Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Spear Phishing Leaves a Bloody Wound

Once criminal hackers get a person’s username and email address, they can begin to launch a targeted spear phish scam. Scammers copy the design of each breached entities outgoing email campaign and blast the breached list with “account update” or other ruses.

Gaming site Sega Pass was hacked. On the Sega Pass website it states, “we had identified that unauthorized entry was gained to our Sega Pass database.” Numerous outlets report hackers stole Sega Pass members’ email addresses, dates of birth, and encrypted passwords.

The recent Epsilon data breach resulted in a similar loss of data. Epsilon is a marketing company that sends over 40 billion emails a year, and keeps millions of consumer email addresses on file. When hackers breached Epsilon’s database, the email subscriber lists for over 100 major companies were compromised.

Consumers received breach notifications from financial institutions including Citigroup, Capital One, and JPMorgan Chase, and from hotels such as the Marriot and the Hilton.

All of these organizations customers are eternally susceptible to spear phish scams.

The Wall Street Journal reports that GlaxoSmithKline sent email notifications to consumers who had registered with any of GlaxoSmithKline’s websites for prescription or nonprescription drugs and products, warning that consumers’ names and email addresses had been hacked, and that the stolen data may have included the specific product websites where consumers registered.

GlaxoSmithKline provides medications that help victims of HIV and mental health disorders. The possibility of the stolen data being used to target the ill with spear phishing attacks is a major concern.

These kinds of breaches will have long-lasting effects on the public.

Never disclose personal information or login credentials in response to an unsolicited email. Never click links in an unsolicited email. Instead, use your bookmarks menu or type the address into your browser’s address bar. If your email address has been compromised, consider switching to a new address. Create new, unique passwords, without repeating the same password for multiple accounts.

With more than 11 million victims just last year identity theft is a serious concern. Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Educate and protect yourself


4157

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Robert Siciliano

Robert Siciliano

Security Analyst

Safr.me

Member since

04 Feb 2009

Location

Boston

Blog posts

839

Comments

62

More from Robert

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more