Online connections bring wonderful surprises – new friends and colleagues, and some even get married to their online match, including me. But sometimes the surprises are not so wonderful. So I’d like to share a few trends, incidents, and best practices to help you be secure this Valentine’s Day.
Trends and Scams that Began with a Search for Love
The FBI reports Americans have lost $133 million in the first half of 2021 to online fraud (or confidence fraud). There are hundreds of cases of online romances where people were swindled out of their savings by their new significant other. The new friend suddenly needs money for an emergency and asks for help. The victim complies by wiring funds, which ultimately goes towards nefarious purposes. Stories vary, but they all end with someone heartbroken and losing money. A few of these cases:
- Suspects have been charged with targeting people on dating sites such as Match.com, Christian Mingle, JSwipe, and PlentyofFish.
- CryptoRom: Scammers are using dating apps like Tinder and Bumble to steal millions in bitcoins
- Romance and Business Email Compromise (BEC) scams netted over $2.2 million
Social distancing, increased data breaches, and reliance on social media have gifted scammers more information about their potential victims online and enable them to personalize their attack.
Not only should you be cautious with a potential new partner, you should also examine the security of applications and sites that will manage your personal data.
- MeetMindful, an online dating app, was hacked and sensitive information of over 2.28 million users of the app was released.
- Plenty of Fish leaked private user information.
- CatholicSingles.com had 50,000 contacts’ real names, billing addresses, email addresses, and other private user data leaked.
- “At least 70,000 photos of women scraped from profiles in the Tinder dating app are circulating on a cybercrime forum.”
- Niche data apps exposed personal data of 100,000+ users as well as voice messages and audio recordings. This type of data could be used to extort or blackmail victims. This can impact not only your personal life, but also your professional life.
Best Practices to Protect Yourself.
Verify. While it is fun meeting new people, take your time to get to know them. Hackers are in it for the long haul to piece together details to social engineer you. Learn about your new connections, check their digital footprint. Premature familiarity is something you want to avoid to prevent a cyber attack.
Be Careful What You Share. Your private information is invaluable to you, and unfortunately, a hot commodity amongst bad actors. We’ve seen many online apps get hacked, exposing personal data and photos. And don’t forget, your photos and selfies may reveal more facts about you than you wanted – like a photo of you with your work ID.
Be Aware. Know the latest scams and techniques out there. Here are a couple of security awareness posters to help you keep aware.
Social Engineering. Keeping connected in a time of social distancing is tricky. Validate your network controls are effective with penetration testing as your online network grows.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.