386 Million User Records from 18 Companies Leaked for Free

computer hacker selling PII on dark web

What Happened?

It was just recently confirmed that starting on July 21, 2020, multiple databases containing the stolen information of over 386 million consumers were posted online in a hacker forum — all for free. The exposed information was stolen from eighteen companies, including Wattpad (270 million user records), Mathway.com (25.8 million user records), Promo.com (22 million user records), and Drizly.com (2.4 million user records) through past data breaches. Many of the 18 companies involved in this data leak have announced security incidents had occurred in 2020, but several remain unknown or undisclosed. The Personally Identifiable Information (PII) in each database varies, but typically contain names, user names, email addresses, and hashed passwords. Hashed passwords can be deciphered, further exposing a breach victim to account takeover and credential stuffing attacks. Continue reading

What is Vishing? Voice Phishing Scams to Avoid

man on phone victim of vishing scam

What is vishing?

Vishing is a phone scam type of phishing attack. The word “vishing” comes from “voice” and “phishing”. Phishing scams are most often done through email, named by the idea that a fraudster is dangling a hook or a lure to get unsuspecting victims to reveal sensitive information, like usernames, passwords, or credit card details, through an email response or by clicking a link and entering the data on a website. In a vishing attack, a scammer uses a phone call to target their victims and steal information, money, or both.

Vishing can also be a type of social engineering scam — that is, the criminal uses specific or “vague enough to be real” details about the victim to get them to believe the scam caller is real and should be trusted. Vishing calls may come from a blocked number, or a fake or spoofed phone number used to impersonate a legitimate person or organization. Fraudsters also use robocalls to carry out vishing schemes on a larger scale. Continue reading

Coronavirus Scams Target Unemployment Benefits

Unemployment Scams During COVID19

Unemployment scams have become more lucrative during COVID-19, as states are providing unemployed workers with an additional $600 a week in unemployment insurance benefits as part of the CARES Act through at least July 2020. The Identity Theft Resource Center has received more complaints of unemployment identity theft in the first two weeks of May, 2020 as they did in all of 2019. Certain states, such as WashingtonMassachusettsFloridaOklahoma, and Rhode Island, have seen a particularly heightened increase of fraudulent unemployment claims, catching hundreds of thousands of individuals off-guard, and bilking millions of dollars from the system with false claims. Continue reading