A Thing
The Green SheetGreen Sheet

The Green Sheet Online Edition

January 14, 2019 • Issue 19:01:01

Breaching into the New Year

By Nicholas Cucci
Fluid Pay LLC

Data breaches were rampant in 2018. I've identified four as particularly notable. Back in 2011, phishing was a major, developing issue. Now it is a streamlined staple of criminals attacking our financial networks.

What is phishing?

Phishing is a cyber-attack that uses a fake or forged e-mail. The goal of this method is to capture sensitive information from consumers while leading them to believe the information is being requested by a real entity, not by an impostor. These requests will typically include credit card numbers, Card Verification Value numbers, billing ZIP codes, usernames and passwords, and bank account information.

Fraudsters have grown adept at mimicking trusted entities such as a consumer's credit card company, bank, or other business related to an individual's personal finance accounts. And criminals' methods are becoming more and more sophisticated.

Today a phishing campaign will typically try to trick victims into handing over sensitive information and/or downloading malware. Malware is becoming increasingly popular because emails containing this malicious code can get the victims to infect their own computers. Then fraudsters can hold them ransom by locking and controlling their devices unless a specific amount is paid to unlock them.

How to protect yourself

Here are steps to take to protect yourself from phishing:

  • Do not post any sort of personal data especially on social networks. For example, do not post birth dates, addresses, vacation plans, phone numbers, etc.
  • If you question an email's authenticity, call the company involved. Its staff can help you decipher if the email is a legitimate.
  • Keep an eye out for URL redirects. This means when you click a link, make sure it is not quickly forwarding you to a different, non-secure location. SSL certificates can also verify identities.
  • Look for misspellings in URLs. Typically, they are one character off, so at a quick glance they look correct.

Notable breaches in 2018

Here are details on four notable breaches reported in 2018:

Facebook

Time frame: reported Sept. 28; occurred for an unspecified period prior to that date.

Description: This breach, which allowed hackers to access and potentially take over about 50 million user accounts, was one of the largest in 2018. Facebook discovered this issue on it own. The company's stock dipped after the breach was reported. Three software bugs were found during the company's investigation: the View As feature let people look at profiles they did not own; digital keys, which allow users to stay logged in without having to re-enter passwords, were also exposed; and fraudsters were able to gain control of other users' accounts from the View As feature. This breach made national news and is still being investigated. Data taken is still yet to be announced.

www.cnbc.com/2018/09/28/facebook-says-it-has-discovered-security-issue-affecting-nearly-50-million-accounts-investigation-in-early-stages.html

T-Mobile

Time frame: reported Aug. 28, 2018; occurred prior to Aug. 20; timeline still being investigated

Description: This intrusion affected around 2 million T-Mobile customers. Information compromised included usernames, billing ZIP codes, phone numbers, emails, and account numbers. This breach will cause major phishing issues in the future. Fake email with valid information will be sent to consumers to try and get them to verify more sensitive details without knowing they are not actually communicating with T-Mobile. T-Mobile has reached out to customers determined to have been affected.

www.abcactionnews.com/news/t-mobile-data-breach-2-million-customers-affected-in-data-breach

Panera Bread

Time frame: reported April 6, 2018; occurred from before August 2017 to April 2018

Description: Panera’s online ordering system was compromised causing a data leak. This breach included data such as name, email, birth date, ordering preferences, addresses, and last four digits of credit card numbers. This is a notable breach because the information leaked will cause phishing emails to be sent. Fraudsters will be able to include order history and fake payment verification with the last four digits of the credit card number. All customers affected by this breach have been notified to not click any suspicious links regarding their Panera accounts.

https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/

Saks Fifth Avenue/Lord and Taylor

Time frame: reported April 6, 2018; occurred from May 2017 to April 2018

Description: Five million credit and debit cards may be affected by this breach. After the intrusion was reported, customers were notified and received communication on what to do to protect themselves. This attack affected any customer who used a credit or debit card at any Saks Fifth Avenue or Lord and Taylor retail location in the United States between May 2017 and April 2018. It was carried out by a known criminal group called Joker's Stash. Joker's Stash sells sensitive data from breaches through underground networks. The ring released data for an initial 125,000 payment cards on the black market to prove its success in this data theft.

www.saksfifthavenue.com/include/aem/aem_static.jsp?page=security-information-notice&site_refer=EML end of article

Nicholas Cucci is the co-founder and chief operating officer of Fluid Pay LLC and former director of marketing for NMI. Cucci is also a graduate of Benedictine University and a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. Fluid Pay is a true cloud-based Level 1 PCI payment gateway processing transactions worldwide. Contact him at nick@fluidpay.com or 630-526-8670.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
Facebook
Twitter
LinkedIn

Current Issue

View Archives
View Flipbook

Table of Contents

Views
Education
Company Profile
New Products
A Thing