It’s only a matter of time before an industry is hit with a wave of fraud. Last year, the mortgage industry had its turn, as it experienced a 65% increase in fraud compared to 2020.

There’s never a good time to experience a data breach that leads to fraudulent activity, but for the mortgage industry, a recent incident  adds to an already tough 12 month period.

In the latest installment of BlackCloak’s Thursday Threat Update, we will cover a data breach reported by a mortgage servicer that affected millions of users and yet another cryptocurrency-based scam observed by a wallet provider. 

Mortgage servicer data breach impacts millions 

What we know: Lakeview Loan Servicing experienced a data breach late last year affecting more than 2.5 million customers. An unauthorized user was able to access Lakeview’s servers, and the personal information of anyone who borrowed between Oct. 27 to Dec. 7, 2021. The compromised personal information included borrowers’ names, addresses, loan information, and Social Security numbers. 

Recommendations: Lakeview has offered one free year of Kroll credit monitoring and identity theft protection services for anyone impacted by the breach. As Social Security numbers were exposed, it’s also a good idea to monitor your online accounts for any suspicious activity. If you were affected by this incident, you should strongly consider placing a fraud alert and credit freeze on your accounts, as well.

Crypto wallet provider issues warning to iOS users

What we know: MetaMask is warning their iOS users about storing important information in Apple’s iCloud. Specifically, the cryptocurrency wallet provider is advising iOS users against storing their security recovery phrase, known as a seed, on iCloud if the app data backup is active. Essentially, should an iCloud account become compromised, the digital wallet is at risk as well. In fact, one MetaMask user reported losing $655,000 to a phishing scheme where a cybercriminal posed as an Apple representative claiming to be investigating suspicious activity. The cybercriminal was able to persuade the victim to hand over a dual-factor authentication code  and reset their password, after which they stole the funds from the crypto account.

Recommendations: First, to exclude MetaMask from iCloud backups, go to Settings, then Profile>iCloud >Manage Storage>Backups. Second, never respond to any text messages or phone calls from senders who you do not recognize. You don’t want to run the risk of interacting with a malicious actor. You should also never hand over dual-factor authentication codes under any circumstance. Official company representatives will never ask for these codes. Thus, if you receive a request from someone who claims to need it, immediately recognize this request as a major red flag. 

Protect yourself from data breaches and phishing scams

Data breaches and phishing scams have become all too commonplace, but that doesn’t mean you need to panic. There are a number of ways to protect yourself online, and the best way to start is with awareness. Learn about how you can protect yourself from phishing attacks and identity fraud, and for crypto users, read up on how cybercriminals are targeting accounts through SIM hijacking to ensure you keep your digital assets safe.