When you hear about a big data breach on the news, you may think you don’t need to worry. You may think, “I don’t do business with that company, so the crooks can’t steal my identity.” Or “my email address and password weren’t involved, so it’s not my problem.” Yet it could be.
One of your friends or family members’ personally identifying information may be hacked. Then, cybercriminals could use that as a stepping stone to get to you.
Think you’re safe when you interact with friends and family on Facebook or Instagram? Those aren’t the sites breached! Again, think twice.
Many people reuse their username and password on more than one site. Imagine the bad guys get hold of an individual’s credentials from a malware attack on a major retailer, or they buy that person’s credentials for a banking site on the Dark Web after a breach. The crooks might try the credentials on those sites to see if they can gain access, but they are also likely to try those same credentials on other sites, too.
What to Watch Out for Among Friends/Family
Hackers prey on our impulse to trust others. They have greater odds of success impersonating a Facebook friend asking for help. If a Nigerian prince emails out of the blue and asks for money, most of us know by now to delete the message immediately. But if Aunt Peggie does the same thing via Facebook, you’re more likely to fall for it.
The same thing happens with malicious content. We all know not to click on attachments from people we don’t know and trust. After hacking a social media account, cybercriminals email all that person’s friends. They might say something appealing such as, “you’ve got to check out this latest hilarious video of my son!” We want to see our friend’s son being funny, so we click, and the trouble starts.
One more note: be wary of whom you accept into your “friends” circle online. Adding your niece’s best friend or your work colleague’s husband may seem like a good idea, but, that’s one more possible vulnerability.
Impersonations of people you trust aren’t only happening on social media. You might get emails that appear to be from companies you trust, vendors you know, or work colleagues. For instance, you might get an invoice from your housekeeping service. It looks like usual, with the same services listed, but the banking details are different. If you don’t catch on, you’ll be paying the crooks instead of your cleaners.
Or you might get an email from a “co-worker” asking you to remind them of a password or account number. It seems like a simple request from someone who can afford to be casual about security with you. But don’t fall for a “hey, what was that password again?” request.
Another area of daily life that cybercriminals target is online selling sites such as TradeMe. They might hack an account with solid feedback to post items for sale. They’ll accept your payment but never deliver the goods.
Ultimately, don’t rely on that browser lock suggesting a site is secure or the fact that you already know so and so. You may not be actually dealing with that individual. Always confirm, using another method of communication, before sending sensitive info or money.