Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.
An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:
“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.
It is up to date information registered at Dell servers.
Feel free to contact me to discuss use cases and opportunities.
I am the only person who has the data.”
Screenshot taken from the Breach Forums
According to the poster Menelik the data includes:
The full name of the buyer or company name
Address including postal code and country
Unique seven digit service tag of the system
Shipping date of the system
Warranty plan
Serial number
Dell customer number
Dell order number
Most of the affected systems were sold in the US, China, India, Australia, and Canada.
Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:
“At this time, our investigation indicates limited types of customer information was accessed, including:
Name
Physical address
Dell hardware and order information, including service tag, item description, date of order and related warranty information.
The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”
Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.
So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”
This kind of information is exactly what scammers need in order to impersonate Dell support.
Protecting yourself from a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Set up identity monitoring.Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Check your digital footprint
If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.
Having a loan or bill go to collections is bad enough as it is, but now in the first half of 2024, the second largest debt collection agencies in the U.S. has revealed that it has fallen victim to another data breach in which nearly Two Million borrowers information was exposed online.
As first reported by BleepingComputer, Financial Business and Consumer Solutions (FBCS) has begun notifying impacted individuals after the sensitive personal information of approximately 1,955,385 people was recently accessed by hackers.
As a nationally licensed debt collection agency, FBCS collects unpaid debts from credit card companies, healthcare organizations, car dealerships, student loans and utilities. However, unlike with the other companies you do business with, if one of your loans or bills has ended up in FBCS’ hands, you’re stuck with them.
Here’s everything you need to know about this recent data breach along with some tips and tricks on how to stay safe after your personal or financial information ends up in the hands of hackers.
Unauthorized network access
In a data breach notice (PDF) submitted to the Attorney General’s office in Maine, FBCS explained that hackers first breached its network on February 14, 2024. The unauthorized actor remained there until February 26 and during that time, they were able to “view or acquire certain information on the FBCS network.”
During that 12-day window, they could have accessed the full names, Social Security numbers (SSNs), dates of birth, account information and driver’s license numbers or ID card numbers of almost 2 million Americans.
With this information in hand, the hackers behind this breach can easily launch targeted phishing attacks, commit fraud or use social engineering for identity theft. FBCS has enrolled thousands of them automatically for 12 months of credit monitoring through the company Cyex.
ALERT: Hackers Are Posing As ID.me To Steal Your Identity
Do You Know All .ME Domains like ID.ME Required by the IRS are Owned By Montenegro & Their Billionaire Club?
Identity verification services like ID.me have become indispensable in the digital age. By providing a secure and convenient way to prove your identity online, ID.me opens doors to essential services and benefits. However, as with any popular online platform, scammers are finding ways to exploit these services and trick unsuspecting users.
This article will take an in-depth look at the ID.me scams popping up, how they work, and most importantly, how to avoid becoming a victim. With identity theft and online fraud at an all-time high, awareness is your best defense.
ID.me provides a valuable service as a digital identity network used by government agencies, healthcare providers, and other organizations to securely verify user identities online. By acting as a trusted validator of personal information, ID.me opens the door for people to easily access essential services and benefits.
However, this convenience also creates an opportunity for fraudsters. Scammers are increasingly impersonating ID.me through phishing campaigns in order to steal personal information from victims. Once they have the data, they can hijack identities, drain accounts, and perpetrate other forms of fraud.
These ID.me scams are growing more complex and convincing, making it crucial for users to understand the tactics and stay vigilant. Here are the main types of ID.me scams and frauds being perpetrated:
Phishing Emails
This is one of the most common vectors for ID.me scams. Victims receive emails pretending to be from the legitimate ID.me security team. These emails may:
Warn that unusual activity was noticed on your account
State that immediate account suspension will occur if no action is taken
Provide a fake deadline such as 24-48 hours to re-validate your account
Include a “Verify Account” or “Reset Password” button/link to a phishing site
If the user clicks the deceptive call-to-action button or link, they are taken to a convincing but fake ID.me login page designed to steal login credentials as well as other personal data.
