Tag archive for "phishing" | Sarsfield Technology

Lessons from the Epsilon Incident

One of the world’s leading email service providers, Epsilon, found itself the victim of a phishing attack that saw a significant amount of data lost to cyber-thieves. It’s important to learn from mistakes like these and make sure that both your own and you clients’ data is kept secure and safe from thieves. There’s been a lot of buzz recently about Epsilon, one of the biggest email service providers in the world, as it suffers from the backlash of allowing itself to be a victim of phishing efforts – which has affected the business data of as many as 50 major companies who are clients of theirs. Reports are also citing Epsilon’s failure to heed an alert from a business partner which advised the provider to be on its toes against potential attacks from cyber-criminals targeted towards email service providers. The damage estimates vary, with Epsilon citing only about 2% of their data being stolen, but the impact is undeniable. Cyber-criminals now have access to a sizable number of personal data stored through Epsilon – passwords, account numbers, and even the purchasing / buying habits of the customers of Epsilonงs clients. Many of Epsilon’s clients are now sending out messages to their own customers, warning them that their email addresses may have been compromised. It’s a lesson to companies, big and small, to pay more attention to beefing up their security protocols, since all it takes is one breach to endanger all of your data. In addition to having the right security software, it also helps if you require your employees undergo proper user training to make sure that they won’t be easily baited by scams like phishing, and will be more aware of how to contribute to the safety of your business data. Failing to do so puts not only your company, but also your clients, at risk. If you’d like to make sure your systems are safe, call us and we’ll evaluate your current security measures and suggest ways to make critical improvements.

What to do if you’ve responded to a phishing scam

If you suspect that you’ve responded to a phishing scam with personal or financial information or entered this information into a fake Web site, take these steps to minimize any damage. Read more

Phishing Alert for QuickBooks Customers

IMPORTANT UPDATE FOR QuickBooks Customers: Intuit is receiving reports of individuals receiving fraudulent emails from QuickBooks or QuickBooks Online. The two separate emails ask customers to either download a plug in to assess their security or download a Digital Certificate. Customers should delete either of these emails. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down. More at the Intuit website

New Study Reveals Extent of Losses Due to Phishing Attacks

Trusteer , a security solutions vendor, recently released the results of their study which shows how successful phishing attacks are, how many users respond to phishing attacks, and how many users submit their login information to criminal websites. The results are alarming. Among them: Each phishing attack involves a very small percentage of customers (0.000564%), but due to the large number of phishing attacks, the aggregated number is significant 45% of bank customers redirected to a phishing site divulge their personal credentials 0.47% of bank customers fall victim to phishing attacks each year, translating to $2.4M-$9.4M in annual fraud losses per one million clients Each financial institution was targeted, on average, by 16 phishing websites per week, translating to 832 phishing attacks per year per bank brand Despite efforts by browser developers and security vendors to protect users from phishing attacks, a small number apparently are still able to bypass anti-spam/phishing protection – and when they do, the results can be damaging. Let us help you protect yourself from phishing attacks. To find out more contact us today. Related articles: Garlik’s UK Cybercrime Report 2009 Released (pindebit.blogspot.com) Chat In the Middle Online Banking Threat (pindebit.blogspot.com) PC Users Targeted As Online Fraud Soars (news.sky.com) Less than 0.5% of online banking clients fall for phishing scams each year, report says (seattlepi.com)

Phishing scam targets Hotmail users

Hotmail, Microsoft’s free online email service, finds itself in hot water when 10,000 email accounts usernames and passwords were recently discovered posted in a code-sharing website. BBC News has reported that these Hotmail account owners, mostly from Europe, were victimized by a phishing attack. Microsoft is currently investigating the incident, and hinted that there may be more users who have inadvertently compromised the privacy of their email accounts. The total scale of the phishing attack has yet to be determined, since the 10,028 Hotmail usernames and passwords are only of users whose names begin with A or B. Microsoft has confirmed the accounts to be genuine. Microsoft has also taken action to remove the passwords and usernames from the website. As of now, there is no news regarding what action the software giant will take against the instigators of the attack, nor what the impact will be to the owners of the compromised accounts. Microsoft has advised users to immediately change their passwords, and warned email account holders to be more careful in responding to emails. Phishing is an online scam in which email accounts are sent fake emails disguised as legitimate correspondence from trusted websites. Once the recipient clicks on a link included in the email, his or her account is then compromised, allowing phishers to gain access to account information as well as other sensitive information, including bank passwords and credit card accounts. The original BBC story can be found here .

Watch out for “dirty” websites

In a previous post, we pointed out how just browsing the web these days can possibly infect your PC with malware . To show how dangerous surfing can become, Symantec recently released their list of the “Dirtiest Websites of Summer” – the top 100 infected sites on the Internet based on number of threats detected by their software as of August 2009. The list identifies websites that could compromise security with risks including phishing , malicious downloads, browser exploits, and links to unsafe external sites. Some interesting findings from the study: The average number of threats per site on the Dirtiest Websites list is roughly 18,000, compared to 23 threats per site for most sites 40 of the Top 100 Dirtiest Sites have more than 20,000 threats per site 48% of the Top 100 Dirtiest Web sites feature adult content 3/4 of the Top 100 Dirtiest Web sites have distributed malware for more than 6 months Viruses are the most common threat represented on the Dirtiest Websites list, followed by security risks and browser exploits You can read more about this research at Symantec’s website. If you suspect your PCs are at risk, or if you want to ensure your website doesn’t get hijacked by cybercriminals, contact us. We can help. Related articles: Symantec lists “Dirtiest Web Sites” Virus Security By Leveraging Community And Clouds Smartphone users need more security

Phishers Siphon Off Hundreds of Thousands of Dollars in Minutes

Another reason to keep your computer malware free: cyber-pirates raided several businesses as well as a school in recent attacks through the Automated Clearing House (ACH) Network. The losses, which ranged from $150,000 to more than $400,000, were accomplished by the crooks in mere minutes. Luckily for these companies, the banks managed to reverse some of the transfers. If they hadn’t, the losses would have amounted to $700,000 up to a whopping $1.2 million. The modus operandi of the hackers is simple. Making use of the ACH network, they send out “phishing” emails to account holders. When the recipient clicks on the link, malicious software – a Trojan horse or virus – automatically downloads itself to the recipient’s computer, allowing the hacker to infiltrate the system. Keylogging software (software that tracks keystrokes) is installed, which gives phishers access account numbers, names, and passwords. They then divert the company’s funds into their own accounts. ACH fraudsters can also use the same method to not only siphon off money into their own pockets, but also to establish “ghost employees”, which they insert into the payroll and qualify to receive regular paychecks. While banks are doing their best to strengthen the system, they can only do so much, and experts admit that the ACH network is a very old system compared to today’s standards. The volume of money that flows through the ACH is also so massive that it is difficult to keep track of specific amounts for specific accounts. Despite its shortcomings, the ACH system still remains widely used, and the best defence is to guard your system well. For our clients, we have firewalls and anti-malware software in place, but you should also make sure your bookkeepers and staff are briefed on how to avoid being the victim of fake phishing emails. If you have any questions or concerns please give us a call. For more details about this story, visit http://www.computerworld.com/s/article/9136334/Cyber_attackers_empty_business_accounts_in_minutes?taxonomyId=17&pageNumber=1.