1.5 Million ABA Members at Risk

1.5 Million ABA Members at Risk

The American Bar Association (ABA) is the largest association of lawyers and legal professionals worldwide, with over 160,000 members. However, this prestigious organization recently suffered a significant data breach that exposed the login credentials, putting 1.5 million ABA members at risk who used its old website or career center.

According to the ABA, the breach occurred in March 2023, when an unauthorized third party accessed its network and acquired usernames and hashed and salted passwords. These passwords were encrypted with a random string of characters, but they could still be cracked by hackers over time. Moreover, some of the passwords were default ones assigned by the ABA when the accounts were registered.

This breach poses a serious risk of identity theft for the affected members, especially if they used the same credentials for other online accounts or services. Identity theft occurs when someone uses your personal information, such as your name, Social Security number, or credit card number, to commit fraud or other crimes. According to the Federal Trade Commission (FTC), identity theft affected 4.8 million Americans in 2020, resulting in $3.3 billion in losses.

The consequences of identity theft can be devastating for anyone, especially for lawyers and other legal professionals who handle sensitive and confidential information daily. Identity theft can damage your reputation, ruin your credit score, cause legal problems, impact your ability to earn, and even jeopardize your license to practice law. 

If you are one of the 1.5 Million ABA Members at Risk you must take immediate steps to protect yourself. Here are five tips to help you prevent or mitigate identity theft:
  1. Change your passwords for all your online accounts. Pay special attention to accounts related to your work or finances. Use strong and unique passwords that are not easy to guess or crack. You can use a password manager to generate and store your passwords securely.
  2. Monitor your credit reports and bank statements regularly for suspicious or unauthorized activity. You can get a free credit report each year from the three major credit bureaus: Equifax, Experian, and TransUnion. You can also freeze your credit reports to prevent new accounts from being opened in your name without your consent.
  3. Review your ABA member profile and update any outdated or inaccurate information. You can also opt out of sharing your personal information with third parties or receiving marketing communications from the ABA.
  4. Contact the ABA and report any issues or concerns related to the breach. You can call their toll-free number at 1-800-285-2221 or email them at abaservice@americanbar.org. You can also visit their website at www.americanbar.org for more information and updates on the breach.
  5. Consider enrolling in an identity theft protection service.   Identity protection services alert you of potential threats, monitor your personal information across various sources, and assist you with identity restoration. Some of these services may offer discounts or free trials for ABA members.

The ABA data breach is a serious matter that should not be taken lightly by anyone. By following these tips, you can reduce your risk of becoming a victim of identity theft and safeguard your future as a lawyer or legal professional.

Download: Identity Theft Response Plan for Employers

5 Reasons Employers Offer Identity Protection

Silent Breach Management Concerns

Silent Breach Management Concerns

Silent breach management concerns are shown to be a real concern in the United States.

Findings

According to a recent report on cybersecurity by Bitdefender, which surveyed over 400 IT and security professionals in the U.S., France, Germany, Italy, Spain, and the U.K., almost 55% of U.S.-based respondents admitted to keeping a data breach confidential when they knew it should have been reported. This is compared to 44% to 54% of those from other countries. Additionally, the report found that 70% of U.S.-based respondents said they were told to keep a data breach confidential.  Silent breach management concerns are showing to be real.

The reasons behind the decision to keep data breaches under wraps were not clear, although Bitdefender Technical Solutions Director Martin Zugec suggested that it could be due to fear of potential monetary backlash in the form of fines or required resources to alert customers.

Top Concerns

In terms of the top threat concerns, the report found that zero-day exploits and software vulnerabilities were the most pressing, followed by phishing campaigns, supply chain attacks, and ransomware. Zugec highlighted the trend of using known vulnerability exploits as a new effective strategy for cybercriminals.

The report also revealed that respondents were worried about potential legal action against their companies due to breach mismanagement. 78% of U.S.-based respondents and 55% of overall respondents expressed this concern. This underscores the importance of having effective breach management procedures in place to mitigate the impact of any potential data breaches.

In summary, the Bitdefender cybersecurity assessment report highlights the prevalence of Silent Breach Management Concerns among security professionals. This calls for greater transparency in breach management and the implementation of effective breach management.  Properly implemented protocols can minimize the effects of any potential data breaches.

The report also emphasizes the need for continuous training and education for security professionals. Emphasizing the importance of staying up-to-date with the latest threats and best practices in cybersecurity. This can help organizations better protect their sensitive data and prevent potential breaches.

Find a more in depth analysis of the Bitdfender assessment here: https://www.techtarget.com/searchsecurity/news/365534973/42-of-IT-leaders-told-to-maintain-breach-confidentiality

 

SVB Collapse Enables Scammers

SVB Collapse Enables Scammers

Silicon Valley Bank (SVB) collapsed on March 10, 2023, which has caused a ripple effect throughout the global financial system. Unfortunately, the SVB Collapse Enables Scammers to take advantage of the situation and use the bank’s downfall to scam people.

