Recently, there was a breach of customer data from a well-known ISP of Nepal, Vianet; more than 1.7 Lakh users data was leaked on the internet. About a month earlier, a similar breach of the sort leaked data of almost 50 thousand users from Foodmandu’s system. Both these vulnerabilities exposed details about the user’s personal information like name, phone number, e-mail, and address; which seemed pretty trivial initially but is starting to become a major hindrance to a huge number of people.
How exactly? Well, all these leaked data sorts of opened a door for large scale cyber-attacks in Nepal. The aftermath of these recent data breaches is starting to pop up in many parts of the country. Reports of fraud calls and phishing attempts through SMS are circulating all over social-medias.
What’s more interesting is that those people who had nothing to do with either of the previous leaks have also received such fraud call and SMS. Vianet themselves have addressed the matter through their recent post and have asked people to be aware of such frauds.
Has this Happened to You?
Calls from unknown number especially those with different country codes are seemingly popping up all around.
“However, just when you try to pick up, the line cuts automatically. And redialing just finishes all the remaining balance in the phone.”, is what most people are describing these calls.
Aside from the calls, the main problem at hand seems to be the phishing attempts through SMS. The SMS is particularly sent through a Viber server that includes codes/links to activating Viber. Tapping on the links could redirect to another page that well could be a phishing portal.
Besides that, some users have even reported certain unusual behavior on their Viber. A recent post on Viber’s official Facebook page too confirmed that this could indeed be the work of anonymous hackers in-order to steal data.
So, do be on a lookout for either of these activities,
- Viber app opening QR scanner without you doing it (that is when someone else tries to log in your account)
- SMS with code and link from Viber (which when clicked authorizes Viber in hacker’s device)
- International calls from the Viber server for authorization
Usually, these sorts of actions are only visible, if you’re trying to add your account into a new device. If you’re not trying to add your account to new devices, beware of these sorts of actions.
Furthermore, these sorts of attacks can also happen through Emails. Links appearing from unknown contacts with fishy headlines could carry viruses or phishing links as well.
What Should you do to Prevent Such Attacks?
If your data had somehow been leaked in the previous data breaches, chances are that the attackers have access to a huge part of your data already. Still, some preventive measures could be adopted to be safe from such attacks in the future.
First and foremost is well avoiding unknown numbers altogether. Those numbers that you don’t recognize or have any other country’s phone code, just avoid them. Don’t pick up calls and don’t open messages from mysterious numbers. And certainly, don’t try to look into the links forwarded from these numbers.
Secondly, you could try two-factor authentications in your social media accounts. Multi-factor authentications require two separate processes for verification. Aside from your password, you either require a biometric scan or security token to login; which provides more security.
Thirdly, to prevent any personal information exposed from Viber, just delete the data stored in Viber’s server. All data in Viber is saved in the Viber server which can be downloaded once access is gained. So, an inside feature can be used to delete data that has been stored in the server. Just go to Settings > Privacy > Personal Data > and Delete your Data.
Lastly, you could change your passwords and block any other unknown numbers to further strengthen your security. And as much as possible, don’t link your personal/business emails with social-medias. If they’re connected, remove the accounts immediately.
Well, that’s pretty much all the information I have. If you have some other insights on the ways of preventing such attacks, do make sure to share it in the comments down below.