By Rick Pearson
This post How Safe Is Your Money? appeared first on Daily Reckoning.
Suppose you receive an email which pretends to be from Yahoo, Google or wherever else. It tells you your account has seen some suspicious activity and you must change your password right away.
This is no longer some klutzy looking email with typos and bad grammar telling you to send money to claim your winnings in some Nigerian lottery.
No, instead, these emails are sophisticated copies of real emails sent by real US tech companies. Even the address in the “From” box will appear legitimate. The only difference is that the link that you click on takes you to a phony site.
The phony site is also absolutely identical to a real site from Google, Yahoo or whoever else’s customers hackers are targeting.
Then under the impression you’re on the correct site, you willingly enter in your username and password. You absolutely have zero reason to be suspicious because the site is truly identical to an authentic site (at least on the outside it is….)
Then a series of things start to happen. They’re all bad.
First, the hackers use your credentials to login to your account. They are not sitting there typing anything in by hand. It is all automated and it happens instantaneously. Next, they immediately change your passwords and recovery options (such as phone numbers and secret questions).
This locks you out of your account. Once that happens, you generally have no way to access your accounts. EVER. IF you don’t believe me, try contacting Yahoo or Google and telling them “I am locked out of my account, and my password phone number and secret questions are all not working”. I assure you, you will be completely out of luck because those automated recovery options are the only ones offered for free accounts.
In the meantime, the hackers have full access to everything in your account. They now know your password that you used on that account, meaning they can try using the same password on your other accounts, like you credit and bank accounts.
Next Comes the Real Damage…
Those things all happen instantaneously. But the real damage often takes a few weeks. As the hackers run these scripts on hundreds of millions of emails, they start automatically creating large file dumps containing the actual details of the underlying account (email contents, user names, passwords, bank accounts, etc.)
Periodically, they will check in on the contents of each of those file dumps and then make individual targeted attacks. In many cases, rather than do this leg work themselves, hackers sell the contents of their identity theft files to any willing buyer via “The Dark Web”. This is particularly true for hackers who are in China or Russia and don’t speak English. (They can’t read the contents of your files, so they just sell them to those who can.)
Either way, the initial phase of the attack is so perfectly convincing that many people will have no idea that they have been hacked. …read more
Source:: Daily Reckoning feed
The post How Safe Is Your Money? appeared first on Junior Mining Analyst.