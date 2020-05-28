Screenshot of the website Have I been pwned?

During the quarantine, the cyberattacks multiplied and were perfected over the weeks. Cyber ​​criminals took advantage of the fact that the exposure time of users increased because there were more people working from home and consuming leisure activities through the Internet. Furthermore, fear and uncertainty led to the search for more information related to only one topic: the coronavirus. All this has made users and their devices more vulnerable, although many have not even realized the attacks they have suffered. What evidence should you look for to see if you have been hacked in the past few weeks?

Users have been able to suffer different types of attacks: each one gives clues to identify the intrusion of cybercriminals. The most widely used have been phishing (when criminals pose as official agencies or falsify web pages to obtain user data) and the creation of false or malicious domains. “95% of the attacks have been based on identity theft by official organizations such as the Ministry of Labor, the Ministry of Health and the WHO,” explains Eusebio Nieva, technical director of Check Point in Spain and Portugal.

In the case of being a victim of phishing, users do not perceive a different operation on their devices or their accounts, which can make it more difficult to discover if they have been hacked. Clicking on the links sent by cybercriminals posing as official bodies, data such as email password and access to other services where the same keys are being used can be exposed.

“To find out if your email accounts have been hacked, you can access the Have I Been Pwned? Platform,” advises the National Institute of Cybersecurity (INCIBE). “Check each of the accounts you have to verify if they have been compromised. If so, change the password in any account where you have used it with the same combination of email and password ”.

The Have I been Pwned? that INCIBE mentions is a search engine that compares the email that is entered with a database of accounts whose data has been filtered or has been exposed. If a match is found between the email address and the list of exposed accounts that the platform has, it jumps a warning accompanied by several recommendations, among which are using a password manager or activating two-step authentication. In case of doubt, INCIBE recommends consulting directly with the cybersecurity departments of the State Security Forces and Corps or the Internet User Security Office.

Thefts of streaming service accounts and email campaigns have also been detected that threaten the victim with disclosure of an alleged sexual video where he appears masturbating. These types of attacks are easier to detect. In the case of sextorsion, cybercriminals contact the victim directly to ask for money in exchange for not broadcasting the video.

In the theft of keys in services like Netflix or Spotify, users detect that their keys have stopped working. But more people may be using their credentials and not realizing it. “There is currently a highly developed and active market for stolen streaming credentials, which are sold at reduced prices. They are offered through sophisticated online stores, with flexible pricing options, as well as a guarantee and even contact information in the event of any problem, ”say experts from cybersecurity company Proofpoint. In these cases, to find out if you are being the victim of a cyber attack, “the best way to protect yourself is to sign up to receive notifications every time a new device connects to your account, so that you can detect unauthorized activities and take action.”

