The Anatomy of a Data Breach: How Cybercriminals Exploit Vulnerabilities (Whatsapp, Social Media, Etc.)

13 Apr, 2023
Asrul Ash

Get the latest updates about our blog posts.

Subscribe so you don’t miss out!

Follow Lizard Global on Facebook, Instagram and LinkedIn for the latest updates.


Data breaches have the potential to be much more than a passing fright; they could alter the trajectory of someone's life. Sensitive information leaks can have serious repercussions for people, businesses, and even organizations. Hackers can access you whether you are online or not by using the internet, Bluetooth, text messaging, or the online services you use.
A minor flaw that goes unnoticed could result in a significant data breach. Most of the time, corporations do not give it enough attention because they are not aware of how frequently occurring technological security dangers operate.


We have discussed in depth the importance of data handling on social media platforms before this, hence we want to put focus on data leaks this time around. The cyber security sector of today's economy is mostly focused on defending systems and devices from intruders. While it can be challenging to picture the bits and bytes driving these efforts, it is much simpler with the diligent efforts of cyber security experts, like Lizard Global, who has had a reputable position in putting the latest and utmost secured data protection technology in our client’s software.


In this article, we'll go through how an involuntary data breach scheme can affect you as an individual, and a business, as well as ways to identify them before getting involved.

Who are the most vulnerable target victims of data breaches?

This illicit activity has been going on for ages, but the Covid-19 outbreak was when it really began to pick up speed and become dangerous. During the reset, a large number of people lost their employment, while others looked for at-home jobs that would pay more.


These con artists prey on these vulnerable groups by promising them part-time jobs, persuading them to click on links that would probably include malware, or demanding that they divulge private information like financial information, security PINs, etc.


As for businesses, fintech, medical, intellectual, and government information are the most likely to be involved and exposed to these data breaches.


Other sectors, including energy and utilities, lodging, agriculture, building, entertainment and media, management, industrial and manufacturing, services, technology and software, transportation, and communication, also run the risk of having sensitive information compromised by internal or external attackers.

How do cybercriminals implement a breach through recruitment?

Say you are looking for employment. There could be two ways, first, a job offer with very high pay would appear in an advertisement or you are offered on WhatsApp or social media DMs, like the recent “Rs 50” scam.


Scammers are taking advantage of layoffs and unemployment by promising fake job possibilities with the chance to earn extra money by receiving Rs 50 for like a YouTube video. These con artists utilized websites like Facebook, LinkedIn, and WhatsApp to lure victims and made up to Rs 5000 a day, making victims involuntarily empty their bank accounts through this WhatsApp fraud.


For fake job recruitment, scammers will identify themselves as representatives of a specific business. When the candidates, in this case, the victims, show interest in the offer, they will be prompted to download an 'assignment' document via email, and the individual, the fake recruiter, will get in touch with you and provide you with instructions on how to carry out the job's duties. However, the essential goal is to force the victims to download specific materials to embed malware into their devices.

Since most employment opportunities nowadays can be accessed online, it can be hard to tell the difference between legit opportunities and those that are scams. Staying vigilant throughout your job search might help to avoid falling victim to an online interview scam, but…

How is a data breach identified?

Keep in mind that, in general, recruiters will never request any type of payment or banking information before the confirmation of a job offer. Even though they could request some personal identification during a formal interview, there are several obvious red flags of job fraud.

1. Suspicious recruiter with no online visibility.

If you are unable to locate their profile on LinkedIn or any other website or social media platform, they may be using fake profiles or maybe going by a new name. By right, hiring managers and candidates should be upfront about their backgrounds so that others may recognize them.

2. The recruiter has zero information about that organization.

They are unaware of the goods and services that the company offers. Even so, they need to be able to explain it to you if they do know. Additionally, they must be knowledgeable about the policies and practices of the organization. By default, it may be against the terms and conditions of that organization to hire people for jobs that entail making purchases to raise the sellers' ratings.

3. Grammatical or spelling problems in their emails or messages.

This demonstrates that they are not familiar with the correct names or spelling. Additionally, it indicates that they are non-native English speakers. However, the problem is that their mistakes are so blatant you question if they work for the organization or not.

4. Enormous upfront payments before getting the job.

Never should a business request a sizable advance payment. If they do, something must be wrong with the business. The reason for this is that businesses often pay their employees after they have finished their tasks, not the other way around.

5. No offer letter is given.

A company should submit an official offer letter to their employee to protect both parties. Unfortunately, no such letter will be given in the case of this job scam. A job offer letter includes all the information about the employment agreement, such as pay, benefits, working hours, etc. The absence of an offer letter indicates that the company is attempting to take advantage of the circumstance.

How to protect and safeguard yourself from a future data breach?

Recruitment fraud is a sad element of modern job hunting, and these frauds are growing increasingly complex. However, there are many ways that you can avoid being scammed by job scams. Here are a few pointers to keep you secure as you look for job opportunities.

1. Never send cash to secure a job.

It is probably a scam if the employer demands cash to secure your position for the job. This is so that you can get compensated for the task that you have completed, not the other way around. Never divulge your personal information, such as your credit or debit card number, to a company, especially if it is your first time working there.

