Tag: phishing hacks

A phishing pandemic – Part I
You’ve got mail…and lots of it according to the latest OAIC report!
Hacked accounts anyone?

A phishing pandemic – Part I

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Read More

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Hacked accounts anyone?

By Cameron Abbott and Giles Whittaker

Have you been hacked? If you are the user of a Google, Yahoo or Microsoft e-mail account then it is a possibility. Alex Holden, the founder and Chief Information Officer of Hold Security who discovered the hack has identified 272.3 million account credentials have been stolen. The majority of these accounts are users of Mail.ru which is Russia’s most popular e-mail service.

57 million Mail.ru account credentials had been hacked and Mail.ru “are now checking any combinations of usernames/passwords match users’ e-mails and are still active”, from initial checks there were no live combinations.

Google and Yahoo are yet to provide any response.

This recent hack, which was performed by a young Russian hacker who is more determined to become famous than rich from his recent efforts after only asking for 50 roubles (less than $1) for the entire dataset, is one of the biggest collection of stolen credentials since the attacks on major US banks and retailers two years ago. The information which was stolen, as suggest by Holden in an interview with Reuters is “potent [and] it is floating around in the underground…which can be abused multiple times.”

Some of the stolen credentials include those for employees of large US banking, manufacturing and retail companies. When considering that 22 percent of big data breaches come from stolen online credentials (according to a recent survey of 325 computer professional) and hacks of this nature typically allow for further break-ins or phishing attacks by accessing the contacts of each hacked account, the domino effect of a hack such as this is substantial. Furthermore, individuals that like to re-use their preferred passwords across multiple accounts have exposed themselves to additional hacks.

So what is the take away message? According to Will Harwood, founder and Chief Technology Officer of Silicon SAFE, the solution as he told Infosecurity is to put the “password data in a dedicated hardware supported database that only allows data to be stored and compared, never revealed.”

For more of Will Harwood’s security suggestions and the Infosecurity article click here.

To read more about Alex Holden’s discovery of the Russian hacker click here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.