Following the news of a four-month email phishing campaign that has been targeting PayPal and American Express Australia customers with legitimate looking emails, security experts share their top four insights on what this means for users and the companies involved.
Financial data security
“If a user gets infected then they may suffer direct economic loss because the malicious payload of these phishing-like schemes is to infect the user with financial Trojans and information stealers,” said Doctor Jon Oliver, Trend Micro Australia global threat researcher.
“These schemes also erode the confidence users have in the brands of the financial companies and social networking companies being targeted.”
According to Oliver, companies throughout Australia needed to train their users on things such as safe passwords, how to safely use emails containing links and put adequate security software/procedures in place.
IDC Australia senior market analyst ,Vern Hue, said that companies needed to be extra vigilant with security as the emails could prove to be an opportunity for cyber-criminals to deceive people into believing that emails and other communications came from a legitimate source.
“However, once they click on a link, users will then be transported into a link that is hosted by malicious actors for the purpose of either stealing information, installing malware or duping users to part with their money,” Hue said.
“We need to be cognisant of the fact that cyber-criminal are crafting very authentic looking email communications.”
He recommended that organisations put in place formal business communication policies and guidelines around acceptable use of social media and financial services.
“The onus is also on the organisation to better secure its perimeters by putting in place network and content management protection technology, such as the next generation intrusion prevention systems [IPS], which offer a better capability in detecting threats from social media.”
PayPal, American Express lessons
Credit card and financial institutions need to secure their weakest link--the human--according to Hue. Organisations should also begin to educate their users on the importance of being vigilant on the internet and educate them on the potential damages one could potentially face if they should fall victim to such attacks.
“Financial institution need to spearhead the move to inform their users on the need of proper patching and upgrades in order to keep them safe from these attacks and to also educate them that if ever in doubt, users should call and notify the financial institution to verify the origin and authenticity of the communication,” Hue said.
Oliver added that phishing emails reduce people’s confidence in the credit card companies’ brand, and pointed out that customers could question the legitimacy of emails sent from financial services companies.
Aside from potentially gaining access to credit card details, Oliver said the BlackHole exploit kit spam runs were infecting users with malware, leaving the users and companies open to ongoing damage until the systems were cleaned or re-imaged.
“The types of damage can include stolen usernames / passwords, fake anti-virus attacks or data theft,” he said.
Hue added that the most likely non-financial motivation for such an attack would come from hacktivists (groups that hack systems to make a statement).
“The information they obtain can either be used to make a case against corporation, or simply to harass them in the context of getting a political, environmental or ethical message over,” he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.