example, cybercriminals use RLO to display "mp3.htm" in this scam as "mth.mp3". If you open the file, you will see a fake Microsoft 365 login page instead of a voicemail. Then, any credentials that you enter on the fake login page will go straight to the cybercriminals.

Follow these tips to stay safe from similar scams:
  • Never click links or download attachments in an email that you were not expecting.
  • Before sharing any sensitive information online, make sure that the website is legitimate. For example, an MP3 file should never take you to a login page. If you're uncertain, navigate to the website directly.
  • Before sharing any sensitive information online, make sure that the website is legitimate. Navigate to the website directly before sharing any information if you're uncertain.
  • Remember that cybercriminals can use more than just links within emails to phish for your information. Always think before you clic