On the 11th of September, Revolut users noticed unusual events in the app chat. A few days after the activity, people were alerted via email that the company had been the target of a cyberattack, which exposed multiple user accounts. This has decreased the bank’s credibility, and even if it provides more benefits than a regular bank, people are starting to become sceptical of Revolut’s safety. But what led to this data breach?
What happened?
A few days after users stated some atypical activity on the Revolut app, the company warned them to be wary of suspicious emails, phone calls and messages that seem to be sent by them. An attack eventually happened since some posted their SMS phishing messages on Twitter, where the hacker urged them to click on a link regarding their new debit card.
Unfortunately, the breach happened due to unauthorised access to the company’s database, which was accessed through social engineering methods. As a result, the personal data of 50,000 customers around the world has been compromised (including their full names, email addresses, phone numbers and account details). The company states that the breach did not allow access to people’s funds, so customers can continue to use their cards and accounts as usual.
Although Revolut isolated the attack pretty fast, such attacks are always taking advantage of naïve people, which is why hackers may target the company again. But is there a way to identify such attacks?
What happens after a phishing attack?
A phishing attack is one of the most common practices hackers use to steal data and gain access to someone’s accounts. They compose an email or text message to trick users into clicking on them, therefore receiving vital information. Hackers are usually acting like one of your trusted companies, making you believe that the actual company has contacted you. Some of the most common messages they send are regarding:
- Noticing a suspicious activity or login attempt of your account;
- Claiming there’s a problem with your account information;
- Urging you to confirm some personal or financial information;
- A fake invoice;
- Registering for a government refund;
- A coupon for free products or services;
Of course, these messages are fake, and you should never share any personal information through email or text. Clicking on links is also not advisable because this is the way they get to install malware on your device.
What you should do right after a phishing attack
If you’re not paying close attention to the emails you receive, you may find yourself in the situation of being hacked. But be wary of the language and orthography of the email body because you may often find suspect typos and fake domains that are impossible to happen from genuine companies. Such scams started to happen even on social media, where cloned websites, posts and tweets are used to persuade people to give their information.
If you believe you’ve been the victim of a phishing attack, there are some things you can do right at the moment to minimise the impact:
- Disconnect the device from the internet to prevent the attacker from remotely accessing your device. You could also disconnect your WIFI service from the network you’re using.
- Scan and clean up your device of any malware left. Try to avoid using the device for something else during the scan.
- Change your passwords for financial or social accounts and even your credentials, but try to make them different and more complicated.
- Set up a fraud alert to make it more difficult for the hacker to open an account in your name or use your finances.
On the other hand, if one of your account providers has been hacked and you lost your data due to a cyberattack, you can claim compensation for a data breach in the UK that could cover your financial losses. The bonus could also help you recover mentally from such a distressing event since some people may even develop PTSD from getting their data stolen.
How to protect your data on the internet
Although no one is 100% safe from cyberattacks, not even companies, there’s a difference between exposing yourself to threats and safely surfing the internet. Even if your spam filter is able to keep phishing emails out of your inbox, the scammer will still find a way to get through the system. Therefore, to protect your data, try to:
- Frequently updating your software. No matter the device you have and use, it’s crucial for it to update automatically whenever necessary to keep up with the latest technology configurations;
- Install security software. You can even use free software programs since they can deal with basic security threats, but if you want more safety, it would be best to purchase one;
- Activate MFA (multi-factor authentication) on your devices. This system allows you to have another security layer that denies any unauthorised access. It works by requiring a second piece of information that only you know;
- Mind your passwords. Many people use the same password on all their accounts, fearing they’ll forget them if they’re different. But that’s only allowing hackers to get access to all your other accounts at the same time. Therefore, get a password manager to hold your codes (and make them as complicated as possible), so you’ll only need to remember a single password;
Finally, staying up to date with the latest hacking practices is important, so you know what to expect and avoid when such things happen. At any time, a hacker could devise a new and unseen tactic for fooling users, so you must know how to recognise such an attempt.
Wrapping up
Revolut is one of the biggest digital banking services, and it has been reliable for a long time until the recent events when hackers stole users’ data. Although the company stopped the process and minimised the gravity of the situation, we only learned that any other company could experience such a breach. Therefore, you need to mind your activity on the internet and protect yourself from giving away all your personal information.