Smishing Text Message Scams
Similar to phishing emails, fraudsters send text messages also impersonating ID.me. They state your account is at risk of being locked or needing immediate validation via a link included. If clicked, the link directs victims to a phishing site masquerading as the legitimate ID.me site.
Once on the fake page, any information entered is captured by scammers. Smishing texts use urgency and threats to get users to comply without thinking it through.
Vishing – Phone Call Scams
This technique uses phone calls rather than messages to trick victims. Scammers posing as ID.me support agents call users claiming that suspicious activity means accounts will be suspended without immediate intervention.
The “agents” pressure and persuade victims to provide personal details or even remote access to the victim’s device, enabling installation of info-stealing malware.
Fake ID.me Websites
Beyond phishing pages, scammers also create entire fake websites impersonating the real ID.me site. Links to these fraudulent sites are sent out en masse via email spam campaigns. They are designed to capture login details and personal info from unsuspecting victims who were persuaded the site was legitimate.
Malicious Software Scams
Scammers may also use phone calls, emails, or texts to trick users into downloading malware. This can occur by:
Sending a phishing message with an infected file attachment
Persuading victims to click a link to download fake “security software”
Requesting remote access to devices in order to “diagnose connectivity issues” then installing malware
Once installed, info-stealing malware can harvest data and credentials directly from the compromised device.
Account Takeover Scams
Sophisticated scammers may attempt full account takeover rather than simple phishing. By gathering key details like usernames, passwords, and partial SSNs from data breaches, they can convince ID.me’s system they are the legitimate account owner.
This enables them to bypass identity verification and fully compromise the account. 2FA often thwarts these takeover attempts however.
In summary, ID.me scams aim to exploit trusting users through impersonation and clever psychological manipulation. By understanding the deceptive tactics used in these scams, people can better recognize the warning signs and avoid being victimized.
How the ID.me Scams Work
Fraudsters use clever psychological tactics to manipulate victims in ID.me scams. Here is an inside look at exactly how they operate:
Step 1 – Initial Contact
Scammers initiate contact via:
Emails pretending to be ID.me security alerts
Texts claiming your ID.me account is at risk
Calls posing as ID.me support agents
Their goal is to cause panic so you act without thinking.
Step 2 – Creating Urgency
Next, scammers pressure you to take immediate action by:
Stating your account will be frozen if you don’t re-verify
Claiming the deadline to avoid suspension is approaching
Warning of penalties or losses if you don’t comply
This plants a fear of missing out, causing you to stop questioning.
Step 3 – Requesting Information
Scammers will instruct you to confirm sensitive details such as:
Login credentials
Social Security Number
Bank account info
Credit card numbers
They may pretend it’s needed to verify your identity and keep your account active.
Step 4 – Gaining Remote Access
In some cases, scammers will try to gain remote access to your device by making you:
Download suspicious files allowing control of your system
Enter codes sent to your phone number enabling account takeover
Allow screensharing applications giving them access to your data
Step 5 – Leveraging Your Identity
Once scammers have your information, they can:
Access and drain your financial accounts
Make purchases using your credit cards
Commit tax fraud with your SSN
Steal your identity to open accounts or apply for loans
The damage can be extensive if scammers successfully exploit your identity.
What to Do if You Fell Victim to an ID.me Scam
If you suspect your ID.me account or identity has been compromised, take these steps immediately:
Step 1 – Lock Down Your Accounts
Reset your ID.me password and enable two-factor authentication
Contact banks to freeze accounts potentially accessed by scammers
Place fraud alerts and monitor your credit reports closely
Change passwords on any compromised accounts
Step 2 – Report the Incident
File identity theft reports with the FTC and your local police department
Notify ID.me directly so they can secure your account
Contact companies where your identity was likely abused
Report social media and email phishing attempts
Step 3 – Monitor for Suspicious Activity
Set up account alerts to notify you of any unusual activity
Periodically get free credit reports to catch new fraudulent accounts
Review all statements thoroughly for any unauthorized charges
Sign up for identity theft protection services to detect misuse
Step 4 – Recover From the Fraud
Dispute any fraudulent charges or accounts opened in your name
Work with creditors to close fraudulent accounts and reverse damages
Update information related to your identity, accounts, and credentials
Change compromised account numbers and request replacement cards
Frequently Asked Questions About the ID.me Scam
1. What is the ID.me scam?
The ID.me scam involves fraudsters impersonating the valid ID.me identity verification service in phishing attempts via email, text messages, and phone calls. Their goal is to trick victims into revealing login credentials or sensitive personal information.
