Personal information including birth date, gender, website activity, cell phone number, username, email address and hashed passwords of 3.5 million users of the dating site MobiFriends have recently been discovered to have been made available to cybercriminals on the Dark Web.  The Dark Web is a part of the Internet where cybercriminals buy and sell goods and services.  Cybercriminals often use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are phishing emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.  Making the MobiFriends data breach even worse is the fact that although the passwords of users of MobiFriends were hashed or encrypted for better protection, the MD% encryption algorithm used by MobiFriends is not particularly strong and can be unencrypted by a sophisticated hacker.

TIPS

This data breach is another reminder that you should have unique usernames and  strong passwords for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Also, whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

In addition, if you have not frozen your credit reports, this would be a good time to do so.

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them with instructions about how to get a credit freeze:

https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp
https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.experian.com/freeze/center.html

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

I also urge you to regularly go to the website https://haveibeenpwned.com/ where you can insert your email address and find what data breaches may have compromised your information.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”