Christmas is one of the business scammer times during the year. Data breaches seem to be a daily occurrence. So what. Who cares if they steal my account information from <name your favorite retailer or website> during your last minute Christmas shopping? It's not like I do anything with that account anyway right?
About a week ago I received a sextortion email from a person calling themselves Zyra Neil Nicdao (zyza_neil[@]yahoo.com).
Here is the email that I received:
You can complain to the police but they cant help you. I am foreigner. It means nobody can track my location even for 3 months. We upload a malware on your devise. I turned on your web-camera, at the moment you went to the porn web-page. Now we have a video of you …
I’m sure you can guess what they claim to have a video of.
The email continues with a demand for $560 in Bitcoin tethered to a 24 hour countdown whereby if I don’t pay the ransom, the video will be released to all my phone contacts. It ends with “Don’t forget about the shame”
I had one of our interns do some surface analysis on the email which yielded that the sender's email was leaked in October 2017 in the JobStreet breach in Malaysia and the Philippines.
The victim of this breach, Zyra, turned out to be a Registered Nurse working at the National Kidney Foundation of Singapore. Does that mean she can't be the actual perpetrator? No, but nothing in the way of our analysis suggests she is. Most likely, her information was grabbed from the Jobstreet Breach data. Sure, the guy pretending to be Zyra probably won't be caught.
But, her breach data is being used to perpetrate crimes.
This, is how your stolen account information is being used.
Information stolen from retailers large and small create havoc in the lives like this Singaporean RN but the information doesn't have to be leaked. I have no idea how good (or bad) the security was on this job board, but there are things that can be done to keep your company from being on the hook for the next breach target. In the US, we're beginning to see law suits resulting from data breaches.
We can help. Call or us today for a consultation!