Did you ever receive such a letter or an e-mail from DT? "Dear customer, unsolicited advertising via e-mail (so-called spam) was sent to a foreign mail server via your connection. This is usually an indication that attackers can access your computer from outside and may also try to intercept passwords, credit card, bank and other personal information."
The security team of Deutsche Telekom sends out tens of thousands of such letters and e-mails every year to customers who have been victims of cybercriminals. Most of those affected do not even know that their computers have been hijacked or their access data has been stolen from their mail account. Until they receive an e-mail from us. What should be done? The security team's letter explains step-by-step how those affected should clean their computer from malicious code or how to respond to stolen credentials. DT has offered this service free of charge to its customers for almost 20 years. Since 2015, it has been required by law to inform affected customers.
Action for more security in the Internet
We want our customers to be safe online and that they can use digital services without any worries. Informing customers whose devices have attracted cybercriminals or whose access data has been stolen is one of our contributions to make the Internet a bit safer. DT takes responsibility for the internet and its customers. We even search the internet or Deepnet for abused data to warn our customers.
The warning always follows the same way: the victims receive an e-mail and a letter, provided the postal address is available. The security team of DT sent out 539,074 e-mails in the first three quarters of 2017. Most of the warnings - nearly 235,000 letters - were sent to affected persons whose computers sent spam messages. The security team informed and supported. Other cases they helped were contamination of the computer with a malicious code, hacking attacks which emanated from hacked customer devices, open ports which should be closed, spammers using homepages or identity theft. Especially the numbers for identity theft have increased noticeable in 2017.
About 100 million stolen identities, i.e. user IDs consisting of email address and password, Deutsche Telekom experts have seen in 2016. By contrast, there were about 1.9 billion records in 2017! These records come from all over the world. In most cases, investigative authorities or specialized organizations have gathered them and made them available to providers. Many records are no longer valid or incomplete. Nevertheless, the bottom line is that hundreds of thousands of access data is available on the market from internet users all over the world.
Monotony is fatal for passwords
More and more services are being transferred to the online world. This means that in an increasing number of places more and more digital identities can be stolen. For the user, more and more services mean that the allocation of passwords is sometimes confusing and complicated. There is a supposed obvious solution close, which is unfortunately fatal: Only one password for all or at least many of these services. The problem here: If the access data is stolen from a service provider, or the user enters his own data on a phishing site, cybercriminals test them automatically for other services. In this case, successfully. And so, criminals can shop in different places or book services at the costs of the person concerned.
However, stolen identities are not just a problem for private users: they are already being used to contact corporate employees and to send them malicious code that spreads across the corporate network, unearthing sensitive data and forwarding it to the criminals. And imagine what might happen if the identity of an employee is stolen who controls and monitors the production of medicines or the use of fertilizers in the fields online?
Security is not that difficult
How to prevent such scenarios? Caution and secure passwords are the solution. Be suspicious when a bank or an online retailer allegedly asks you to enter your credentials into a form because the account needs to be verified. No bank and no service provider would query data in this context! And: Choose your own password for each service. Sounds complex at first, but it does not have to be.
Hint: The first letters of a sentence that you can easily remember, plus special characters and numbers. This is the base for a secure password. Always at the same place the first letter of the service for which the password applies. So, for example: My mother wears a hat every day during shopping = Mmwahedds. In addition special characters and numbers: Mm57wahedds?. And the service (in this case Deutsche Telekom): MmDT57wahedds?.
Currently, new services and platforms are emerging that act as a secure manager of identities. An example of this is verimi, in which Deutsche Telekom is involved. This cross-industry platform will enable the possibility to log in only once and have secure access to different services without having to type again. Of course, the same applies here: choose a secure password for the registration! On that note: Rf2018:Itgctmgnapdfitwh!*
*Resolution for 2018: I take good care that my good name and password don’t fall into the wrong hands!
Data privacy and security
Find security tips and current information on data privacy and security here.