2. How do scammers carry out the ID.me scam?
Scammers initiate contact posing as ID.me through:
Fraudulent emails warning your account is at risk
Smishing texts claiming you must reverify your ID.me account
Vishing phone calls pretending there is suspicious activity
They pressure you to act urgently and provide info to avoid account suspension.
3. What techniques do scammers use in the ID.me scam?
Scammers manipulate victims using:
Fear – Threatening account suspension or penalties
Urgency – Impending deadlines to reverify accounts
Social Engineering – Pretending to be ID.me support agents
4. What information do scammers attempt to steal with the ID.me scam?
Scammers phish for:
Usernames and passwords
Bank account and routing numbers
Credit card details
Social Security Numbers
Driver’s license numbers
Digital wallet account access
5. What do scammers do with my information from the ID.me scam?
Scammers can use your information to:
Drain financial accounts
Make purchases with your credit cards
Steal your tax refund
Apply for loans or credit in your name
Access government benefits using your identity
6. How can I avoid falling for the ID.me scam?
To avoid the ID.me scam:
Never click links in unsolicited messages
Don’t provide info to incoming calls alleging to be ID.me
Verify custom URLs before entering login credentials
Enable two-factor authentication as an extra layer of security
Monitor accounts closely for unauthorized activity
7. What should I do if I fell victim to the ID.me scam?
If you fell for the scam, immediately:
Reset your ID.me password and security questions
Contact banks to freeze accounts
Place fraud alerts on credit reports
Report identity theft to the FTC and police
Close any accounts opened fraudulently
8. How can I recover from identity theft related to the ID.me scam?
To recover, be sure to:
File police reports regarding the identity theft
Dispute fraudulent charges with banks and creditors
Change compromised account numbers and request new cards
Monitor credit reports and financial statements for misuse
Sign up for identity theft protection services
9. How can I help others avoid the ID.me scam?
You can help others by:
Reporting scams and phishing emails to help shut them down
Making family and friends aware of the tactics scammers use
Encouraging people to use unique passwords and two-factor authentication
Advising caution against unsolicited calls, texts and emails
10. Who can I contact for help after falling victim to the ID.me scam?
Reach out to the following for assistance:
ID.me Support – They can secure your account
Your bank’s fraud department
Federal Trade Commission – To report identity theft
IRS – If tax fraud occurred
Local police – To file an identity theft report
The Bottom Line
ID.me provides a valuable service, but also opens the door for scammers to steal identities. Stay vigilant against phishing attempts via email, text and phone. Never click unverified links, provide sensitive information to strangers, or allow remote access to your device. If you do fall victim, take steps immediately to lock down your identity and report the fraud before irreparable harm is done. Spread awareness about these scams to help others avoid becoming victims too.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.It’s essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you’re agreeing to before you click “Next.”
Install an ad blocker.Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.Whether it’s your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it’s easy to spoof phone numbers, so a familiar name or number doesn’t make messages more trustworthy.
Back up your data.Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don’t use pirated software.Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it’s important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.CategoriesScamsLoad Comments
Meet Thomas Orsolya
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
Since 2010
Founded in 2010, MalwareTips is a leading cybersecurity community providing free malware removal tutorials, tech news, scams exposure, dedicated help forums, user education, and security guides.14+ years of activity65K+ security and tech guides180M+ annual readers
Our Community
With over 60,000 members, we invite you to join our tech-focused community. Discuss malware, security tips, emerging threats, and more with fellow enthusiasts. Share your questions and insights to spread awareness. We welcome you to our diverse, growing forum!70K+ registered members900K+ forum messages65K+ topics discussed
We offer free and tested self-help guides. MalwareTips.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our dedicated support forums.
Please ensure your data is backed up before proceeding.
