Equifax's Cyber Breach Chickens are Coming Home To Roost - Here's my Story!

By Hector Cisneros

Courtesy of Flickr

The holidays are over and I decided to sell a few things on Craigslist to recoup a little money.  So I took a few good photos of my for sale items and posted them. Within 5 minutes of my post, I received 6 inquiries asking if I still had the items. I replied yes and the big surprise happened! All six of the inquiries asked me to prove that I was not a robot! This is how I discovered one of the latest scams happening on the internet. So what's this got to do with internet marketing you may ask? Well, Cybercrime is like kryptonite to the internet, it kills trust and commerce and destroys financial lives!  In this episode of Working the Web to Win, I will explain the intricacies of this new scam, tie it to the Equifax and other major breaches, show you what to watch out for and how to avoid falling victim to this new internet scam. So take out your notebook and be ready to be intrigued and scared as I explain how the Equifax Cyber Breach Chickens are Coming Home to Roost. 

Before I get knee-deep into my own close call with cybercrime, we need to see where all of this started. Major internet breaches are nothing new. In fact, they are so commonplace that I worry that people will become jaded to the point where they start to ignore the dangers until they become victims themselves. When the Equifax breach took place, I immediately wrote an article to warn the public f the danger this breach posed. You see, when institutions like this are breached, cybercriminals gain access not only to victim's contact information, email address, credit card info and passwords, they also gain insight as to how you think by seeing all your usernames and passwords (this shows your patterns of choice).  My article called: "The Latest Hack Attack - Equifax Breach Exposes 143 Million Americans - Top things you Need to Know and Do", covered the details of the danger and steps that everyone needed to take to protect themselves. This isn't the only recent massive data breach, I wrote an article about an exposed database that may have leaked 340 million peoples financial and other personal information. You can probably add most major banking, business, financial and government entities to the list of institutions that have been hacked. And if you're talking about internet giants, Facebook, Google, Twitter, LinkedIn, Yahoo, etc...), all have been hacked multiple times. Don't believe me, do your own search on the top breaches of 2019.

Courtesy of doncio.navy.mil

Soon after having published the aforementioned articles, I also published these followups; "Cybercriminals Do It in the Dark - Your Information for Sale on the Dark Web?" and "The Latest on Cybercriminal Phishing Attacks with Fake Insurance Ads, Surveys & More". These two articles pointed out how your information was now easily accessible on the dark web and how cybercriminals were targeting baby boomers (like me) with the knowledge they had obtained. I have also mentioned in the past how cybercrime greatly increases during the holidays (read: The Growing Holiday Cyber Security Threat), and why everyone needs to be hyper-vigilant during this time. The point I am making here is this; Cybercriminals now have access to many of your usernames, and passwords allowing them to create a profile of your habits and to build a pattern of what words and characters you use to create your passwords. This makes it much easier to hack your accounts. This is why I have become a big advocate for two-step authentication. In fact, I thought two-step authentication would keep me safe but guess what? This may not be enough!

Now back to my encounter with cybercriminals just before Christmas. I mentioned in the opening paragraph that the six inquirers asked me to prove that I was not a robot. They said they would send me a text message that would provide a code  that I needed to provide them with. At that time, I had left my cellphone in the kitchen and did not want to get up and get it (thank God). So I replied to all six inquirers "that wouldn't it be easier to just call me instead". All six of the inquirers either said NO or just provided me with the code. I got up and went to the kitchen and picked up my phone and clicked on text messages and lo and behold, I had received a half dozen texts from Google providing me authentication codes to log into my Google account. Each Google code was also followed by a message not to share it with anyone. I immediately realized that these people were trying to log into my personal google account because the only way I would receive a text from Google was if someone had my username and password and was trying to log into my account and Google was sending me the authentication code. If I was half asleep that morning or had skipped drinking my coffee, I might have inadvertently provided one of these criminals that access code.

Courtesy of RAF

Here's how the cybercriminals got my user name. When I set up the Craigslist post, I used my Name and  Google Voice number. I also checked off, "Texting me Was OK". The cybercriminals either looked me up by name in their Dark Web list or used my phone number as my user name and password from their list. They had discovered my previous passwords from the numerous prior breaches mentioned earlier and had created a data set to figure out my new password. Once they had figured this out (via trial and error), the only thing they had left to complete the hack was my two-step authentication code.

Here's what the actual text conversation looked like for one of the six criminals.

