“With the amount of personal information leaked from Facebook – cybercriminals can create convincing phishing or social engineering attacks,” expert says.
World, April – 4, 2021: On Saturday Business Insider reported that 533 million Facebook users’ phone numbers and personal data have been leaked for free in a low level hacking forum.
According to the report, data includes full names, phone numbers, location, email address, and other information.
Users from 106 countries are affected – 32 million in the US, 11 million in the UK, and 6 million in India.
Why this is bad news during the pandemic
Comment by Daniel Markuson, digital privacy expert at NordVPN:
“Such information is a goldmine for scammers, so we can expect to see more personalized phishing or social engineering attacks all over the world, especially as this information has been posted for free. It means that anyone with shady intentions was able to get their hands on it.
This leak raises huge concerns, especially now. Cybercriminals exploit fears or feed on the need for urgency. We have already seen a surge in pandemic-related cybercrimes and this trend continues.
Now, as countries all over the world are starting to roll out vaccination programs, there is another opportunity for cybercriminals.
In March, NordVPN Teams observed that vaccine related Google searches in the United States grew by 1,900% since January. This shows that Americans are becoming increasingly anxious to get their COVID-19 vaccine and might be an easy target for hackers.
In December, INTERPOL issued an alert to law enforcement across 194 countries, warning them to prepare for crimes revolving around COVID-19 vaccines. Investigators have also reported vaccine-related activities on the dark web.
With the amount of personal information leaked from Facebook – cybercriminals can create convincing phishing or social engineering attacks.
How to spot a phishing email or smishing SMS, according to Markuson:
1 Check the sender’s address or telephone number. Don’t just trust the display name – pay attention to the email address, telephone number, and other sender credentials.
2 Look for spelling and grammar mistakes, design issues. Serious companies and institutions don’t usually send out emails with bad grammar; email design is usually lean and precise.
3 Don’t click on links or download attachments. If that’s an email – hover your mouse over the link to see the destination link. Check if it looks legitimate and, especially, if it contains the “https” part to indicate a secure connection. If that’s and SMS – it’s better to search for the website yourself.
4 Consider context. Were you expecting such an email or SMS? If not, it is probably suspicious, especially if the offer is too good to be true.
5 When in doubt, contact the company or institution over the phone or alternative email address and ask to confirm if the email is legitimate.
6 If you notice something unusual –report the incident to the authorities. Raising the alarm can help not only you, but others affected by the leak as well.
Everyone can become a victim of phishing scams. Although some of them are pretty obvious, others can be challenging to spot.
As a prevention measure, use cyber security software such as VPNs, antiviruses, spam filters, and firewalls.
(Re) published after authorisation by NordVPN