Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Identity Theft. Show all posts
phishing
Coinbase credit freeze Crypto Wallet cryptocurrency Cybersecurity Data Breach Identity Theft phishing

Coinbase Confirms Data Breach Impacting Over 69,000 Users, Refuses $20M Extortion Demand

 

Coinbase, the leading cryptocurrency exchange in the United States, disclosed a recent cybersecurity breach affecting 69,461 users, according to a notification submitted to the Maine attorney general’s office. Although the hackers failed to access individual accounts or sensitive login details such as two-factor authentication codes, private keys, or crypto wallets, they were able to obtain a wide array of personal data.

The compromised information includes:
  • Full names
  • Residential addresses
  • Phone numbers
  • Email addresses
  • Partial Social Security numbers
  • Masked bank account details
  • Government-issued ID images (e.g., driver’s licenses, passports)
  • Account-related data such as transaction history and snapshots
In an SEC filing, Coinbase revealed that the attackers paid offshore contractors to gain access to internal systems. This information was weaponized to launch a social engineering scam. The perpetrators demanded $20 million in exchange for not leaking the stolen data—an offer Coinbase declined.

"Instead of funding criminal activity, we have investigated the incident, reinforced our controls, and will reimburse customers impacted by this incident," the company said in its statement.

Coinbase is currently collaborating with law enforcement and has established a $20 million reward fund to incentivize tips that could lead to the identification and capture of the individuals responsible.

Meanwhile, reports on Reddit suggest that some users received unsolicited password reset notifications as early as last week. It is still unclear whether these incidents are directly connected to the breach. CNET contacted Coinbase for a response, but no comment was issued at the time.

Steps to Protect Your Crypto and Data
Although Coinbase has confirmed that seed phrases and investor accounts remain secure, the exposure of personal data is significant. Here’s what you should do now to safeguard your information:

1. Use a Cold Wallet
security, coldwallet, hardwarewallet, cryptoassets
For regular crypto investors, shifting funds to a cold wallet—a device not connected to the internet—can provide an extra layer of security in case of future breaches

2. Freeze Your Credit Reports
creditfreeze, SSN, financialsecurity
Freeze your credit reports with all three major bureaus and consider placing a lock on your Social Security number to prevent identity misuse. Be cautious of phishing attempts that may exploit this situation.

"It's worth the hassle of setting up accounts with all three major credit bureaus. I get peace of mind at zero cost to me," said Danni Santana, CNET’s identity theft editor.

3. Notify Your Bank
banking, accountsecurity, financialfraud
Even if only partial account information was exposed, contact your bank to report the incident. You may want to open new checking or savings accounts as a precaution.

4. Enroll in Identity Monitoring Services
identitytheft, monitoring, datasecurity, insurance
Opt into a free credit and identity monitoring service. While these platforms don’t take direct action, they provide alerts if your data appears on the dark web. Paid services like Aura go further, offering identity restoration support and up to $1 million in identity theft insurance.
Read more »
personal data security
AI Deepfakes AI technology AI tools Child Identity Theft Cyber Security Deepfake Deepfake Images deepfake videos Identity Theft personal data security

AI Can Create Deepfake Videos of Children Using Just 20 Images, Expert Warns

 

Parents are being urged to rethink how much they share about their children online, as experts warn that criminals can now generate realistic deepfake videos using as few as 20 images. This alarming development highlights the growing risks of digital identity theft and fraud facing children due to oversharing on social media platforms.  

According to Professor Carsten Maple of the University of Warwick and the Alan Turing Institute, modern AI tools can construct highly realistic digital profiles, including 30-second deepfake videos, from a small number of publicly available photos. These images can be used not only by criminal networks to commit identity theft, open fraudulent accounts, or claim government benefits in a child’s name but also by large tech companies to train their algorithms, often without the user’s full awareness or consent. 

New research conducted by Perspectus Global and commissioned by Proton surveyed 2,000 UK parents of children under 16. The findings show that on average, parents upload 63 images to social media every month, with 59% of those being family-related. A significant proportion of parents—21%—share these photos multiple times a week, while 38% post several times a month. These frequent posts not only showcase images but also often contain sensitive data like location tags and key life events, making it easier for bad actors to build a detailed online profile of the child. Professor Maple warned that such oversharing can lead to long-term consequences. 