Follow Us
Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.
6) IoT with 5G Network: The New Era of Technology and Risks
7) Automation and Integration
8) Targeted Ransomware
9) State-Sponsored Cyber Warfare
10) Insider Threats
The Digital Transformation for businesses, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access.
Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2023.
1) Rise of Automotive Hacking
Modern vehicles nowadays come packed with automated software creating seamless connectivity for drivers in cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. These vehicles use Bluetooth and WiFi technologies to communicate that also opens them to several vulnerabilities or threats from hackers. Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even further complex mechanism that requires strict cybersecurity measures.
2) Potential of Artificial Intelligence (AI)
With AI being introduced in all market segments, this technology with a combination of machine learning has brought tremendous changes in cybersecurity. AI has been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.
3) Mobile is the New Target
Cybersecurity trends provide a considerable increase (50 percent) for mobile banking malware or attacks in 2020, making our handheld devices a potential prospect for hackers. All of our photos, financial transactions, emails, and messages possess more threats to individuals. Smartphones are logically one of the biggest targets for anyone with the skills and agenda primarily based on 2 facts:
1. They (Smartphones) are used by more people globally today than PC’s (personal computers)
2. The security and vulnerabilities of smartphones are far less on average than PC’s
4) Cloud is Also Potentially Vulnerable
With more and more organizations now established on clouds, security measures need to be continuously monitored and updated to safeguard the data from leaks. Although cloud applications such as Google or Microsoft are well equipped with security from their end still, it’s the user end that acts as a significant source for erroneous errors, malicious software, and phishing attacks.
5) Data Breaches: Prime target
Data will continue to be a leading concern for organizations around the world. Whether it be for an individual or organization, safeguarding digital data is the primary goal now. Any minor flaw or bug in your system browser or software is a potential vulnerability for hackers to access personal information. New strict measures General Data Protection Regulation (GDPR) was enforced from May 25th, 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area.
6) IoT with 5G Network: The New Era of Technology and Risks
With the advent and growth of 5G networks, a new era of inter-connectivity will become a reality with the Internet of Things (IoT).
Read about What Is the Internet of Things (IoT) and Why It Matters? This communication between multiple devices also opens them to vulnerabilities from outside influence, attacks or an unknown software bug. Even the world’s most used browser supported by Google, Chrome was found to have serious bugs. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack.
Every step of the 5G network might bring a plethora of network attacks that we might not be aware of. Here manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.
7) Automation and Integration
With the size of data multiplying every day, it is eminent that automation is integrated to give more sophisticated control over the information. Modern hectic work demand also pressurizes professionals and engineers to deliver quick and proficient solutions, making automation more valuable than ever. Security measurements are incorporated during the agile process to build more secure software in every aspect. Large and complex web applications are further hard to safeguard making automation as well as cyber security to be a key concept of the software development process.
8) Targeted Ransomware
Another important cybersecurity trend that we can’t seem to ignore is targeted ransomware. Especially in the developed nations’ industries rely heavily on specific software to run their daily activities. These ransomware targets are more focussed such as the Wanna Cry attack on the National Health Service hospitals in England Scotland corrupted more than 70,000 medical devices. Though generally, ransomware asks to threaten to publish the victim’s data unless a ransom is paid still it can affect the large organization or in case of nations too.
9) State-Sponsored Cyber Warfare
There won’t be any stoppage between the western and eastern powers in attempts to find superiority. The tension between the US and Iran or Chinese hackers often creates worldwide news though the attacks are few; they have a significant impact on an event such as elections. And with more than 70 elections bound to be held this year, criminal activities during this time will surge. Expect high-profile data breaches, political and industrial secrets to top cybersecurity trends for 2023.
10) Insider Threats
Human error is still one of the primary reasons for the data breach. Any bad day or intentional loophole can bring down a whole organization with millions of stolen data. One example of this in 2022 was an official Report by Verizon that a documented data breach gives strategic insights on cybersecurity trends that 34 percent of total attacks were directly or indirectly made by the employees. Creating a culture of more awareness within premises to safeguard data in every way possible is truly the primary goal today in 2023 as well as the future.