SVB was a US-based commercial bank and the 16th largest bank in the country, which also happened to be the largest bank by deposits in Silicon Valley, California. The bank failed after a run on its deposits, which has impacted many businesses and people in the technology, life science, healthcare, private equity, venture capital, and premium wine industries who were customers of SVB.

What they are using

Security researchers have noted that hackers are registering suspicious domains and conducting phishing campaigns, preparing for business email compromise (BEC) attacks. These attacks aim to steal money, steal account data, or infect targets with malware.

Researcher Johannes Ulrich has reported that threat actors are already registering suspicious domains related to SVB that are very likely to be used in attacks. Cyber-intelligence firm Cyble has also published a report exploring developing SVB-themed threats and warning about additional domains. Some examples given in a report published on the SANS ISC and Cyble websites include:

  • login-svb.com,
  • svbbailout.com,
  • svbcertificates.com, svbclaim.com,
  • svbcollapse.com,
  • svbdeposits.com,
  • svbhelp.com,
  • svblawsuit.com.
  • svbdebt.com,
  • svbclaims.net,
  • svb-usdc.com,
  • svb-usdc.net,
  • svbi.io,
  • banksvb.com,
  • svbank.com,
  • svblogin.com.

Many of these sites were registered on the day of the bank’s collapse and are already hosting cryptocurrency scams.

How they are using it

The scammers might attempt to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank’s collapse. Some threat actors are impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse. However, these bank accounts belong to the threat actors, who steal payments meant to go to the legitimate company.

These scam pages tell SVB customers that the bank is distributing USDC as part of a “payback” program. However, clicking on the site’s ‘Click here to claim’ button brings up a QR code that attempts to compromise crypto wallets when scanned.

In another case, the threat actors behind “cash4svb.com” attempt to phish former SVB customers’ contact information who are trade creditors or lenders, promising them a return between 65% and 85%.

SVB Collapse Enables Scammers to take advantage of the situation and use the bank’s downfall to scam people.  Overall, people must be vigilant about these scams and take steps to protect themselves from cybercriminals.

related articles

Artificial Intelligence & Social Engineering: You Need to Know

Artificial Intelligence & Social Engineering: You Need to Know

Artificial Intelligence (AI) has come a long way, bringing numerous benefits. However, it also has the potential to be used for malicious purposes, especially in social engineering. This article will show you how AI can manipulate people and why it’s crucial to be aware of these tactics to protect your personal information.

What is Social Engineering?

Social engineering manipulates individuals into revealing confidential information or performing actions that benefit the attacker. Attackers use various methods, such as emails, phone calls, or in-person interactions. AI can automate these tactics and make them even more sophisticated.

How AI Manipulates People

AI can manipulate people through voice assistants. AI-powered voice assistants can mimic human voices, making it hard to tell the difference between a human and an AI. This can trick individuals into revealing personal information, leaving them vulnerable to attack. Here is an example story from Knowbe4.

Chatbots are another tool that AI uses for social engineering. Chatbots can hold conversations with individuals, leading them to reveal personal information. People often trust chatbots, thinking they are human, but chatbots can be programmed to manipulate individuals into revealing sensitive information, which attackers can then use for malicious purposes.

Why You Must Be Cautious

Attackers value personal information, such as Social Security numbers, credit card numbers, and home addresses. AI-powered social engineering increases the risk of this information falling into the wrong hands. The tactics used are sophisticated and hard to detect.

To protect your personal information, be cautious when interacting with AI-powered voice assistants or chatbots. Provide personal information only to trusted sources. Be wary of suspicious emails or phone calls that ask for personal information.

AI has the potential to manipulate people through social engineering. Be aware of these tactics and protect your personal information by being cautious when interacting with AI-powered voice assistants or chatbots. Only reveal personal information to trusted sources and be cautious of suspicious emails or phone calls.

If you like this article, Artificial Intelligence & Social Engineering: You Need to Know, please share!

Related articles:

 

3rd Largest Economy – Cybercrime

3rd Largest Economy – Cybercrime

Cybercrime is the third largest economy in the world, with costs estimated at around $8 trillion globally. This staggering figure highlights the alarming reality of the current digital landscape and the importance of taking cybersecurity measures seriously.

The United States and China, two of the largest economies in the world, are not immune to the threat of cybercrime. It is imperative that businesses, government organizations, and individuals take proactive steps to protect their assets and sensitive information. This includes investing in security measures such as firewalls, encryption technologies, and regular software updates, as well as preparing for potential breaches by having a comprehensive response plan in place.

Moreover, companies have a responsibility to protect their employees and customers from the damaging effects of a cyberattack. Personal information, financial data, and confidential business information must be kept secure to prevent identity theft, fraud, and loss of revenue.