Aside from potential identity theft, children could face mental distress or reputational harm later in life from having a permanent digital footprint that they never consented to create. The problem is exacerbated by the fact that many parents are unaware of how their data is being used. For instance, 48% of survey respondents did not realize that cloud storage providers can access the data stored on their platforms. In fact, more than half of the surveyed parents (56%) store family images on cloud services such as Google Drive or Apple iCloud. On average, each parent had 185 photos of their children stored digitally—images that may be accessed or analyzed under vaguely worded terms and conditions.  

Recent changes to Instagram’s user agreement, which now allows the platform to use uploaded images to train its AI systems, have further heightened privacy concerns. Additionally, experts have warned about the use of personal images by other Big Tech firms to enhance facial recognition algorithms and advertising models. To protect their children, parents are advised to implement a range of safety measures. These include using secure and private cloud storage, adjusting privacy settings on social platforms, avoiding public Wi-Fi when sharing or uploading data, and staying vigilant against phishing scams. 

Furthermore, experts recommend setting boundaries with children regarding online activity, using parental controls, antivirus tools, and search filters, and modeling responsible digital behavior. The growing accessibility of AI-based image manipulation tools underscores the urgent need for greater awareness and proactive digital hygiene. What may seem like harmless sharing today could expose children to significant risks in the future.
Read more »
secure VPN
Customer Data customer data privacy Cyber Security Identity Fraud Identity Theft identity theft protection NordVPN secure VPN

NordVPN Introduces £5,000 ID Theft Recovery Coverage for UK Users on Ultimate Plan

 

NordVPN has launched a new identity theft recovery benefit for its UK subscribers, offering up to £5,000 in reimbursement to help users recover from the financial and emotional toll of identity fraud. This latest addition to its cybersecurity toolkit is exclusively available to customers subscribed to the NordVPN Ultimate plan, priced at £5.09 per month, paid annually at £137.43. 

This move comes amid growing concerns over online threats, especially following recent data breaches involving major UK retailers like Marks & Spencer, Harrods, and Co-op. In these incidents, attackers managed to access sensitive customer data, highlighting the increasing risk faced by consumers today. NordVPN’s ID theft recovery feature complements its existing scam loss protection and is designed to ease the burden of recovering one’s identity after it has been compromised. 

Covered expenses include restoring credit ratings, resolving issues with bank accounts or loans, and even reclaiming lost wages if a victim had to take time off work to deal with the aftermath of identity theft. Additionally, this protection can help victims clear their names in cases where their identities are used for malicious purposes. For those who fall prey to scams—whether through phishing, AI-driven deepfake schemes, or romance fraud—NordVPN offers up to 12 months to file a claim if their bank or financial institution cannot provide assistance. 

These benefits are not limited to the UK alone. NordVPN’s coverage also extends to users in countries like France, Germany, Italy, Sweden, and the Netherlands, with 24/7 access to support services. While NordVPN Basic remains the more affordable option at £2.39 per month, the Ultimate plan’s added layer of financial security could be a worthwhile upgrade for users seeking peace of mind. In comparison, NordVPN users in the United States receive broader coverage through the NordProtect service, which includes cyber extortion and fraud protection with coverage up to $1 million—either through NordVPN Prime or as a standalone service.  

Although the UK plan doesn’t offer the same level of compensation as its U.S. counterpart, the £5,000 coverage still represents a meaningful step toward consumer protection. In an age where cyberattacks are common and even large companies struggle to safeguard data, investing in robust protection is becoming increasingly important. Whether or not users choose to upgrade, staying informed about digital security best practices remains the first line of defence.
Read more »
ticketing
Cybersecurity Data Breach Digital Security Encryption event tickets Fraud Hacking Identity Theft PII Privacy ticketing

Massive Data Leak Exposes 520,000+ Ticket Records from Resale Platform 'Ticket to Cash'

 

A critical security lapse at online ticket resale platform Ticket to Cash has led to a major data breach, exposing over 520,000 records, according to a report by vpnMentor. The leak was first uncovered by cybersecurity researcher Jeremiah Fowler, who found the unsecured and unencrypted database without any password protection.

