Tag: identity theft

Discord.io data breach sees 760,000 users information stolen and an end to the service
If you’re not familiar with Discord, it’s a chat service that first opened to the public in 2015 and quickly grew in popularity having a base of 3 million users just one year later in 2016. Now in 2023 there are over 150 million users, and the platform has been valued at $7 billion.

Discord filled a niche that had been previously left vacant since chat services like AOL and MSN were discontinued. In the early 2000’s to 2010’s forum-based communication rose in popularity and left many chat rooms empty.

Now as trends have changed, chat has seen a resurgence in popularity with Discord acting as a vector for many special interest groups to gather and discuss their hobbies, or for consumers to follow live updates about a product they’re interested in and even speak directly with its creators and get an inside look into the development process. No matter what your interest is, gaming, home improvement, DIY, art, music – there’s probably a Discord channel dedicated to it.

Discord.io was a third-party website that allowed users to find and share chat channels, we’re unfortunately saying was because after the breach they announced their services would be closed for the “foreseeable future”.

On the website it says “”We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,”. They’ve also listed the information that was released in the breach which included users encrypted passwords, their email and username, and even billing and payment information if they partook in a premium membership through the site.

While they’re not directly associated with Discord, this breach will still have an effect on Discord itself not just because this service has been discontinued but because of the overlapping data Discord and a Discord-centric third party application will have.

The unfortunate rub of it is when you utilize third party vendors for the products and services you use you’re sharing the same information with them as you are with everyone else, and a breach through an outside vendor can effect you as much as a breach to your business directly.

That’s why it’s important to vet your vendors and have protections in place to limit the effects a data breach can have. Protections can include:
1. If the breach involves financial data that could be used for identity theft, consider freezing your credit. This will limit the damage someone can do with your identifying information. If you’re not ready or aren’t able to freeze your credit, then we suggest credit monitoring at the very least (often provided for free by banking and credit card companies).
2. Don’t use the same password from one account to another. As we mentioned, password data was leaked in the Discord.io breach. While it’s encrypted data which is a good protection, many of these passwords will be cracked, and the people who purchased this information will try the password on users other accounts such as their email. If you use a different password for all of your accounts in unison with a password manager then a password leaked in a breach will only effect one account, greatly limiting the damage that can be done.
3. Similarly to above, to protect your accounts from intrusion you SHOULD be using MFA (Multi-Factor Authentication). We recently posted another article outlining the benefits of MFA, but in a nutshell if a hacker has gotten enough information about you from data breaches they may be able to utilize it to gain access to your accounts – even WITHOUT a password. MFA will stop most hackers in their tracks.
Even with protecting yourself, it’s still a good idea to try to limit the funnel of information about you or your business that can unknowingly end up on the web through third party breaches. Here are 5 additional ways to protect your data:

Want to learn more about how to recover from a data breach, boost your cyber security readiness, or gain additional insight in the kinds of questions you should be asking your vendors about your data? Valley Techlogic can cover all these topics and more. Schedule a consultation with us today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
August 18, 2023
Common tax return scams to watch out for in 2022
The due date for filing your taxes is just 10 days away as of writing, and as tax filers scramble to gather needed information to finish (or start) their filing – scammers are looking for ways to take advantage of the mad dash that occurs for many Americans every year.

The IRS has put together a compilation of scams they’re seeing this year, and they mention that scams may not be limited to the virtual space. Scammers may also call, mail or even show up to your door in person. So, it’s a good idea to be extra vigilant when protecting your PII (personal identifying information).

The “Tax Transcript” scam is one that commonly targets businesses, many employees will use their business email when they sign up to do their taxes and may expect communication from the IRS to come there, but scammers will send fake communications with malware attached instead. Users may click without even thinking twice (especially as email scams of this nature can be very convincing). See below for an example.

IRS Tax Email Scam Example. Credit: https://www.irs.gov/

IRS scam calls are also another common tactic. It’s a good time to reiterate that the IRS will NEVER call you asking for personal information. This news segment found on YouTube shows a scammer in action, these calls may increase as we get closer and closer to the filing deadline. You shouldn’t give out your personal information even if they have things like your address or full name (scammers will often do some research on you before calling).

