-
-
-
Jeff Weeks
Sr. Vice President and Chief Information Security OfficerFeb 20 2025
-
Author: Jeff Weeks, Senior Vice President and Chief Information Security Officer
Cybercriminals are constantly evolving their tactics to steal your credentials and your money. To stay ahead of their game, let’s examine some real-life instances of successful methods cybercriminals used to gain access to personal information, accounts and money, and what we can learn from each situation.
Roku Incident
In early 2024, Roku faced a cybersecurity incident affecting about 15,000 customers. Cybercriminals acquired usernames and passwords from external sources, likely due to people reusing the same credentials for different services. This allowed attackers to gain unauthorized access to Roku accounts and attempt unauthorized purchases.1
This example highlights the importance of using strong and unique passwords for each site and accounts you use. If you are worried about forgetting your multiple passwords or need help creating them, there are multiple password managers available to assist you.
Massive Password Dump
In January 2024, a researcher uncovered a massive password dump containing nearly 71 million unique credentials for websites like Facebook, Roblox, and Yahoo. The credentials were collected by malware running on compromised machines, highlighting the risks of not securing devices properly.2
Malware can be delivered in many ways; the most common being through a phishing email. Make sure everyone using your home network understands how to identify phishing emails and keep a healthy amount of skepticism about emails you receive.
Router Security Issues
A recent survey revealed that 86% of respondents had never changed their router's default password. This oversight allows attackers to easily compromise networks by using default credentials like "admin" and "password." Such vulnerabilities can lead to man-in-the-middle attacks, data theft, and other malicious activities.3
Always change the default password for any new devices on your network.
Consumer Reports Investigation
In November 2024, Consumer Reports highlighted a case where a retiree was scammed by a caller pretending to be from a bank's fraud department. The scammer used social engineering tactics to obtain the retiree's banking details, including her account password and subsequently stole a significant amount of money from her account.4
Talk about this issue with your friends and family. Approach unsolicited phone calls with the same skepticism you have for emails. Reputable businesses will not call you and ask for your social security number, your account numbers, or your account credentials. Become accustomed to hanging up the phone or not answering every call. Let the caller leave a message so you aren’t put on the spot.
For more examples, see these additional articles:
- Understanding, Spotting, and Preventing Devastating Romance and Investment Schemes
- Deepfakes: Unmasking the Digital Illusion
About the Author
Jeff has been with First National Bank of Omaha for more than 25 years and is currently the Senior Vice President and Chief Information Security Officer. The executive leadership and oversight provided by Jeff in the development, management, and execution of information security for FNBO enables the company’s ability to posture and protect private, personal information, and assets of the company’s clients, employees, and business partners.
The articles in this blog are for informational purposes only and not intended to provide specific advice or recommendations. When making decisions about your financial situation, consult a financial professional for advice. Articles are not regularly updated, and information may become outdated.