The database, weighing in at a massive 200 GB, contained a mix of PDFs, images, and JSON files. Among the leaked files were thousands of concert and live event tickets, proof of transfers, and receipt screenshots. Alarmingly, many documents included personally identifiable information (PII) such as full names, email addresses, physical addresses, and partial credit card details.

Using the internal structure and naming conventions within the files, Fowler traced the data back to Ticket to Cash, a company that facilitates ticket resale through over 1,000 partner websites. “Despite contacting TicketToCash.com through a responsible disclosure notice,” Fowler reported, “I initially received no response, and the database remained publicly accessible.” It wasn’t until four days later, following a second notice, that the data was finally secured. By then, an additional 2,000+ files had been exposed.

The responsible party behind maintaining the database—whether Ticket to Cash or a third-party contractor—remains uncertain. It’s also unknown how long the database was left open or whether it had been accessed by malicious actors. “Only a thorough internal forensic investigation could provide further clarity,” Fowler emphasized.

Ticket to Cash enables users to list tickets without upfront fees, taking a cut only when sales occur. However, the company has faced criticism over customer service, particularly regarding payment delays via PayPal and difficulty reaching support. Fowler also noted the lack of prompt communication during the disclosure process.

This breach raises serious concerns over data privacy and cybersecurity practices in the digital ticketing world. Leaked PII and partial financial information are prime targets for identity theft and fraud, posing risks well beyond the original ticketed events. As online ticketing becomes more widespread, this incident serves as a stark reminder of the need for strong security protocols and rapid response mechanisms to safeguard user data.
Read more »
recruiters
Authenticity Identity Theft Job Search Linkedin Online Scams recruiters

Think That Job Offer on LinkedIn Is Real? Not Without This Badge

 






LinkedIn has taken a major step toward improving online safety by extending its identity verification feature beyond its own platform. This update is part of the company’s ongoing efforts to help users avoid fake profiles and internet scams, especially in professional spaces.


Verification Now Available Outside LinkedIn

Last year, LinkedIn introduced a system that allowed users to confirm their identity, work history, or education. This could be done by uploading a government ID, using a work email, or verifying through trusted services like Microsoft Entra or CLEAR. Once verified, a small badge appeared on the user’s profile to show they were a real person.

Now, that same badge can be used on other websites too. Platforms like Adobe’s Content Authenticity tool and Behance now support LinkedIn verification. This means that designers, freelancers, and other professionals can show proof of their LinkedIn verification outside the site, helping build trust wherever they share their work.


Fake Profiles: A Growing Problem

Online scams that involve fake identities are a serious issue, especially on business-focused platforms like LinkedIn. Criminal groups often create false accounts pretending to be recruiters or professionals. These accounts are then used to reach out to real users and trick them into clicking malicious links or sharing personal information.

One major example involved a hacker group from North Korea, known as Lazarus. They created a fake LinkedIn profile and pretended to be offering a job to a blockchain developer. During the interview process, the developer was unknowingly sent harmful software, which was used to steal around $600 million worth of cryptocurrency. Experts called this series of attacks “Operation DreamJob.”

In other cases, scammers even created fake developer identities to get hired by real companies. Once inside, they used their access to collect private company data.


More Protection for Job Seekers

In response to these risks, LinkedIn has also added a feature to confirm whether a recruiter is legitimate. Verified recruiters now have a special checkmark on their profiles, making it easier for job seekers to know who they can trust.


What This Means for Users

These new steps help users feel safer while networking or job hunting online. The verification badge shows others that the person they are talking to has been confirmed by LinkedIn, either as a real employee, job seeker, or recruiter. By making this system available on other platforms, LinkedIn is helping more people protect their identities and avoid falling for fake offers or scams.

