I was recently contacted (via an online platform) by a person I had known for close to 30 years. He was telling me about a HUD program where citizens could apply to receive cash (up to 150,000), and were not obligated to pay it back. I was puzzled as on the one hand this sounded like a scam (HUD does not give money to individuals), on the other hand it was coming from an account that had to be legitimate. The account had far too much personal information (personal pictures, etc.) that scammers would not have had or known about. The account had a long history of posts, etc.
After thinking about it for a moment, the only logical conclusion was that the person’s previously legitimate account had been compromised. Presumably a brute force password cracking script was used to pound the login screen of the online system until they got lucky; or even more popular now, hackers like to trade lists of people’s prior passwords that were previously compromised in large scale data breaches like those at Equifax, LinkedIn.com, etc.
Takeaways?
- If you receive odd requests from seemingly legitimate accounts, the person’s account has likely been compromised. Find a different method of contacting them (text or e-mail for example) to let them know.
- Never use the same password on multiple important websites (especially finance related, banks, etc.)
- If you are using passwords on financial websites that you have used for a very long time or have used at other websites, consider changing them and making them more difficult.
If you are an existing (or potential) AVAREN business customer and suspect you have been contacted by a scammer, feel free to forward the information to us for further analysis. 214-379-4200