Social engineering through sports sites
Just a couple of months ago I was contemplating creating an account for NBA.com to vote for their All-Star Game. Concerns over security of my data was one reason I abstained, and perhaps it was for good reason. The league recently sent out a data breach notification to fans that, although its own systems were not compromised, a third-party service provider was breached, leading to the exposure of the personal data of an unspecified number of users. This included names and email addresses that had been collected for a newsletter…some of the exact same data I would’ve had to enter in order to vote.
Fans who were impacted have been warned to look out for phishing schemes using the stolen data. Fortunately, the breach did not affect fan credentials, and yet any foot in the door is a hacker’s delight. What data was stolen could and undoubtedly will lead to suspicious looking emails or text messages that will oftentimes still be opened. There may be, said the NBA, “heightened risk of you receiving ‘phishing’ emails from email accounts appearing to be affiliated with the NBA, or of being targeted by other so-called ‘social engineering’ attacks.”
Once someone falls for this phishing lure, confidential information will be exposed, networks at a company can be infiltrated for further malice, or other consequences against the interests of the individual or organization. Since social engineering attacks constituted up to 90% of all data breaches in 2022, according to Firewall Times, it’s imperative to do all in one’s power to mitigate the fallout when it does occur.
Of course, when sensitive data is encrypted, the damage from a security incident becomes vastly mitigated, as the cyber criminal now has access to a bunch of illegible, indecipherable information. This is why it’s important not to rely solely on perimeter defenses that will still leave your data exposed when a clever hacker breaks through.
Bringing a strong shield to bear is NetLib Security’s Encryptionizer solution, offering transparent data encryption right out of the box for stored data on systems, devices and applications. With virtually no impact on performance or additional programming required, Encryptionizer can serve as the last wall of defense against bad actors who have finagled their way, through human error, to a foothold in your network. Keep your eye on the ball with a free evaluation here.