The Weekly Breach Breakdown: Hook, Line, and Phisher – Latest Phishing Attacks Could Impact PayPal Users and Tax Filers

• The latest phishing attacks could impact those that use PayPal. More than 35,000 PayPal user accounts were recently compromised in a data breach. Identity criminals may use the stolen credentials to launch phishing attacks.
• They could also impact tax filers. According to the Internal Revenue Service (IRS), criminals may use phishing or smishing to pose as the IRS or states to steal personal and financial information.
• To avoid a phishing (email) or smishing (text message) attack, be suspicious or unsolicited calls and messages, never click on unknown links and use unique 12+ character passphrases on all of your accounts.
• To learn about data compromises, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC’s) improved data breach tracking tool, notified.
• The ITRC has launched a beta test of a new service for businesses that want to ensure they receive a notice when a data breach is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website, idtheftcenter.org.

Hook, Line, and Phisher

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 21, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we discuss the latest phishing attacks that could impact PayPal users and tax filers. We will also talk about the dangers “pf” phishing and smishing and how to avoid them.

Fishing, with an “F,” is a long-lived pastime all across the globe. Some argue there’s nothing more peaceful than a day out on the lake, waiting for a bite. There’s another kind of phishing, with a “ph,” guaranteed to ruin your day. Phishing attacks take advantage of a user’s information and goad them into clicking a fraudulent link, giving them access to the victim’s personal information. If you don’t want to get caught on someone’s hook, check out a few of our tips to stay safe.

PayPal Data Breach

More than 35,000 PayPal user accounts were recently compromised in a data breach. The Office of the Maine Attorney General reports that PayPal accounts were accessed via a credential-stuffing cyberattack, exposing names, addresses, Social Security numbers, tax identification numbers and dates of birth. Cybercriminals may then use the stolen credentials to launch a series of phishing attacks.

What are Phishing and Smishing?

Phishing and smishing are two common types of cyberattacks that can be used to steal sensitive information from unsuspecting victims. Phishing attacks typically involve using fraudulent emails or websites designed to look like they come from a legitimate source, such as a bank or government agency. Smishing attacks use text messages or other types of mobile messaging to trick victims into divulging sensitive information. Smishing attacks are common now that many people use their smartphones as their primary devices for accessing the internet.

Phishing and Smishing Tax Scams

The Internal Revenue Service (IRS) is also warning taxpayers and tax professionals of the latest phishing attacks and smishing tax scams. It’s part two of their Dirty Dozen tax scams campaign. Ignore any tax-related messages that claim to come from the IRS or states, and don’t click on unknown links or attachments to avoid malware or ransomware.

How to Avoid Phishing and Smishing Attacks

The latest phishing attacks and smishing scams exemplify how effective they can be. Both phishing and smishing attacks can be challenging to detect if you’re not careful. As technology advances, stay vigilant about protecting your personal information online. Here are some tips to help you stay safe from phishing and smishing attacks:

1. Be suspicious of unsolicited messages and phone calls, even if they appear to be from a trusted source.
2. Never click on links or download attachments from unknown senders. Verify the information with the source before taking any action.
3. Use unique passphrases and login credentials for each account, preferably with more than 12+ characters.

ITRC Breach Alert for Business Coming Soon

The ITRC continues a beta test of a new service for businesses, Breach Alert for Business, that want to ensure they receive a notification when a data breach at a vendor or partner is entered into the ITRC’s data compromise database. For more information, fill out our interest form here and click “notified business alerts”.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the podcast and the ITRC. Next week, we will have an episode of our sister podcast, The Fraudian Slip, where we will get thoughts from Chief Information Officers on identity and security. We will return in two weeks with another episode of the Weekly Breach Breakdown.