Another scam aimed at businesses is one where the scammer will pose as a member of the accounting department where you work, they know many people will not question a call or email coming from a work authority. It may be a good idea if you’re a business owner to send out an email or have your accountant contact your employees to mention that like the IRS you will NEVER call or email unprompted requesting private information.

Stolen Identity Refund Fraud or SIRF is a very lucrative business, 2.8 million false returns were filed in 2018 with a potential worth of $16 billion dollars. It’s important to guard the PII information criminals need to file a false tax return on your behalf. Here are 5 steps you can take to safeguard your information:
1. The easiest? Have a good spam filter enabled on your email, that way many of these phishing scams won’t even make it to your inbox.
2. Check emails for signs it’s a phishing scam, we wrote an article on what to look for. Two standouts are an email domain that doesn’t match the sender (an IRS email won’t come from a Gmail account) or links that when you hover on them don’t match where they say they go.
3. Check with the purported sender, if the email looks like it’s coming from within your office network, but the email contents just don’t seem right – follow your gut and follow up with your department.
4. If you receive a call from a number you don’t recognize claiming to be the IRS or the authorities, try Googling the number. Many people will share information about experiences with scam numbers online as a way to warn others.
5. If you’ve already given your PII to a scammer, contact the major credit bureaus to freeze your credit and contact the IRS to report it ASAP. The IRS has steps in place for helping victims of identity theft, the sooner you act the sooner you can put a stop to the scammer’s activity under your identity.
Employee training is the best defense for business owners who want to prevent scams such as these ones as well as other cyber threats from effecting their business. Valley Techlogic offers security awareness training as well as top of line cyber security defense systems as part of all of our technology packages. Learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 8, 2022
As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks
As we’re nearing a month into the conflict between Russia and the Ukraine, cyber warfare between the two countries is reaching an all time peak. We covered the topic of Ukraine’s “IT Army” recently in this blog, and we mentioned growing concerns we’ve seen from users that there may be a spill over effect when it comes to cyber threats.

Cyberwarfare was inevitable as conflicts on the ground continue on, and as Russian hackers feel the “pinch” of the effects of sanctions imposed against Russia, we may see an uptick in financial scams. Especially as both countries have turned to cryptocurrency which can often be used as a safe haven for financial transactions taking place outside the public eye. In the case of Russia it’s being used to try and liquidate funds out of the country and in the case of the Ukraine they’re using crypto to bolster support for their economy.

We have created this chart for the types of financial scams we think may increase in the coming days (though it should be noted, financial scams were already up 70% in 2021).

Click to download the full size version.

However, hackers have also represented a beacon in the war of information currently happening between Russia and the Ukraine. Ukraine’s “IT Army” is now over 400,000 people strong, with hackers from all over the world lending their support digitally in Ukraine’s effort to protect their democracy.

DDoS attacks on government sites with Russian origins as well as document leaks – which includes a 360k file data dump from a Russian federal agency – are continuing to happen regularly. It’s estimate that over 90% of exposed Russian cloud databases have been compromised at this point.

Also, with access being restricted to sites like Twitter and other social media platforms being restricted in Russia, Squad303 is a website that was created by a group of Polish programmers that can help foreigners relay information to Russian citizens. The website founders say that over 7 million text messages and 2 million emails have been sent through the site so far.

We again want to say we don’t know what the outcome of this conflict will be, but it seems clear that consumers and businesses should be wary of the ripple effects that will occur throughout the cyber sector, possibly for years to come.

Business owners who still believe they’re “too small” to be a target should be wary that proceeding with out cybersecurity protections may make them the low hanging fruit for hackers reacting to a state of desperation. Cybersecurity protections are a worthwhile investment in your future and the peace of mind in questionable times is priceless.

At Valley Techlogic, we’re experts in the field of cybersecurity. We can perform an evaluation of your business and tell you where you are now and where you need to be to not worry that your business is “ripe for picking”. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 18, 2022