Facebook recently announced that they are to start alerting users if their online accounts have been targeted by state sponsored hackers. Information is then provided on how the user can increase the security of their account.
Facebooks Chief Security Officer, Alex Stamos, writes “It's important to understand that this warning is not related to any compromise of Facebook's platform or systems, and that having an account compromised in this manner may indicate that your computer or mobile device has been infected with malware”.
Whilst I applaud Facebook for taking a very proactive approach to dealing with this problem, I can't help but think that for every person that is saved by a genuine alert another 1,000 people will be exploited with fake alerts pretending to be from Facebook. How will you tell the difference between a genuine and a fake alert?
Any act that is generally done with the best intentions and for the greater good, like Facebook’s new alerting, can inevitably be reworked and used by hackers and fraudsters for malicious purposes as well.
The digital world that we live in today has created new opportunities for people to carry out scams and extort money and data from individuals and businesses.
In October 2015 British Gas was in the news with reports emerging that some of their customer’s login details had been exposed. According to reports around 2,200 of their customers email addresses and passwords were posted to an online website.
British Gas later contacted its customers and stated “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely. From our investigations, we are confident that the information which appeared online did not come from British Gas ".
So where did the information come from?
One theory is that it might have come from the customers themselves. Fake emails pretending to be from British Gas could have been sent out to thousands of random email addresses luring people to click a link and login into their British Gas account. In the cyber world this is known as Phishing.
Email is the number one communication tool of choice for most businesses. However email is inherently not very secure and there are many easy scams that people will fall victim to without even realising it.
The other side of the coin is that if you’re a hacker or fraudster targeting a business then sending an email to an employee within the business is one of the easiest ways to breach any of the initial firewalls and security defences that might have been put in place.
I think businesses really need to take a good look at the way they communicate with their customers and clients. Email is normally top of the list for most. It's cheap, fast and certainly more environmentally friendly than paper. But from the customer or clients perspective how can they tell if the email they have received is genuine or fake?
Comments