One of the world’s leading email service providers, Epsilon, found itself the victim of a phishing attack that saw a significant amount of data lost to cyber-thieves. It’s important to learn from mistakes like these and make sure that both your own and you clients’ data is kept secure and safe from thieves. There’s been a lot of buzz recently about Epsilon, one of the biggest email service providers in the world, as it suffers from the backlash of allowing itself to be a victim of phishing efforts – which has affected the business data of as many as 50 major companies who are clients of theirs. Reports are also citing Epsilon’s failure to heed an alert from a business partner which advised the provider to be on its toes against potential attacks from cyber-criminals targeted towards email service providers. The damage estimates vary, with Epsilon citing only about 2% of their data being stolen, but the impact is undeniable. Cyber-criminals now have access to a sizable number of personal data stored through Epsilon – passwords, account numbers, and even the purchasing / buying habits of the customers of Epsilonงs clients. Many of Epsilon’s clients are now sending out messages to their own customers, warning them that their email addresses may have been compromised. It’s a lesson to companies, big and small, to pay more attention to beefing up their security protocols, since all it takes is one breach to endanger all of your data. In addition to having the right security software, it also helps if you require your employees undergo proper user training to make sure that they won’t be easily baited by scams like phishing, and will be more aware of how to contribute to the safety of your business data. Failing to do so puts not only your company, but also your clients, at risk. If you’d like to make sure your systems are safe, call us and we’ll evaluate your current security measures and suggest ways to make critical improvements.
IMPORTANT UPDATE FOR QuickBooks Customers: Intuit is receiving reports of individuals receiving fraudulent emails from QuickBooks or QuickBooks Online. The two separate emails ask customers to either download a plug in to assess their security or download a Digital Certificate. Customers should delete either of these emails. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down. More at the Intuit website
Hotmail, Microsoft’s free online email service, finds itself in hot water when 10,000 email accounts usernames and passwords were recently discovered posted in a code-sharing website. BBC News has reported that these Hotmail account owners, mostly from Europe, were victimized by a phishing attack. Microsoft is currently investigating the incident, and hinted that there may be more users who have inadvertently compromised the privacy of their email accounts. The total scale of the phishing attack has yet to be determined, since the 10,028 Hotmail usernames and passwords are only of users whose names begin with A or B. Microsoft has confirmed the accounts to be genuine. Microsoft has also taken action to remove the passwords and usernames from the website. As of now, there is no news regarding what action the software giant will take against the instigators of the attack, nor what the impact will be to the owners of the compromised accounts. Microsoft has advised users to immediately change their passwords, and warned email account holders to be more careful in responding to emails. Phishing is an online scam in which email accounts are sent fake emails disguised as legitimate correspondence from trusted websites. Once the recipient clicks on a link included in the email, his or her account is then compromised, allowing phishers to gain access to account information as well as other sensitive information, including bank passwords and credit card accounts. The original BBC story can be found here .
In a previous post, we pointed out how just browsing the web these days can possibly infect your PC with malware . To show how dangerous surfing can become, Symantec recently released their list of the “Dirtiest Websites of Summer” – the top 100 infected sites on the Internet based on number of threats detected by their software as of August 2009. The list identifies websites that could compromise security with risks including phishing , malicious downloads, browser exploits, and links to unsafe external sites. Some interesting findings from the study: The average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for most sites 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site 48% of the Top 100 Dirtiest Web sites feature adult content 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months Viruses are the most common threat represented on the Dirtiest Websites list, followed by security risks and browser exploits You can read more about this research at Symantec’s website. If you suspect your PCs are at risk, or if you want to ensure your website doesn’t get hijacked by cybercriminals, contact us. We can help. Related articles: Symantec lists “Dirtiest Web Sites” Virus Security By Leveraging Community And Clouds Smartphone users need more security
Another reason to keep your computer malware free: cyber-pirates raided several businesses as well as a school in recent attacks through the Automated Clearing House (ACH) Network. The losses, which ranged from $150,000 to more than $400,000, were accomplished by the crooks in mere minutes. Luckily for these companies, the banks managed to reverse some of the transfers. If they hadn’t, the losses would have amounted to $700,000 up to a whopping $1.2 million. The modus operandi of the hackers is simple. Making use of the ACH network, they send out “phishing” emails to account holders. When the recipient clicks on the link, malicious software – a Trojan horse or virus – automatically downloads itself to the recipient’s computer, allowing the hacker to infiltrate the system. Keylogging software (software that tracks keystrokes) is installed, which gives phishers access account numbers, names, and passwords. They then divert the company’s funds into their own accounts. ACH fraudsters can also use the same method to not only siphon off money into their own pockets, but also to establish “ghost employees”, which they insert into the payroll and qualify to receive regular paychecks. While banks are doing their best to strengthen the system, they can only do so much, and experts admit that the ACH network is a very old system compared to today’s standards. The volume of money that flows through the ACH is also so massive that it is difficult to keep track of specific amounts for specific accounts. Despite its shortcomings, the ACH system still remains widely used, and the best defence is to guard your system well. For our clients, we have firewalls and anti-malware software in place, but you should also make sure your bookkeepers and staff are briefed on how to avoid being the victim of fake phishing emails. If you have any questions or concerns please give us a call. For more details about this story, visit http://www.computerworld.com/s/article/9136334/Cyber_attackers_empty_business_accounts_in_minutes?taxonomyId=17&pageNumber=1.