Thank you for the free holiday.

We all know there are growing numbers of cyber-attacks where hackers use their devious skills to get your financial and personal information. They can then sell this data or use it to make purchases, commit fraud and the like.

A growth in account takeover rewards fraud has provided a new method for the bad guys to take advantage of a data breach and to get your free stuff.

Compromised, stolen or breached credentials are also used to book holidays, free flights or exchange loyalty points for real goods. An often less secure  portion of your environment is the rewards system – there is normally no credit card transaction which takes place and this means that compliance codes do not apply – therefore most don’t do much about it. Many of these systems do not even have an option for two factor authentication.

One of my favourite phrases is that there are two kinds of businesses out there:

Those who have been breached and

Those who do not know they have been breached.

There is little argument that cyber threats are now the biggest risk to the modern business. The attacks are growing in volume and sophistication. Every new vulnerability is jumped on by the cyber-crime elements and they move rapidly to gain maximum advantage.

The modern business is failing to keep up – often not even knowing that the vulnerability is there and that there is already a breach. The number of compromised and breached accounts our J2 CSC team discover each day is testament to this.

The hyper connected world we live in means that everything about our lives and habits are out there. The recent MyFitnessPal breach once again shows you that nothing is safe. This breach affected 150 Million accounts. Let us let this sink in for a second – 150 Million around the world.

So how does this affect you and your business you may ask?

Simple, the vast majority of people on this planet use the same password for all applications and logins, most never change them. If not the same password they will use something very close. For example, a password such as: JohnMc1 will be given iterations such as:

JohnMc2 - JohnMc1# - J0hnMc! - J@hnMc3, etc

Cyber attackers know this is human behaviour and using information gained from a public breach means that they can rapidly break open any account that is associated with that individual. This means email, webmail, corporate logins and everything else.

The evolution of online job portals has seen huge growth in the number of people uploading their CV’s onto a wide range of websites. This is done in order to find a job or to provide details on professional progression and achievements.  

Finding a wide range of these documents is simple, using a very basic Google search uncovers 1000’s of CV’s across a wide range of websites and platforms. This is not a hack, it is just a Google search.

If you click on the search result, we are then taken to the actual CV itself. This is very accessible and provides a great deal of convenience for all concerned. This is also very convenient for a cyber criminal.

I have found hundreds of CV’s on numerous South African websites that contain all the information I would need to perform cyber-crime or identity theft. In most CV’s people put in their ID number, physical address and loads of other personal information. Some even provide the details of the number and age of their children.