Courtesy of WorkingtheWebtoWin.com

As you can see from the above text conversation, I quickly realized the scam and changed the status for communication with me on the craigslist post. What's amazing to me is that there were six different text messages all occurring within 5 minutes of my post. If asking for a code wasn't out of the ordinary for me, or if I hadn't thought that it was unusual for me to get six inquiries within a few minutes of my post, or if I hadn't thought it was unusual that all six inquirers had long-distance numbers, and if I had my cell phone in my hand at the time, it's possible I would have fallen for the trick, (but thank God I didn't! The bottom line is simple:

• Don't list your full name on Craigslist post.
• Don't use a Google Voice number unless that is all you have.
• Don't accept text only inquiries.
• If someone on craigslist asks you to prove you're not a robot, tell them to call you.
• Never give a code to someone on Craigslist (especially your Google access code).
• And lastly, use Two-step authentication for everything that allows you to.

Courtesy of Flickr

In September of 2019, I began using an encrypted FIDO U2F security key to authenticate access to my Google account. This authentication method not only requires you to have a key, but you also need to press the button on the key to log in. My backup method is a two-step authentication via text to my phone or email. I highly recommend this method to everyone. Having said that, my story should have illustrated that even this method of security isn't enough. You have to be vigilant all the time. Cybercriminals are relentless. We consumers must address the tremendous harm that has occurred because of the cyber breaches that have taken place over the last 10 years. We need laws that protect internet users from the long term danger that the Equifax and other massive cyber breaches have caused. We also need to understand the consequences of not understanding that we are at war with cybercriminals. They will continue to attack and prey on individuals and businesses that have weak security and low levels of vigilance. I further recommend that every internet user needs to learn about internet security. And I mean everyone, from your youngest child using a tablet to your aging parents surfing the web. 

Here are some resources worth reading to get you started.

• IRS Scams are on the Rise - Are You Vulnerable?
• 36 Top Cyber Security Tips to Protect your Digital World
• How to Implement an Internet Security Counter Attack
• Will the New General Data Protection Regulation (GDPR) Give us More Privacy and Security?
• The Latest on Cybercrime - Ransomware, Hack Attacks and Massive Data Breaches

Courtesy of Creech AFB

I hope this article has provided the reader with some new insights as to how clever cybercriminals are. I hope that this article has scared you into action as well. Cybercrime is at an all-time high. What is even worse is that this is just the beginning of a massive roller coaster of internet crime that is just starting to leave the station. It's going to get a lot worse from here unless a large majority of internet users step up their security game from here on out. Unless Government, Industry and financial institutions step up their game. Unless the internet giants and security companies join forces to create a unified front to increase security and internet user privacy. Without this effort, we will remain vulnerable. Take action to secure your digital world. Become proactive with your internet security and most of all lobby the major players (internet giant, security companies, the government, law enforcement and leaders of industry) to join forces to create security initiatives to protect the digital domains of our world. Anything short of a unified front will mean just more of the same, an ongoing hack fest -  where the cyber breach chickens keep coming home to roost, at digital domain near you (maybe even your house)!

That's my opinion; I look forward to reading yours.

Get your FREE copy below!

This article provides a detailed look at a new cyber scam that is being perpetrated on Craigslist users. The article provides background information on how this scam evolved and what to do to avoid becoming a victim.  This article also offers a FREE web presence analysis to help companies make wise decisions with regard to their digital marketing. Lastly, this article also provides a link to our BlogTalkRadio show as well.

If you feel your business hasn’t found the profits it expected on the Internet, we can help with guaranteed services that produce positive results, or you don’t pay. We also make sure that your websites are secure. If you would like to see your websites rank higher, you can contact us by dialing 904-410-2091. We are very good at cost-effectively creating tangible online results for our clients. We also provide 27 different digital products to help businesses get their message out. If you’re ready to take your web results to the next level, simply call me at 904-712-9355. I will email you the Free Web presence anlisys worksheet for you to fill out. It only take a few days for us to create the Free 4 page report for business. No hard sell, just useful information. An informed prospect is more likely to make wise choices which is why we don't sell, we help businesses find solutions. Our claim to fame is that we are one of a few companies that actually provide real guarantees at a fair price.

If you found this article useful, please share it with friends, family, and co-workers. I recommend checking out the links on the blog, along with checking out other related articles on our Show Notes Page.  Also, don’t forget to listen to the BlogTalkRadio show on this subject. If you have a related useful comment or opinion about this article, leave it in the comment section of this blog. Also, don’t forget to plus us, on Google+ and share us on Facebook, Twitter, and LinkedIn as well.

Hector Cisneros is COO and Director of Social Media Marketing at Working the Web to Win, an award-winning Internet marketing company based in Jacksonville, Florida.  He is also the co-host of the weekly Internet radio show, "Working the Web to Win" on BlogTalkRadio.com, which airs every Tuesday at 4 p.m. Eastern. Hector is a syndicated writer and published author of “60 Seconds to Success” and the co-author along with his business partner Carl Weiss of their hit book also called “Working the Web to Win.”