Expensive—and Preventable—Data Breach Hits Altice

March 11, 2020

10:00-11:00AM PST

Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.

Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.

Data Breaches through Phishing Emails

What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.

Suchdata breach attacks are exceedingly costly:

  • Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
  • It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
  • The company must cover the cost of credit monitoring services for everyone compromised.
  • As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.

And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.

Phishing Email Data Breaches Are Preventable

Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.

Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.

Also Protect What You Send

Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.

As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit.  The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

General Data Protection Regulations: 160,000 Data Breaches and Counting

January 30, 2020

10:00-11:00AM PST

Authorities report over 160,000 data-breach notifications have been filed since the European Union enacted the General Data Protection Regulation (GDPR) that started 25 May 2018. That averages out to 278 breach notifications a day.

 

U.S. companies are directly impacted by this regulation if their websites are accessible and targeted to EU visitors, meaning;there are options to change languages to a European language or you can adjust denomination to a European denomination. The lawallows for no exceptions; not for size of firm, type of data collected, or scope of activities. If your firm is found to be in violation of the law—even if you are just selling hand-knitted mittens or offering a free download of a white paper—EU authorities can fine you up to four percent of your global revenue. They may not be able to easily collect from small U.S. businesses, but enforcement will certainly cause headaches for any business operating internationally.

 

What Personal Data Must be Protected

  • Personal identification data including name, phone, address, email, ID numbers
  • Photographs
  • Social media posts
  • Racial, cultural, sexual, or ethnic data
  • Bank and other financial details
  • Medical, biometric and genetic data
  • Website data: location, IP address, cookie histories and RFID tags

 

Selected GDPR Requirements

We advise you to review the specifics of the GDPR with an attorney and your IT leaders. Some of the key requirements include:

  • Asking visitor for their consent to collect data
  • Getting explicit opt-in to data use in profiling, advertising, etc.
  • Providing an opt-out of future emails option
  • Offering a privacy notice about data collection, use, and protection
  • Mandatory reporting of breaches

 

Why It Matters to US Companies

U.S. companies need to comply with the GDPR, but that is not the only reason to focus on privacy protection issues now. Various states have begun enacting a patchwork of regulations that affect their residents, impacting any company that hiring or doing business in those states. Notable recent regulations include New York’s SHIELD Act for protecting employee information, California’s Consumer Privacy Act, and 201 CMR 17.00 Standards for the Protection of Personal Information in Massachusetts.

 

Cyber-security is costly to your reputation and your business. With increased regulation, you face more than the cost of the crime, but also the costs of litigation and fines. If you haven’t done a complete compliance audit yet, now is the time to get started.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How to Avoid Phishing Scams: Google and Facebook Were Victims

April 30, 2019

10:00-11:00AM PST

It appears that being duped by online phishing scams happens to the best of us.

 

Between 2013 - 2015, Google and Facebook were scammed for more than a combined $120 million by 50-year-old, Evaldas Rimasauskas of Lithuania. In March, Rimasauskas pled guilty to one count of wire fraud against the two industry giants, admitting to hatching a scheme (with the help of unnamed conspirators) to pose as Quanta Computer, a laptop manufacturer based out of Taiwan.

The Scam

 

Allegedly, Rimasauskas registered and incorporated a fake business in Latvia under the name Quanta Computer, a company that regularly conducts business with both Google and Facebook. Then, he developed an infrastructure through which phishing emails were sent to Quanta’s business partners at Google and Facebook, requesting that they send their payments for services rendered by Quanta to bank accounts in Latvia and Cypress that Rimasauskas operated.

These fraudulent emails that contained false invoices, contracts, and letters with forged signatures of actual Quanta executives, were convincing enough to fool the powers that be at Google and Facebook to the tune of $23 million and $98 million, respectively. Lost millions that can never be recovered.

