Security Tip of the Week – Duo Data Leak

Cybercriminals are sending a spoofed Duolingo email claiming you need to change your password or email address.

Keller Schroeder Security Solutions Group Logo

Duolingo is a popular online language learning platform that allows users to learn languages and earn certifications. Recently, Duolingo was involved in a data leak, in which cybercriminals stole the names and email addresses stored on the platform. That means 2.6 million users have been impacted by this data leak.

In the coming months, we expect to see an influx of cybercriminals using phishing scams to try to take advantage of Duolingo’s data leak. For example, cybercriminals may send you a spoofed Duolingo email claiming that you need to change your password or email address. Cybercriminals could also use your leaked name or email address to send more sophisticated phishing attacks. These attacks could be completely unrelated to Duolingo.

Follow the tips below to stay safe from similar scams:

  • Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 
  • Remember that this type of attack isn’t exclusive to Duolingo. Cybercriminals could use this technique to impersonate any app.
  • When you receive an email, stop and look for red flags. For example, watch out for emails that were sent outside of business hours and emails that contain spelling or grammatical errors.

Stop, Look, and Think. Don’t be fooled.

KnowBe4 Logo - Keller Schroeder Vendor Partner

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.

DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.


Join Our Mailing List

More Posts