Yesterday, I covered the risks of phishing and a few steps that can be taken to greatly improve account security. We continue to bring up phishing as an area of concern, as it is the most common breach point for an organization.
Today I’ll cover another type of attack, called vishing, that is on the increase, along with the recent Facebook data breach and how to freeze your credit.
Vishing, or Voice Phishing, is similar to phishing but over the phone. A typical vishing scenario involves someone calling you with fake caller ID data (you cannot trust the displayed number, it can be spoofed) to talk with you. They may have information, including your address, SSN and credit card number from a prior breach like this one, or this one, or any of these. The scammers are practiced and good enough to fool security experts. They can empty your bank account rapidly.
So, what can you do…
- Consider only answering the phone from known callers. Even if the number matches, don’t trust it.
- When your bank calls you, call them back at the number on the back of your card or the number on their website. Do not let the caller give you a callback number. Do not use a phone number you found on Google.
- Your bank will not ask you for your Credit Card/ATM PIN or CVV code, your SSN, passwords or other secrets if they ever do call you. Remember, call the bank using the number on the back of your card. Remember, only answer known callers.
Facebook Data Breach
If you were logged out of your Facebook account, or Facebook messenger on your phone or computer in the past week, you were a victim of the recent Facebook breach. This breach impacted about 90 million users, and would have allowed the attacker full access to your Facebook account. This includes downloading anything in your account (public or private) and making changes to your account (posting as you, for instance).
The attack is now mitigated.
While I am not aware of this information being used for nefarious purposes, expect attackers to do so. They might setup bogus accounts on facebook, try to extort you for any private information you may not want public, or use the information to gain access to other accounts (does your mother have her maiden name on her account, are you friends?).
The attackers now have access to more private data, your email address, and potentially your phone number and home address.
Credit Freezes are Free
In the post-Equifax breach world we’re in, credit freezes are a step I’d recommend everyone take. Legislation passed in May, just becoming active now, has officially made credit freezes free for all. For more information, see Brian Krebs’ article on what a credit freeze is and how to get one.