When news about large-scale data leaks emerges, fraudsters become more active amidst the noise and panic, according to Daniil Borislavsky, Product Director for Information Security at «Kontur.Egida» (Staffcop direction). He warned users about the appearance of fake verification services online.
Photo: Dmitry Ermakov / Lenta.ru Archive
Following news of major data breaches, according to the expert, mass mailings posing as verification services begin. These messages lure people with phrases like: «Check if you were on the list,» «Your password may be compromised,» or «Log in and make sure your data is safe.» The services then prompt users to enter their login, password, or email, supposedly for a security check. Borislavsky explained that this is a new wave of phishing attacks leveraging current data leak news. He also warned that these fake sites often visually mimic legitimate services like Have I Been Pwned to gain user trust.
«The issue is that this is presented so convincingly that even careful users can be tricked,» the expert noted. «This is especially true if the message appears to come `on behalf of the security service` or `support`.»
The expert urged users not to enter passwords indiscriminately or click on links from emails, even if they appear official. He stressed that data can be checked for leaks, but only using verified tools that do *not* require entering your current password. If in doubt, Borislavsky recommended changing your password and enabling two-factor authentication.
Earlier reports indicated that 16 billion URLs, logins, and passwords for various digital services, including Google, Apple, Facebook, and Telegram, had been leaked online.
