The Maldives Police Service on Thursday warned that a large number of Maldivians' social media data is being leaked online.
The statement, published on the police website, said that a number of locals' login credentials have been leaked due to data breaches from social networking sites such as Facebook, Instagram, and Twitter.
The police said that most people are not aware of how their data is being leaked. Even though most social media websites ask their users to frequently change their passwords, people do not often do this because they either forget to make the change or for other seemingly small reasons.
Customers often use the email address they give to their bank for social networking sites, as well as e-commerce websites, the police said.
When these platforms ask for login information, users enter the same password and email address they use for their banks and other personal accounts. Further, the police cautioned that the security features offered by emailing services are also not activated, and security settings are often not configured.
"In some cases, we have found that the internet banking username and password are also saved on the device's password manager. In these cases, if your email has been compromised, scammers can access this information. Then, without any further obstacles, they can use your internet banking account," the statement read.
"We have also seen people save their internet banking and email details on devices that do not belong to them (untrustworthy devices)."
Mihaaru News reported that there has been an increase in cases where people collect internet banking details from customers and then use these details to make transactions at shops using the QR code feature on the Bank of Maldives applications. These details have been used to transfer money from one account to another via internet banking as well.
When these incidents were investigated, the police said they discovered people were using phishing links and collecting the username and password details of potential victims. These links and messages look like official emails issued by organisations.
"When you click on these links, they request that you enter your email address and password. If this information is filled, the email and password used are now known to scammers. These links are presented by the criminals as legitimate emails from established institutions. For example, an email from Housing Development Corporation [HDC] may request to update the users' portal details. These links appear to lead to the correct HDC website."
If anyone wishes to check whether their email address and passwords have been leaked internationally, they can check via https://haveibeenpwned.com.
Sign In