It wasn’t until a couple of years after conducting the lucrative phishing scam that Rimasauskas was caught. He was arrested by local Lithuanian authorities in March of 2017, and extradited to the United States a month later. Rimasauskas’s trial is slated for this coming July, at which point he could face a prison sentence of up to 30 years.

The Outcome

 

Rimasauskas’s phishing scam serves as proof that if a 50-year-old man operating a phony business from his laptop halfway across the world can fleece two of the world’s most tech-savvy corporations out of more than a combined $120 million, it truly can happen to anyone.

As unusual as the circumstances in this case may seem, it’s far from being an isolated incident. Just last year, online retail mogul, Amazon was scammed out of millions of dollars by normal civilians on two separate occasions!  

Federal investigators claim that the criminal practice of defrauding businesses using phishing emails has become increasingly common in recent years. In 2017, the FBI reported that the defrauding of businesses by way of fraudulent emails had netted over $3 billion in losses since 2013.

How to Protect Your Business

 

Once upon a time, phishing attempts were easy to spot and could be identified with a mere glance. But the rapid rise of successful phishing schemes in recent years serves as evidence that online criminals are getting better at crafting fraudulent emails. Even the most sophisticated businesses are finding phishing schemes to be more difficult to identify.

Luckily, there are some telltale signs that an incoming email has been sent as part of a phishing scam.

Watch Out For Spelling and Grammar

 

With phishing attempts, the adage “if it looks like a dog and sounds like a dog, it probably is one” certainly rings true. Phishing scam emails are commonly flooded with spelling and grammatical errors.  

Tread carefully when receiving an email with unusually poor spelling. And if in doubt, contact the sender to confirm that they did in fact attempt to send you the email--especially when it’s an email asking you to do something with your bank account or execute some type of monetary transaction.

Apply the same logic when checking the sender’s address of an email that causes you to raise an eyebrow. Oftentimes, phishing scammers can replicate the domain name and even the logo of a major corporation. The good news is they can’t replicate the exact email address. Therefore, keep an eye out for email addresses that appear to be off by a few letters or numbers.

Watch Out For Emails With Urgent Messages

 

Another common trick utilized in phishing scam is to grab your attention by imbuing emails with a sense of urgency. The most common examples of this includes false claims that an account has been hacked, threats that incriminating material is obtained, or offers for a time-sensitive promotion.  

When receiving such an email, especially one that makes you feel like you, your bank account, or your reputation is somehow in danger, it’s a natural reaction to accept it as fact and click on any link the email instructs you to do so.  

Take a deep breath. Most emails featuring urgent messages should be examined closely. Make sure to read through email carefully before clicking any links and/or attachments.

Employ Email Security

 

The most effective way to avoid phishing scams is to utilize an email security service like Trustifi. Trustifi is a SaaS platform that works to encrypt, protect, and ensure the delivery of each email. Trustifi also authenticates incoming emails and alerts the user when an email is identified as suspicious and most likely fraudulent. Good email security services will monitor all incoming and outgoing mail, not only protecting your email communication, but also enhancing the effectiveness of your process as a whole.

 

The reality is—with scammers being able to hide behind their keyboards—everyone needs an email security service.

Sources:

1) “Man Pleads Guilty to Scamming Google and Facebook for over $120 Million” by MarkSerrels https://www.cnet.com/news/man-pleads-guilty-to-scamming-facebook-and-google-for-over-120-million/?ftag=COS-05-10-aaa0a&linkId=65222483&fbclid=IwAR0xJRS3lUPkVWCFL138ZKvSr_a4Hpiut9lBK3W2dFveLd4-pLcso6zX1eI

2) “How This Scammer Used Phishing Emails to Steal Over $100 Million from Google and Facebook” by Tom Huddleston Jr. https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html  

3) “How to Protect Your Business from Phishing Scams” by Sam Woodhamshttps://www.cpomagazine.com/cyber-security/how-to-protect-your-business-from-phishing-scams/

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization