14 Feb Security Breach – 14 Feb 2020
Phishing Scam Invokes Executive to Trick Employees
An employee of an aged care facility in Australia fell for a complicated phishing scam that compromised patients’ protected health information. The fraudulent message was sent from a company executive, a scenario that inherently gained the employee’s trust to provide authority for sharing data via email.
The episode is indicative of how phishing scams have evolved to become more personal and difficult to detect. With data breaches only becoming more expensive and consequential, every business should review and update its security awareness training to ensure that it accounts for the latest threats and trends.
In other words, identifying unsophisticated spear phishing emails with a spam filter won’t be enough to combat today’s phishing scam trends.
Australia – Yarra Tram – Melbourne-based tram network
Exploit: Accidental data exposure
Risk to Small Business: Moderate: A Yarra Tram officer email to 91 commuters rejected their compensation requests, but the employee failed to conceal the email addresses, exposing them to the other recipients. Embarrassingly, in a follow-up email that attempted to recall the initial message, the sender once again failed to conceal recipient names. Victims took to social media, complaining about the error. Despite being entirely avoidable, this unforced error will result in a reputational black eye for the company, which will have to work with its customer base to restore trust after this incident.
Risk to Exploited Individuals: Moderate: Recipients’ email addresses were exposed in the message. While this information doesn’t pose a significant threat to data security, it could be used to send phishing emails, and users should carefully evaluate any unusual incoming messages.
Customers Impacted: 91
Australia – Metrix Consulting – Strategic insight consultancy
Exploit: Phishing scam
Risk to Small Business: Severe: A Metrix Consulting employee fell for a phishing scam that compromised the personal data for visitors of the Perth Mint. The data was provided by visitors who completed a survey that was stored on Metrix Consulting’s servers. This is the second data breach at Perth Mint in the past two years, and it could have significant implications for Matrix Consulting, as they may have a difficult time maintaining contracts if they can’t protect their customers’ data.
Risk to Exploited Individuals: Severe: The personal data included visitors’ names, email addresses, home addresses, and telephone numbers. This information can be used in everything from identity fraud to spear phishing campaigns, so those impacted by the breach should carefully monitor their online accounts for suspicious activity. In addition, The Perth Mint is providing identity monitoring services to all victims and enrolling in this program can help provide long-term identity protection.
Customers Impacted: 1,480
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: