CONTINUE
Cybercriminals continue to try to hit the Spanish company. Iberdrola confirmed yesterday that on March 15 it suffered a 'hacking' that already affected the personal data of 1,3 million users for one day. The energy company explains that the criminals had access to information such as "name, surnames and ID", in addition to email addresses and telephone numbers, according to other media. In principle, no banking or electricity consumption data have been obtained.
Taking into account the data that cybercriminals have had access to, the most predictable thing is that they intend to use it for the elaboration of cyber scams by email or more targeted call. In this way, they could obtain banking information from affected users or trick them into making payments for fines or supposed services.
“Mainly, they can start launching targeted campaigns, supplanting Iberdrola, for example. Those affected may begin to find messages in the mail in which criminals use the data collected to steal more information, still deceiving the user”, explained Josep Albors, head of research and awareness of the cybersecurity company ESET, in a conversation with ABC.
The expert adds that, by having information about the user such as name or DNI, the criminal can "generate greater trust in the user." And it is that, it is not the same that you receive an email from a third party in which you are told that you must change the access data to an account in which they call you, for example, "client", to go to you by your number and call. The chances that the Internet user believes that the communication is truthful, in this second case, increase.
Bearing this in mind, Albors recommends that users "be more suspicious when they receive emails, especially if they are from Iberdrola." “If you have not done so yet, it is recommended that you change the passwords for your emails and for the services you use on the Internet. They should also try to employ, whenever possible, two-factor authentication systems. In this way, even if a cybercriminal has access to one of your passwords, they will not be able to access the account, and they would need a second code to do so.
