The recent announcement by the U.S. Attorney for the Western
District of Washington of indictments against three Ukrainian members of an
international hacking group acts as a reminder that phishing, and spear
phishing are current techniques being used by criminals to steal customer
information from business computer systems.
Victimized companies included restaurants in Everett and Lynnwood
and a casino in Tacoma. The hackers took the account information for more than
15 million customers from about 3,600 businesses in the restaurant, casino and
hospitality industries nationwide.
The hackers used a technique known as spear phishing to gain
entry to the business’s computer systems. After taking the credit card
information, they sold some of it on the dark web.
You probably have heard of phishing. That is when you
receive an email, usually posing as from a legitimate business or government
agency that invites or persuades you to click on a link or on an attached file
which can download malware or take you to a web site that collects your
personal information. Usually, scammers will send these emails in mass after acquiring
a large list of email addresses.
Spear phishing is a more sophisticated version of phishing. It
is used to target specific personnel in a business to convince them to click a
link or an attachment in an email. The link or attachment then downloads
malware that can collect information that the hacker is interested in from the
company’s computer system.
According to local federal officials, the indicted hacker
group targeted catering divisions of restaurants and hotels. In some cases,
they would call the business, to make sure it received the email and that it
was opened.
The hackers used “social engineering” to ensure success that
the target would open the email and therefore allow malware to be downloaded
onto their computer. With social engineering, the hacker or scammer ensures a
sense of authenticity through the way the email looks and by who it appears to
be from.
The federal officials emphasized that while everyone needs
to be on guard against phishing attempts that can it be difficult to detect the
real from the fake. In the case the casino in Tacoma, their computer security
system was able to limit any penetration by the hackers.
For consumers, this is one more reason to review your
accounts regularly and to report to your bankcard providers of any suspicious
transactions.
The Herald:
The Seattle Times:
KIRO TV:
United States Attorney’s Office, Western District of
Washington:
Symantec Corporation:
No comments:
Post a Comment