The Employment portal of the Government of Mexico suffers a massive data leak

We all know that hackers spare no effort when launching their cyber attacks, so no company and no institution is safe. This also includes official government institutions and their ministries, as was evident a few weeks ago, when it was discovered that the databases of the Employment portal of the Government of Mexico had been hacked.

These databases included information on 12 million Mexican men and women, including the Afore, Social Security number, passport number, RFC, and other private data of critical importance. Among the compromised data was also the victims’ phone number, which was used by the hacker – along with the rest of the stolen data – to try to defraud registered users on the platform.

The scams were carried out through Telegram, where the cyberattacker posed as an official entity to request illegitimate payments from affected users. By having so much information about them, the hacker could compile very credible messages, so the scam had a very high success rate. And the worst thing is that it is not known how long the stolen database was in the hands of the cyber attacker.

Among the most frustrating aspects of a hack of this type is the fact that users have no control over the security of the platforms that store their information. Not even government entities are safe from these hacks, and, in cases such as the Employment portal, users do not have the option to prevent registration on the platform. That is why these databases are so coveted among hackers.

Yes, we can adopt protection measures for our own devices to avoid leaks or breaches in them. We can install virus cleaning tools capable of removing malware from the computer or cell phone, encrypt our connection to ensure that our online information is private, and limit the web platforms where we enter our personal data as part of the registration.

However, what we cannot do is protect the Mexican government servers. This is something that is out of our reach, and if a data breach occurs, all of our personal information will be exposed. From here on, our only protection tool involves detecting phishing attacks that cyber attackers can carry out with stolen information.

Phishing attacks are those where the hacker poses as a legitimate entity to try to steal information or money from their victims. They can take many different forms, for example by developing fake web pages, sending fraudulent emails, or even sending us Telegram messages where they impersonate government entities, as was the case on this occasion.

Whatever form they take, phishing messages usually have some characteristics in common that we should take into account to detect them in time and prevent scams. These include the following:

It is common for hackers to try to convey a sense of urgency to their victims, pretending that they must do what the hacker asks of them in a very short time to prevent greater evils or not to miss a great opportunity. For example, the hacker can make us believe that we must ‘credit’ our bank card to receive a supposed government subsidy, which we will lose if we do not ‘credit’ it in the next few hours.

In the previous example, another of the common features of these cyberattacks also appears: the request for bank details. The ultimate goal of cyber attackers is usually to steal money, so they often request that we make a payment with a credit card, share our bank account details, which facilitates any other information related to money transfers in digital format.

Finally, another characteristic that phishing attacks usually have is the use of short URLs. These addresses are abbreviated so that the web domain they come from cannot be identified. Hackers use them to prevent their victims from discovering the use of a fake web address. When we see an email or chat message with this type of address, we should be alert and suspicious!