Anna Jones is an employee of Your Financial Services, Inc. and has used LinkedIn since 1996.  It’s been a great tool for listing her employment history as well as communicating with former colleagues and potential employers to keep in touch.  Over the years there’s been a lot of private information exchanged between her and these individuals, including salary ranges and other personal anecdotal information.  LinkedIn isn’t her bank account or email, so she just uses her standard “go-to” username and password – the easy one that she knows she won’t forget.

Anna’s LinkedIn Profile:

Username: AnnaJones or

Password: froz3n123 (it has letters and numbers, it’s secure right?)

In 2013, LinkedIn had a data breach of 80 million user records.  This list included names, email addresses, passwords, and job information.  Anna Jones was on that list, and thankfully she received an email alert about the breach from LinkedIn and promptly changed her password.

On the other side of the world, Rick who works for Hackers International just watched an online video on how to sell this data from the LinkedIn breach. He takes the knowledge he has from the video and applies it to the LinkedIn database of usernames and passwords that he accessed from the hacker community.  Based on his experience, he knows that some users would have changed their passwords, but the majority probably didn’t. It is very likely that those individuals who did not change their passwords may be using the same credentials on other accounts as well.

Rick works out his strategy and gets to work crafting an email.

From: Microsoft Support (


Dear Anna,

We are currently updating our records for your MSOffice product license with the username AnnaJones.  Please login HERE to verify that your credentials are up to date and please consider adding an additional phone number for secondary security.

Thank you,

Team Microsoft


Anna receives and reads the email, verifies that they have her correct email address and username.  At a quick glance, she sees it is from Microsoft and clicks on the link. The link takes her to a page that looks like the Office365 login page. Anna senses nothing unusual about the page and moves forward with updating her password.

Now, Anna has given Rick a new password AND a verified phone number.

Rick now looks at Anna’s LinkedIn Profile, goes to the website of Anna’s employer, and clicks on the Employee Login button.  He uses the password combination that he has from the LinkedIn list to try to gain access, if that doesn’t work, he will try the new one that she entered from his phishing email.  Within 5 minutes, he has access to thousands of records for Your Financial Services, Inc. employees and clients.  He has hit the cybercriminal jackpot.  There is bank information, including balances, routing numbers and personal identification numbers all at his disposal.

Rather than stop there, Rick unleashes ransomware on all of the devices at Your Financial Services, Inc. and holds their computers hostage until they pay him a fee to regain access.  Their management is now required to come up with bitcoin, but they have no idea what bitcoin is, so time keeps ticking away as they try to figure this out.  They call in their IT team who will need some time to sort this out on their end too.  Oh, and since it’s an emergency call, their rates are going to be higher.

The phones are ringing at Your Financial Services, Inc. It’s tax season and these clients need their documents for filing their returns.  At this point, these customers don’t realize yet that some of their own accounts have been hacked by Rick.  Client records are frozen, so the phones continue to ring unanswered. As the day goes on, calls come in at an increasing rate because bank accounts have been depleted and unauthorized charges are being made on customer debit card accounts.

All because Anna clicked on a phishing email.

How can this be prevented? 

Hackers are continually evolving and creating more sophisticated methods to access and use your data to their advantage.  Once a breach occurs, the cycle of damage starts, often before anyone even knows about it.  Imagine it like a photo that you take and post on social media.  You may decide to delete it, and you can remove it from all of your devices and profiles, but it’s still out there. Someone may have taken a screenshot or shared it before you took it down.  You no longer have control over your photo being shared by other people.   This is what happens with your identification and account credentials once your data is out there.  Your IT team can help you to undo immediate damage (i.e. change passwords, notify banks, remove information) but someone somewhere still has your data.  They can use that data to create fake accounts, steal your identity, and gain access to other accounts you may have overlooked.

The solution lies in having a solid partner on your IT team to continually alert you when your data pops up on the dark web for someone to buy, steal, or use.  You can’t let your guard down, and our services help you to do that.

© Cyberworks Technology Group – 2023