Good News! Recent Facebook Breach Merely Exposes Millions to Spam Email Attacks

In the biggest breach since it began 14 years ago, hackers once again struck the beleaguered Facebook and its users in September. This breach compromised millions of accounts. In hit after hit, the company once again faces criticism about how this latest breach happened. The only bright side Facebook had to report is that the hackers were not nation-state actors, but merely a group trying to make a buck. That’s an important point for Facebook to make, considering previous breaches by Cambridge Analytica and Russian-state actors.

Although it may be good news, it’s cold comfort to the millions affected by this latest hack. The Wall Street Journal reported the hackers behind the massive breach were a group of Facebook and Instagram spammers. The group was previously known to Facebook’s security team, hiding their identity as a digital marketing company. The data stolen can easily be used in targeted spam email attacks.

According to Barkley, email spam is still the number one delivery vehicle for most malware. When any breach happens, especially one the size of the latest Facebook hack, users need to be aware of increased spam email attacks. The information stolen from users gives hackers the personal data they need for targeted emails. They exploit specific user interests, contacts, and other information unique to a user. They easily masquerade as an email that is safe to open and follow links or download attached files. Once that happens, malware is on the loose, infecting devices and stealing even more sensitive data like passwords and financial information. After a data breach, users need to pay particular attention to emails catering to their personal lives, especially those with links or attachments. In these cases, curiosity is dangerous thing. Spammers know the easiest way to spread malware is through a socially engineered email attack. The more they know about a user, the more likely spam email will be successful.

If you are not expecting to receive a link, even if the message preceding it seems to have a very good handle on who you are, don’t click on it. That’s what these scammers and those like them want you to do. It doesn’t even matter who the sender may be, because if they have Facebook information, they may just know the information of a family member or good friend and pretend to be that person. So, instead of just clicking away, ask the sender in a text, completely new email message, or by phone call.

The extent of the hack, including just how many Facebook users were affected and how much personal information was compromised is still unknown. Although the estimates may vary, the true number of users affected may never really be known. Once data is compromised, it’s impossible to know where it goes, how many hackers have the information, and how long it will live in cyberspace–most likely on the Dark Web. For now, the responsibility for safety falls on the user. The need to be hyper-aware of spam email attacks needs to be an everyday way of cyber life and security. Enormous data breaches like the recent Facebook attack should be yet another warning to users that personal cybersecurity is more important now than ever.

Stickley on Security
Published November 30, 2018