Read more »
USPS
Cybbersecurity Cyber Crime cyber threat CyberCrime Identity Theft Postal Service SMS Phishing SMS Spoofing USPS

Identity Theft Concerns Rise as USPS Flags Suspicious Package Deliveries

 


Recently, the United States Postal Service (USPS) issued an advisory in which it advised citizens to be more vigilant in light of an increase in sophisticated mail fraud schemes. In addition to the deceptive activities that have notably increased across the country, particularly during the recent holiday season, consumers' financial and personal security have been threatened significantly as a result of these deceptive activities. In addition to traditional phishing emails and fraudulent text messages, the USPS reports that these scams are now taking a more sophisticated form. 

As the number of unsolicited packages delivered is on the rise, criminals are using increasingly inventive methods to deceive the recipients of their mail to exploit them. This makes it more difficult to tell a genuine email from a fraudulent email. There has been an increase in the number of individuals who are being affected, and as a result, the USPS has intensified its anti-fraud initiatives, reinforcing its commitment to maintaining the integrity of the national postal system in the long run. 

A collaboration between the agency and law enforcement agencies, and consumer protection agencies is being undertaken to track these schemes as well as educate the public about identifying and reporting suspicious activity. There has been a noticeable rise in text message fraud scams impersonating the United States Postal Service (USPS), posing an urgent threat to public data security. In these fraudulent communications, the recipient often receives an alleged pending package and is requested to take additional action to make sure that it is delivered by taking steps to ensure its delivery. 

Even though the message appears authentic, there is a malicious intent behind it, designed to deceive individuals into disclosing sensitive financial and personal information. The most alarming aspect of these scams is their sophisticated presentation. In most cases, the messages are designed to evoke a sense of urgency and legitimacy by using language that sounds official and even replicating USPS logos and branding. 

The victim is usually directed to click on links in the emails, which lead to fake websites that harvest personal information such as banking credentials, ID numbers, and other private data, utilising embedded links. To avoid falling victim to these unscrupulous tactics, it is important to recognise and resist them. In an era of increasingly advanced cyber threats, individuals are advised to maintain vigilance to protect themselves against identity theft and financial exploitation. 

As a result of this, individuals should scrutinise unexpected delivery notifications, refrain from engaging with suspicious links, and report any suspicious messages to the appropriate authorities. During the past few years, cybercriminals have become increasingly sophisticated with regards to the USPS-related text message scams, posing as automated postal service notifications. Under the pretence of facilitating package redelivery, these deceptive messages are designed to convince recipients that they have missed a delivery, causing them to confirm their personal information or click on embedded links. 

While these texts may seem innocuous at first glance, they are a deliberate attempt to compromise the privacy and security of individuals, as well as their financial security. Social engineering plays a significant role in the strategy behind these scams. In a first method, known as pretexting, a plausible narrative, usually a delayed or incomplete delivery, is used to trick the recipient into providing sensitive information in exchange for a fee. 

The second method of attack, SMS spoofing, allows attackers to conceal their true identity by modifying the sender's information to disguise the fraudulent message's origin, thereby appearing as though it has been sent by an official United States Postal Service. In general, these schemes are referred to as smishing, a type of phishing that involves sending text messages in exchange for a reward. Typically, the victims are directed to counterfeit websites that look remarkably similar to official USPS interfaces. 

When users get there, they will be prompted to provide personally identifiable information (PII) as well as their contact information, under the false assumption that this information is necessary to redeliver or verify their package. Many malicious websites out there are not only designed to gather sensitive information, but also to use fraudulent payment services to charge a small transaction fee. Often, the stolen data can be sold on illegal marketplaces or used directly to commit identity theft and financial fraud.

Individuals must be aware of the threats that continue to evolve regarding delivery-related messages and verify any requests that they make through official USPS channels to avoid harm. It has become increasingly apparent that crime has become increasingly sophisticated and frequent in the country's postal infrastructure, as the number and nature of criminal activity have increased. In response to this crime wave, the United States Postal Service (USPS) has intensified its efforts to improve its operations to combat these crimes. 

