Cyber Experts Share Tips to Avoid AI Phishing Scams

Kurt Knutsson, known as ‘The CyberGuy,’ offers insight into how to avoid becoming a target of AI-driven phishing scams. He also discusses findings revealing that North Korean operatives are allegedly diverting funds to the country’s nuclear agenda while masquerading as IT personnel.

If you’ve recently applied for an online loan, you might not realize how much personal information you shared. Think about it—name, email, date of birth, maybe even your address and phone number. Now, consider that this data is sitting on a dark web forum, which is the unfortunate reality for nearly one million individuals following a breach at Figure Technology Solutions, a fintech company focused on blockchain-based lending.

What Happened in the Figure Data Breach?

Figure Technology Solutions launched in 2018, utilizing blockchain technology for various financial transactions. They claim to have facilitated over $22 billion in home equity through collaborations with numerous banks and financial institutions. However, the attack on their system stemmed from a different strategy.

Data from the breach shared by Have I Been Pwned indicates that information from 967,200 accounts was compromised. This included over 900,000 distinct email addresses, alongside names, phone numbers, addresses, and birth dates—precisely the kind of data identity thieves look for. The breach reportedly occurred through a social engineering tactic, meaning an insider was deceived into granting access.

A spokesperson for Figure Technology Solutions stated, “We identified that an employee was misled, allowing an attacker to download a limited number of files through their account. We acted swiftly and engaged a forensic firm to assess the impact.” They emphasized the importance of these matters and mentioned providing affected individuals with credit monitoring services.

Social Engineering is a Real Threat

Many see blockchain as inherently secure, but in reality, the attacker didn’t break the code; they exploited human error. A group known as ShinyHunters has taken responsibility for this breach, even claiming to have released 2.5GB of data connected to many loan applicants. Alarmingly, they’ve also implicated breaches at other companies like Canada Goose and Panera Bread. What stands out is a trend: attackers impersonate IT support, create a sense of urgency, and lead employees to fake login pages that closely resemble legitimate ones. Once they input their credentials, it opens the door to an array of internal systems.

Why This Matters to You

If your data was in the Figure breach, fraudsters could easily craft convincing phishing emails and phone scams using your real details. Even if you never applied for a loan through Figure, this incident underscores a broader lesson—no system is completely free from human error, and social engineering preys on trust rather than technology.

Bigger Lessons About Blockchain and Trust

Figure markets itself as a blockchain-centric organization, which typically evokes ideas of transparency and security. However, those attributes can’t protect against a skillfully executed scam phone call. Security lapses often happen on the human side of things. As financial services continue to move online into a more interconnected environment, the risks expand, making identity verification and cloud-based systems increasingly vulnerable.

How to Protect Yourself After the Figure Data Breach

You can’t control how well companies secure their systems, but you can decide how to respond. Start by checking if your email is part of the compromised data, and then follow these steps to safeguard your accounts:

Please Ensure Your Email Is Not Public

Check if your email was impacted by visiting: https://haveibeenpwned.com/. Enter your email to verify if it’s included in the breach. After doing that, proceed to the next steps.

Follow These Steps Now

1. Change any compromised passwords immediately. Don’t leave vulnerable passwords unchanged; update them across all sites where you use them. Utilize a password manager to create strong and unique passwords.
2. Enable multi-factor authentication wherever possible.
3. Never share your login codes with anyone, not even those claiming to be IT support.
4. Install robust antivirus software to blocking phishing attempts and malware that often follow large breaches.
5. Consider a data removal service to limit your personal information on data broker sites. Scammers often merge compromised data with that sourced from these platforms.
6. Submit a fraud alert or credit freeze with major credit bureaus.
7. Check your bank and credit card statements regularly for any unusual activity.

Stay vigilant for any unexpected calls relating to your account. If someone pressures you to take immediate action, it’s best to hang up and reach out to the company directly through their official contact number.

Key Takeaways

The Figure data breach serves as a clear reminder that technology alone cannot secure sensitive data. A single misled employee can put countless others at risk. This isn’t a failure of blockchain technology; it’s a failure of trust. If your personal information is involved, act now. And even if you’re not affected, consider this a wake-up call—your data is valuable, and so is your privacy. Companies need to recognize this too.