2. Refrain from providing any personal information.

If someone requests your contact information, such as your phone number, address, or bank account information, it may be a clue they are trying to steal your identity. Therefore, unless you are sure of the person or the company, never give out this kind of information.

3. Verify the company's name and contact information frequently.

Always confirm the name of the company and its contacts before accepting any job offers. This entails first confirming whether the business is licensed to operate legally and whether there have been any complaints made against it.

4. Carefully review the job description.

Before accepting the position, make sure you are aware of what it entails. Say no if the employee does not make you feel comfortable. On the other hand, if the job description lists duties that seem impossible to be true, they probably are. It is therefore advisable to avoid engaging with it in the first place.

5. Only use credible employment platforms and websites.

It's crucial to always use reputable websites and employment portals to submit your applications. Scams involving jobs are common on social media sites like Facebook and Instagram. Fake recruiters would frequently request money or personal information in these scams. Due to the strict protocols and verifications that businesses must follow, jobs posted on job portals are more trustworthy.

6. Installing antivirus software or security solutions into your device.

Installing mobile security software, such as antivirus for smartphones, can also be a wise investment because it protects you from dangers even when you install third-party software, browse the internet or download files. It looks for any potential viruses and then starts the removal process. Without your knowledge, an antivirus program could eliminate thousands of complications in a single day.

Lizard Global becomes a target, and how we take that number to zero!

Over the past several days, we have noticed several unidentified contacts send similar messages coming to us confirming an employment opportunity in Lizard Global. These messages were sent to a large number of people with different names on almost all social platforms — WhatsApp, Facebook Messenger, Instagram DMs, and more.


On the 6th of April, we received a WhatsApp screenshot from one of our clients that an individual claiming to be Lizard Global HR Supervisor was offering a part-time job that promises an income of RM300-RM500. The messages' content may vary slightly, but their general content is always the same. We initially assumed this was a one-time event, but the next day, we received more complaints from various sources that they had been contacted by the same person claiming to be Lizard Global’s supervisor.


When the victim proceeded to take the ‘interview’ to the second stage, they were asked to perform easy actions, like downloading documents or assignment tasks from an email. They were then requested to subscribe to a list of YouTube channels and forward the screenshots for proof to the so-called recruiter. We believe that these materials may contain Malware that allows scammers to access their data online and use that for multiple cybercriminal acts like getting money quickly.


The team immediately got together to discuss what is the best solution. Our Human Resource team contacted MCMC to ask for advice on what the next step that we can take is. We were advised to file a police report and notify our clients that an individual is going around pretending to be our staff member and offering illegitimate part-time jobs.


We asked all those who were approached by this unknown individual to share screenshots of their conversation as we are collecting this as evidence. After collecting all information, a police report was made on the 11th of April. So far, no individual loss was reported and only in a few days, we have received zero to no complaints on this.

Need a hand in fortifying your cybersecurity?

At Lizard Global, we give the security of your files and our client's privacy top attention. This applies to software that demands user registration as well as online storage. Because of this, our programmers ensure that all software is made with guaranteed privacy by design. Our talented team of designers and developers stays up to date with the most recent advancements and improvements in software security. With us, your information is always secure.


Imagine not having access to the network of subject matter experts and credentialed professionals at Lizard Global
  • advice, ideas, and guidance to help you reach your professional objectives!

Frequently asked questions

English
English
Nederlands

01

What is a data breach?

A data breach is any security occurrence when unauthorized individuals have access to private or sensitive data. This includes both personal (such as Social Security numbers, bank account numbers, or health-related information) and corporate data (such as records of consumer information, intellectual property, or financial data).

02

Who are the most vulnerable target victims of data breaches?

Con artists prey on people who lost their employment or those looking for at-home jobs that would pay more. As for businesses, financial, medical, intellectual, and government information are the most likely to be involved and exposed to these data breaches.

03

How do cybercriminals implement a breach through recruitment?

There could be two ways, first, a job offer with very high pay would appear in an advertisement or you are offered on WhatsApp or social media DMs. Victims will be prompted to download an assignment document via email to embed malware into their devices.

04

How is a data breach identified?

There are several obvious red flags of job fraud, such as:

  1. Suspicious recruiter with no online visibility.
  2. The recruiter has zero information about that organization.
  3. Grammatical or spelling problems in their emails or messages.
  4. Enormous upfront payments before getting the job.
  5. No offer letter is given.

05

How to protect and safeguard yourself from a future data breach?

Here are a few pointers to keep you secure as you look for work, such as:

  1. Never send cash to secure a job.
  2. Refrain from providing any personal information.
  3. Verify the company's name and contact information frequently.
  4. Carefully review the job description.
  5. Only use credible employment platforms and websites.
  6. Installing antivirus software or security solutions into your device.

An image of markus at the blog page

Hey there, can I help you?

Did you like the blog above, but do you still have some questions about the subject or related topics? No issue! You can easily contact one of our Lizard specialists on these specific topics, and they gladly tell you more about it. This way, you’ll never leave with uncertainties.

MARKUS MONNIKENDAM

Global Commercial Director | markus@lizard.global | +60 18 35 65 702

Similar Articles