Page 40 - GS190101
P. 40
Education
Breaching into the New Year • Keep an eye out for URL redirects. This means
when you click a link, make sure it is not quickly
forwarding you to a different, non-secure location.
SSL certificates can also verify identities.
• Look for misspellings in URLs. Typically, they are
one character off, so at a quick glance they look
correct.
Notable breaches in 2018
Here are details on four notable breaches reported in 2018:
Facebook
By Nicholas Cucci Time frame: reported Sept. 28; occurred for an un-
Fluid Pay LLC specified period prior to that date.
ata breaches were rampant in 2018. I've identi- Description: This breach, which allowed hackers
fied four as particularly notable. Back in 2011, to access and potentially take over about 50 mil-
phishing was a major, developing issue. Now lion user accounts, was one of the largest in 2018.
D it is a streamlined staple of criminals attacking Facebook discovered this issue on it own. The
our financial networks. company's stock dipped after the breach was re-
What is phishing? ported. Three software bugs were found during
the company's investigation: the View As feature
Phishing is a cyber-attack that uses a fake or forged e-mail. let people look at profiles they did not own; digital
The goal of this method is to capture sensitive information keys, which allow users to stay logged in without
from consumers while leading them to believe the having to re-enter passwords, were also exposed;
information is being requested by a real entity, not by and fraudsters were able to gain control of other us-
an impostor. These requests will typically include credit ers' accounts from the View As feature. This breach
card numbers, Card Verification Value numbers, billing made national news and is still being investigated.
ZIP codes, usernames and passwords, and bank account Data taken is still yet to be announced.
information.
www.cnbc.com/2018/09/28/facebook-says-it-has-dis-
Fraudsters have grown adept at mimicking trusted entities covered-security-issue-affecting-nearly-50-million-ac-
such as a consumer's credit card company, bank, or other counts-investigation-in-early-stages.html
business related to an individual's personal finance
accounts. And criminals' methods are becoming more and T-Mobile
more sophisticated.
Time frame: reported Aug. 28, 2018; occurred prior
Today a phishing campaign will typically try to trick to Aug. 20; timeline still being investigated
victims into handing over sensitive information and/or
downloading malware. Malware is becoming increasingly Description: This intrusion affected around 2
popular because emails containing this malicious million T-Mobile customers. Information com-
code can get the victims to infect their own computers. promised included usernames, billing ZIP codes,
Then fraudsters can hold them ransom by locking and phone numbers, emails, and account numbers. This
controlling their devices unless a specific amount is paid breach will cause major phishing issues in the fu-
to unlock them. ture. Fake email with valid information will be sent
to consumers to try and get them to verify more
How to protect yourself sensitive details without knowing they are not ac-
tually communicating with T-Mobile. T-Mobile has
Here are steps to take to protect yourself from phishing: reached out to customers determined to have been
• Do not post any sort of personal data especially affected.
on social networks. For example, do not post birth
dates, addresses, vacation plans, phone numbers, www.abcactionnews.com/news/t-mobile-data-breach-
etc. 2-million-customers-affected-in-data-breach
• If you question an email's authenticity, call the
company involved. Its staff can help you decipher if
the email is a legitimate.
40
40