To implement this initiative, the Government of the United States has decided to implement a comprehensive 10-year strategy, Delivering for America, a $40 billion investment which is intended to transform the postal system into a secure, efficient, and financially sustainable institution that will meet the needs of future generations, thereby transforming the entire postal system. Project Safe Delivery was initiated as part of this larger strategy by USPS, in partnership with the US Postal Inspection Service, as a targeted enforcement campaign to combat crimes aimed at ensuring the safety of mail services and ensuring their integrity. 

It has been more than two years since this joint operation was launched, but since then, it has been able to achieve tangible results, such as more than 2,400 arrests and a significant decrease in mail carrier robberies by more than 27%. This program has been proving to be an effective tool for deterring and prosecuting postal crime, with over 1,200 people apprehended in 2024 alone for mail-related theft, thus demonstrating the program's effectiveness in deterring and prosecuting it. USPS has taken extensive measures to further enhance the security of its delivery network. 

In addition, over 49,000 high-security mailboxes have been installed across the country, designed to prevent tampering and unauthorised entry. Also, advanced electronic locking mechanisms are being installed in the mail carriers' offices to replace the traditional mechanical locks they were using in the past. These upgrades are essential for preventing the widespread theft of carrier keys, which have become frequent targets of criminal activity. It is also vital for the USPS's security framework to emphasise the importance of encouraging public cooperation. 

A substantial monetary reward program has been instituted, and individuals providing credible information that leads to arrests in postal robberies can now receive up to $150,000 for providing credible information. It is also possible for the agency to pay up to $100,000 for actionable tips that lead to the arrests of mail thieves, a practice that reinforces the agency's commitment to protecting both mail workers and the American public. According to Secretary of State Sherry Patterson, the United States Postal Service (USPS) is committed to confronting and dismantling any schemes that attempt to exploit the postal system to maximise revenue. 

USPS has released a set of precautionary guidelines for individuals to follow when receiving suspicious or unsolicited package deliveries, an increasingly common tactic used by identity thieves and fraudsters, as part of its public safety outreach program. When an unrequested parcel is received by a recipient, it is strongly recommended that the recipient refrain from engaging with any embedded links, QR codes, or digital prompts that may accompany the delivery or related notification.

There is a high probability that these elements will act as a gateway to malicious websites that will be used to harvest personal information or to install malware, so it is recommended that users report questionable mail or packages directly to the USPS using their official website. Also, recipients need to maintain ongoing vigilance, monitoring their financial accounts for any anomalies or unauthorised transactions that may suggest fraudulent activity. 

In addition to taking care of users' credit profiles as a precautionary measure, it is also advised that they review them periodically and consider freezing their credit profiles temporarily as an added measure of security. The proactive approach taken by the Post Office is one of the most effective methods of preventing unauthorised credit activity since it can help prevent a crime from potentially occurring, especially in the aftermath of an identity theft. Together, these measures form one of the most effective lines of defence against postal-related scams.
Read more »
Misinformation
AI Fraud AI Platform AI Scams AI technology AI tools Cyber Security data security Fake Documents Generative AI Identity Theft Misinformation

Generative AI Fuels Identity Theft, Aadhaar Card Fraud, and Misinformation in India

 

A disturbing trend is emerging in India’s digital landscape as generative AI tools are increasingly misused to forge identities and spread misinformation. One user, Piku, revealed that an AI platform generated a convincing Aadhaar card using only a name, birth date, and address—raising serious questions about data security. While AI models typically do not use real personal data, the near-perfect replication of government documents hints at training on real-world samples, possibly sourced from public leaks or open repositories. 

This AI-enabled fraud isn’t occurring in isolation. Criminals are combining fake document templates with authentic data collected from discarded paperwork, e-waste, and old printers. The resulting forged identities are realistic enough to pass basic checks, enabling SIM card fraud, bank scams, and more. What started as tools for entertainment and productivity now pose serious risks. Misinformation tactics are evolving too. 

A recent incident involving playback singer Shreya Ghoshal illustrated how scammers exploit public figures to push phishing links. These fake stories led users to malicious domains targeting them with investment scams under false brand names like Lovarionix Liquidity. Cyber intelligence experts traced these campaigns to websites built specifically for impersonation and data theft. The misuse of generative AI also extends into healthcare fraud. 

