Telecom provider Odido has been hit by a major cyber attack. Cybercriminals accessed a file containing data on 6.2 million customers, an Odido spokesperson said. Have you received notification that your data was involved in the data breach? Then pay extra close attention to phishing in the coming period. In this article, we explain how to recognize phishing.
What data are the criminals holding?
According to the provider, the affected customer data ‘may’ include the user's full name and address. In addition, mobile numbers, customer numbers, e-mail addresses, IBAN account numbers, dates of birth and customer identification data may also have been implicated in the leak. The latter includes passport or driver's license numbers and information about their validity.
No scans of identity documents were leaked, according to Odido. No passwords, calling information, location data or billing information were involved in the cyberattack either.
How do you recognize phishing?
Odido advises customers to be extra vigilant about phishing and be careful about opening links in emails, text messages and WhatsApp messages. When there has been a data breach at an organization such as Odido, criminals know that people are extra alert to messages from that company. As a result, phishing emails and text messages actually become more credible. Still, there are signs you can recognize them by. But what exactly do you look for?
First, the subject of the message is often the first clue to phishing. The subject matter is often urgent and urges immediate action, such as: ‘check your information, you need to make an urgent payment, we have noticed unusual activity on your account. Please check it.’ In these cases, pay extra attention and check the following key features:
- The sender: check the e-mail address of the sender. In doubt? Then compare previous emails from the same organization.
- The salutationPhishing mails are often impersonal and start with ‘Dear Customer’ or ‘Dear Sir/Madam’. Note: in the case of Odido's data leak, criminals may know your name and use it correctly.
- Spelling mistakes: phishing messages often contain spelling errors. In addition, conjugations and punctuation are often incorrect because the messages are automatically translated.
- Attachments: (email) attachments may contain malware. Don't quite trust it? Then don't just click on any attachment.
- External links: if you receive a message with links that require clicking, first place your mouse on the link without clicking. Then the address where the link actually leads will appear. Is this address not what you expect? Then don't click on it. On your smartphone, you can do this by holding down the link, then a window will appear with the web address.
A reliable web address usually consists of the company name followed by .nl or .com - for example: warpnet.nl. Additional pages follow after a “/”: warpnet.co.uk/pentesting.
Be careful what you share
In the case of Odido, be extra keen on phishing. Are you receiving messages you don't normally receive? If so, do an extra check. Always ask yourself if the request or content of the email is normal within communication between you and the sender. Never just share your personal, company information or passwords. An email, text or WhatsApp message is never the way companies ask for data.
In doubt? If so, always contact the appropriate organization or person by phone.
Source: Hack at Odido, data of millions of customers in hands of criminalslen