Published: September 28, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
The genealogy website GEDmatch is under fire for a breach of customer privacy. A recent security issue exposed over one million DNA profiles belonging to customers of the site. This breach is believed to be the first step behind setting up a two-pronged attack involving another genealogy company, MyHeritage. GEDmatch claimed the breach allowed only the police to search the one million+ profiles that were originally hidden from their view. However, it’s believed the company’s breach helped set-up a phishing and typosquatting free-for-all for those looking to exploit the exposed data. GEDmatch released a statement to its users, claiming “No user data was downloaded or compromised,” but it didn’t end there.
Security experts believe credentials like email addresses taken from the GEDmatch hack were used for targeted phishing attacks against MyHeritage customers. Those customers caught up in the email phishing scam were brought to a fake login page with the domain name “myheritaqe.com,” an intentional misspelling of the site. Known as typosquatting, a type of cybersquatting that brings users to duplicate websites by using subtle misspellings that many users don't notice. The fake webpages, also called domain spoofing, are then used to steal usernames, passwords, and other data that can be used for identity and financial fraud and much more.
In 2018, GEDmatch made headlines for helping police discover Joseph DeAngelo, aka the “Golden State Killer” almost twenty years after his violent crimes were committed. California police were able to trace DNA using GEDmatch to distant relatives and ultimately build a family tree leading to DeAngelo. The case led to a controversial explosion of investigative DNA from genealogy sites being used to solve crimes. MyHeritage site doesn’t allow police to search their databases, yet hackers exploited data from both genealogy sites.
Since most of us are unaware when our data is breached until long after it happened, keeping a close eye out for email phishing and typosquatting should be a part of everyday use. We know hackers are a sneaky bunch, so following security precautions on a daily basis is always recommended.
Be on the Lookout!
Be wary of emails from unknown senders, especially those that require immediate action. They typically have a generic greeting that’s not personalized, may have typo’s or bad grammar, and include a link or an attachment they want the recipient to follow. The link could be part of a typosquatting website, and the attachment likely has some type of malware that downloads on a device upon opening.
Carefully check a website name for misspellings. Even the slightest change in spelling or the addition (or removal) of a comma or period in the domain name is typosquatting. Pay close attention when being redirected to another webpage via typosquatting. It may not be the page you’re expecting, although it may look exactly like it. Hackers are known for duplicating a business webpage, called domain spoofing, including from your bank, to steal any personal data it can.
Watch out for these tricks and remember that if you aren’t expecting a link or attachment, regardless of who the sender may be, don’t click it.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org