On the 11th of September, Revolut users noticed unusual events in the app chat. A few days after the activity, people were alerted via email that the company had been the target of a cyberattack, which exposed multiple user accounts. This has decreased the bank’s credibility, and even if it provides more benefits than a regular bank, people are starting to become skeptical of Revolut’s safety. But what led to this data breach?
What happened?
A few days after users stated some atypical activity on the Revolut app, the company warned them to be wary of suspicious emails, phone calls and messages that seem to be sent by them. An attack eventually happened since some posted their SMS phishing messages on Twitter, where the hacker urged them to click on a link regarding their new debit card.
Unfortunately, the breach happened due to unauthorized access to the company’s database, which was accessed through social engineering methods. As a result, the personal data of 50,000 customers around the world has been compromised (including their full names, email addresses, phone numbers and account details). The company states that the breach did not allow access to people’s funds, so customers can continue to use their cards and accounts as usual.
Although Revolut isolated the attack pretty fast, such attacks are always taking advantage of naïve people, which is why hackers may target the company again. But is there a way to identify such attacks?
What happens after a phishing attack?
A phishing attack is one of the most common practices hackers use to steal data and gain access to someone’s accounts. They compose an email or text message to trick users into clicking on them, therefore receiving vital information. Hackers are usually acting like one of your trusted companies, making you believe that the actual company has contacted you. Some of the most common messages they send are regarding:
- Noticing a suspicious activity or login attempt of your account;
- Claiming there’s a problem with your account information;
- Urging you to confirm some personal or financial information;
- A fake invoice;
- Registering for a government refund;
- A coupon for free products or services;
Of course, these messages are fake, and you should never share any personal information through email or text. Clicking on links is also not advisable because this is the way they get to install malware on your device.
What you should do right after a phishing attack
If you’re not paying close attention to the emails you receive, you may find yourself in the situation of being hacked. But be wary of the language and orthography of the email body because you may often find suspect typos and fake domains that are impossible to happen from genuine companies. Such scams started to happen even on social media, where cloned websites, posts and tweets are used to persuade people to give their information.
If you believe you’ve been the victim of a phishing attack, there are some things you can do right at the moment to minimize the impact:
- Disconnect the device from the internet to prevent the attacker from remotely accessing your device. You could also disconnect your WIFI service from the network you’re using.
- Scan and clean up your device of any malware left. Try to avoid using the device for something else during the scan.
- Change your passwords for financial or social accounts and your credentials. Make them different and more complicated.
- Set up a fraud alert. This makes it harder for hackers to open an account in your name or use your finances.
If one of your account providers has been hacked and you lost data in a cyberattack, you can claim compensation for a data breach in the UK. This compensation could cover your financial losses. It may also help you recover mentally from the distressing event. Some people may even develop PTSD after their data is stolen.
How to protect your data on the internet
Although no one is 100% safe from cyberattacks, not even companies, there’s a difference between exposing yourself to threats and safely surfing the internet. Even if your spam filter is able to keep phishing emails out of your inbox, the scammer will still find a way to get through the system. Therefore, to protect your data, try to:
- Frequently update your software. Regardless of the device you use, ensure it updates automatically when needed to stay current with the latest technology configurations.
- Install security software. You can use free software programs to handle basic security threats. However, for added safety, it’s best to purchase a more comprehensive solution.
- Activate MFA (multi-factor authentication) on your devices. This system allows you to have another security layer that denies any unauthorized access. It works by requiring a second piece of information that only you know.
- Mind your passwords. Many people use the same password on all their accounts, fearing they’ll forget them if they’re different. But that’s only allowing hackers to get access to all your other accounts at the same time.Get a password manager to store your codes. Make them as complicated as possible. You’ll only need to remember a single password.
Stay up to date with the latest hacking practices. This helps you know what to expect and avoid. Hackers can always devise new tactics to fool users. You must know how to recognize such attempts.
Wrapping up
Revolut is one of the biggest digital banking services and has been reliable for a long time. However, recent events revealed that hackers stole users‘ data. Although the company stopped the breach and minimized its impact, we learned that any company could experience such an attack. Therefore, you need to be mindful of your activity on the internet and protect yourself from sharing your personal information.