Have you heard about the massive data breach at Uber? We told you this week that the rideshare company was hacked and 57 million users’ critical data was stolen.
Uber confirmed the breach and said that it paid the hackers $100,000 to delete the data. Unfortunately, this is only the beginning.
There are more security threats that you need to watch out for and you don’t even need to be an Uber user to be impacted.
How scammers are piggybacking off the Uber data breach
Whenever there is a highly publicized data breach like the one at Uber, we need to be on the lookout for separate attacks. That’s because criminals will piggyback on the news to create more scams.
Now, people are receiving phishing emails related to the Uber breach. Fraudsters are sending emails to unsuspecting victims with malicious links, hoping to steal their Uber credentials and banking information. Even if you’re not an Uber user, you might receive these types of phishing emails.
Here’s an example of an Uber phishing email making the rounds:
Image: Example of Uber phishing email. (Source: KnowB44)
As you can see in the image above, recipients are asked to click a link to change their password.
Warning! Do NOT click the link. It will lead to a spoofed site and you could end up handing your credentials over to criminals.
Phishing emails like this are typical following massive data breaches since they’re typically all over the news. People will have heard about the Uber breach and won’t think twice about receiving a notification email from the company. Which is why you need to be able to spot a phishing email and know how to handle it. Keep reading for some helpful tips on handling phishing scams.
Be cautious with links
Do not follow web links in unsolicited email messages, it could be a phishing attack. Cybercriminals always take advantage of trending news stories like the Uber data breach to try and find new victims. That’s why you need to be able to recognize a phishing scam.
One thing to watch for with phishing attacks are typos, criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Have strong security software
Make sure you’re using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware.
Set up two-factor authentication
Note: Uber does not use two-factor authentication.
Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Although Uber doesn’t offer it, it adds another layer of protection against the inevitable credential reuse attacks on your other accounts.
Use unique passwords
Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
Do not disclose sensitive data
Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email, do not reply with personal information. You don’t want it to fall into the hands of criminals. If a company that you do business with on a regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe.
Note: If you are reading this article using the Komando.com app, click here to see an example of an Uber phishing email.
Fast-spreading malware clever disguise is duping millions
Speaking of massive phishing attacks, a new scam is making the rounds and watch out, the scammer impersonates someone you know.