Stolen Sea: Russians warned about fraud due to news of the largest data leak
In Russia, a surge in fraud is predicted due to news about the alleged largest data leak — the drain of 16 billion accounts. Later, the Russian Interior Ministry denied this news, but experts are already recording the appearance of fake resources, where it is allegedly possible to check whether the user got into the merged databases. Izvestia found out how to protect against fraudulent schemes and what to do in case of a real leak.
Surge in attacks
Russians have been warned about a surge in fraud due to news of the alleged largest data leak in recent times. Ekaterina Edemskaya, a cyber expert and analytical engineer at Gazinformservice, predicted the increase in the number of attacks in an interview with Izvestia.
—Criminals can use the data to hack accounts and other types of fraud," the expert said. — They usually send fake notifications about data compromise, posing as official services and inviting users to check their accounts. But in fact, passwords and personal information are being lured out.
Also, she added, attacks using compromised data to infiltrate accounts with minimal security measures are possible. Users may be vulnerable to attacks if they do not update passwords or activate two-factor authentication.
The analyst's concerns were confirmed by Galaktion Kuchava, an expert at the Moshelovka platform. According to him, the appearance of suspicious services exploiting the topic of "merged data checks" is already being recorded on the Runet. Experts predict that the surge will increase in the coming days and weeks.
The leak of billions of user credentials worldwide became known in mid-June. As reported, the Network turned out to contain logins, passwords, and URLs for logging into various services, for example, Apple, Google, and Facebook (owned by Meta Corporation, which is recognized as extremist and banned in Russia). At the same time, the Ministry of Internal Affairs called the leak "not new": the Department for Combating the Illegal Use of Information and Communication Technologies (UBK) of the Ministry of Internal Affairs of the Russian Federation reported that the data is an archive collected over many years by various malicious programs.
Criminal schemes
According to Galaktion Kuchava, criminals always become more active against the background of data leaks, real or imaginary. At the same time, they use several standard schemes, the most common of which are fake "verification services", which are still appearing en masse.
— Websites are created that visually copy reputable resources. The user is asked to enter his e-mail, login, or even the current password for verification, which he actually transmits to the criminals, the expert says. — Such services are advertised through phishing mailings allegedly from Apple, Google or banks with headlines like: "Your data has been compromised in a leak! Check here", in messengers, social networks.
Similar emails may come with other links, for example, to "verify your account." A person is asked to "change their password" or "check their activity" after going to a page that steals logins, passwords, and 2FA codes.
Schemes in which the merged data itself is used pose a separate danger. For example, according to Sargis Shmavonian, the leading manager of work with educational organizations at Cyberprotect, hackers can specify their real password or part of it in letters to such people to increase their credibility. They can also sort through accounts on different sites, and if a person, for example, used the same password in the mail and in online banking, hacking mail can open access to money.
Having access to email or the main account (for example, Yandex ID, Apple ID or Google), attackers can:
— restore access to your other services by clicking the "forgot password?" button.;
— steal personal data, photos, correspondence for blackmail or further fraud;
— make purchases on behalf of a person;
— send spam and malware to contacts;
— use an account to launch cyber attacks.
The expert warns that, moreover, criminals can blackmail a person if they find compromising material in correspondence or files.
—Compromising personal accounts of employees (especially those with access to corporate resources or using personal email for work) is a common initial vector for attacks on companies," the expert notes.
Methods of protection
Experts recommend taking precautions to protect your data. First, it is important to immediately change the passwords on all accounts, especially if they were used on the services mentioned in the leak or appeared on the list of leaked ones.
— Start with the most important: check your e-mail accounts, accounts ecosystems (Yandex ID, Apple ID, Google). Use complex and unique passwords for each service (not one for all), you can use a password manager for this: it will generate and remember them for you," advises Sarkis Shmavonian.
Secondly, Ekaterina Edemskaya adds, it is worth enabling two-factor authentication on all services that support it. Even if the attacker has a password, he will not log in without the second factor (the code from the application or SMS). At the same time, it is recommended to use authenticators to generate one-time codes, for example, "Yandex Key", instead of SMS messages. This approach is safer than using one-time codes via SMS.
If a person's data is leaked, the expert advises not only to change passwords, but also to closely monitor any suspicious activity, such as unauthorized attempts to log into accounts or financial transactions. In addition, you should regularly check your bank statements and credit reports for suspicious transactions.
It is better to find out if a person's data is in the drain using trusted online services — for example, there is a Russian system from the National Computer Incident Coordination Center (NCCC) or the Have I Been Pwned service.
— If not only the accounts have been leaked, but also the bank card data, or there is a suspicion of financial fraud, you should immediately block the card and inform the bank about a possible compromise. If your mail is hacked, check the list of trusted devices and sessions, and close the suspicious ones. Make sure that the backup e-mail and recovery phone are yours and are not compromised," concludes Sarkis Shmavonian.
Переведено сервисом «Яндекс Переводчик»