Investing in cyber security is not just about protecting assets; it’s also about building trust with stakeholders. To ensure that they are protected against potential attacks, businesses must adopt a transparent and proactive security strategy. They must develop policies and procedures to protect their systems and invest in cutting-edge technology such as firewalls, anti-malware programs, and encryption software

Cybercrime is an alarming reality that is having a significant impact on the global economy. Companies and individuals must take proactive steps to secure their systems and protect sensitive information to avoid the devastating consequences of a cyberattack. The time to invest in cyber security is now, before it is too late.

Feeling unprepared for a breach?

We hear it all the time, breaches happening over and over again but what can we do to prepare for one? What plans do we have in place for when it happens? defend-id4B is here to give you a simple path to ensure you are ready.

defend-id4B provides your business with pre-breach response planning, post-breach regulatory response and notification services, and fully managed fraud recovery for compromised clients. Along with dark web monitoring, and business fraud restoration.

Related Breach article concerning the healthcare industry:  Healthcare Breaches and Medical ID Theft

 

 

Are Financial Companies Protecting Your Personal Data?

Are Financial Companies Protecting Your Personal Data?

Are financial companies protecting your personal data from Identity Theft and Fraud?

In July, I read that “cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion,” according to Juniper Research.

Online payment fraud includes losses such as those from digital sales, physical goods, banking transactions, and peer-to-peer payment apps.

I also read a November Consumer Affairs article titled “Scammers are using Facebook Marketplace, Zelle, and PayPal to snare new victims,” where “scammers are impersonating recognized businesses like Amazon, Apple, and other name-brand companies to appear reputable to their target, to then run off with their personal or financial information.”

Consumer Affairs reported, “the top 5 scams were bank/credit card (10.3%), debt/loan (6.6%), and free money (6.4%).”

According to Jim Luff, Corporate Communications Manager at Aurora Payments (a leading payment service and solutions provider), Aurora sent a March 2022 message to its merchants where Aurora Payments explained how the chargeback process is often used to commit fraud by claiming merchandise was not received, misrepresented or the result of “friendly fraud.”

In friendly fraud, online orders are placed by someone known to the cardholder, such as a child using a parent’s credit card without their knowledge. Aurora Payments shares detailed information about chargeback fraud in their merchant message, “The Great Chargeback Surge of 2022

Consumer Affairs also reported that “many of the scams target consumers who use peer-to-peer payment services and other platforms connecting users directly to one another” and that “scammers were also “lurking” on P2P cash transfer apps Zelle (86%) and PayPal (31.8%).”

Fortunately, according to this November New York Times article titled “Banks Plan to Start Reimbursing Some Victims of Zelle Scams,” the seven banks that own Zelle (Bank of America, Capital One, JPMorgan Chase, PNC, Truist, U.S. Bank, and Wells Fargo) will now compensate customers who fall victim to certain kinds of Zelle related scams, including fake bank fraud texts, emails, and phone calls.

Which leads me to…

All of the above leads me to the Money20/20 USA Fintech Conference that I attended in October.  It’s the largest global fintech event connecting the payments industry, including issuers (e.g., banks and credit unions providing debit, credit, or prepaid cards to consumers) and payment processors (e.g., Stripe, PayPal, or Square), along with payment networks such as American Express, Mastercard, and Visa.

During the conference, I picked up a copy of The State of Fraud and Financial Crime in the U.S., a survey of 200 financial institutions with assets of at least $5 billion. The surveyed executives held leadership positions in fraud and risk operations, money laundering, fraud strategy, fraud management, and technology and data science.

According to the survey, sponsored by PYMNTS, 62% of financial institutions reported an increase in financial crime year over year. Additional survey highlights included the following:

  • The average cost of scams to each financial institution was $102 million.
  • Fraud rates and losses increased for nearly all payment types in 2021.
  • Smaller financial institutions are getting attacked the most.
  • Authorized and unauthorized fraud types currently appear to be relatively equal, but scams are on the rise within authorized fraud.
  • Criminal approaches are becoming more sophisticated, and most financial institutions consider this to be a problem.

What does all this mean? It means that while consumers are big targets for identity theft, fraud, and scams, financial institutions are bigger targets.

So back to the title of this article: are Are financial companies doing enough to protect your personal data from Identity Theft and Fraud? My answer is threefold: 
  1. First, and based on my experience at the Money 20/20 Conference, I believe the payments processing industry is doing a good job managing fraud prevention to help make payment transactions safer for both consumers and businesses.
  2. Second, Zelle’s proposed rule change for early next year requiring the network’s member banks to compensate customers who fall victim to certain kinds of scams is very positive.
  3. Finally, based on the reality of bad actors such as nation states, cyber thieves, and identity theft criminals, the financial services industry will continue to be heavily targeted by identity thieves due to a large consumer account base and the significant amount of personal data these institutions collect and store.

by Mark Pribish

Practice Leader, Identity Theft, and Data Breach Services

43% of Breaches Affect Small Businesses
Why Provide Identity Theft Protection as an Employee Benefit?

 

 

error

Enjoy this blog? Please spread the word :)