In a shocking case, a man impersonated renowned cardiologist Dr. N John Camm and performed unauthorized surgeries at a hospital in Madhya Pradesh. At least two patient deaths were confirmed between December 2024 and February 2025. Investigators believe the impersonator may have used manipulated or AI-generated credentials to gain credibility. Cybersecurity professionals are urging more vigilance. CertiK founder Ronghui Gu emphasizes that users must understand the risks of sharing biometric data, like facial images, with AI platforms. Without transparency, users cannot be sure how their data is used or whether it’s shared. He advises precautions such as using pseudonyms, secondary emails, and reading privacy policies carefully—especially on platforms not clearly compliant with regulations like GDPR or CCPA. 

A recent HiddenLayer report revealed that 77% of companies using AI have already suffered security breaches. This underscores the need for robust data protection as AI becomes more embedded in everyday processes. India now finds itself at the center of an escalating cybercrime wave powered by generative AI. What once seemed like harmless innovation now fuels identity theft, document forgery, and digital misinformation. The time for proactive regulation, corporate accountability, and public awareness is now—before this new age of AI-driven fraud becomes unmanageable.
Read more »
User Security
Cyber Fraud Frankenstein fraud Identity Theft Online Safety Synthetic Identity Fraud User Security

Frankenstein Scam: Here's How to Safeguard Yourself Against Synthetic Identity Fraud

 

Identity theft is not always as straightforward as acquiring one person's information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or "Frankenstein fraud," involves combining someone's Social Security number with information from other people to establish a new, fake identity.

To safeguard yourself from this and other types of identity theft, look into the finest identity theft protection services. Criminals frequently target the most vulnerable people, including children, the homeless, and the elderly. The offender can then use his new name to borrow money. If a fraudster succeeds, the real owner of the SSN may be held liable.

Modus operandi

Synthetic identity fraud requires patience on the part of the criminal, especially if they use a child's Social Security number. The identity is created by combining a valid Social Security number with an unrelated name, address, date of birth, phone number, or other piece of identifying information to make a new "whole" identity. Criminals can buy Social Security numbers on the dark web, acquire them from data breaches, or defraud people using phishing attacks and other frauds. 

Synthetic identity theft thrives because of a basic vulnerability in the American financial and credit systems. When a criminal creates a synthetic identity to request for a loan, the lender often denies credit because there is no record of that identity in their system. The thieves anticipate this because youngsters and teenagers may have little credit or a limited history, and the elderly may have poor credit scores. 

When an identity applies for an account and is reported to a credit bureau, it is shared with other credit agencies. That conduct is sufficient to allow credit bureaus to identify the synthetic identity as a real person, even if there is minimal activity or evidence to corroborate its authenticity. Once the identity has been established, the fraudsters can begin borrowing credit from lenders.

Prevention tips

Synthetic identity fraud may seem frightening, but there are actions you can take to limit how thieves can utilise your identifying data. 

Freeze your credit report: No one can open new credit lines in your name since a credit freeze stops creditors from viewing your credit reports. Unless your credit is first unfrozen with each of the major credit agencies, this also applies to you. 

Although the procedure for freezing a child's credit is a little more complicated, freezing their credit is also one of the greatest ways to cut off the source of synthetic identity fraud, which mostly depends on obtaining the Social Security numbers of children and the elderly. In a similar vein, you may help stop someone from using your Social Security number without your knowledge by freezing it.

Check credit reports regularly: If you do not freeze your credit reports, make sure to check them on a regular basis for any questionable activity. Be especially aware of any other names, residences, or employers associated with your credit file. You can also join up for free credit monitoring, such as Capital One's CreditWise, which searches the dark web for your personally identifiable information. 

Additionally, you can utilise an identity theft protection service to automate reviewing your credit reports or to alert you if your information is compromised in a breach. AnnualCreditReport.com also offers a free weekly credit report.
Read more »
Subscribe to: Posts (Atom)