Tag:phishing

1
New World tech fall victim to Old World tricks
2
easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack
3
A phishing pandemic (and offensive): Part III
4
A phishing pandemic – Part II
5
A phishing pandemic – Part I
6
You’ve got mail…and lots of it according to the latest OAIC report!
7
The battle against phishing
8
Cost of cybercrime hits a new high according to the ACCC’s Scamwatch Report
9
Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

New World tech fall victim to Old World tricks

By Cameron Abbott, Rob Pulham and Dadar Ahmadi-Pirshahid

OpenSea have reported a breach whereby email addresses registered with the site have been shared with an unauthorised third party.

For landlubbers, OpenSea is the world’s largest marketplace for non-fungible tokens (NFTs).

The Head of Security at OpenSea identified an employee of OpenSea’s third party email delivery vendor as the source of the breach. The employee reportedly misused their access privileges to download and share the list of the site’s registered email addresses with an external party.

People who have shared an email address with OpenSea, such as subscribers to the site’s newsletter, are warned to remain vigilant about attempts by malicious parties to impersonate communications from OpenSea.

OpenSea has dealt with several security incidents this year. Only a month ago, a former OpenSea product manager was arrested and is reportedly the first person to have been charged in connection with a digital asset insider trading scheme. The product manager’s responsibilities included deciding which NFTs would be featured on the site’s homepage, which he allegedly used for his own financial gain. When OpenSea had discovered his conduct in September 2021, OpenSea requested and accepted the product manager’s resignation. Immediately afterwards, OpenSea commissioned a third party review of the incident and implemented the review’s recommendations to strengthen their existing policies.

In May this year, OpenSea’s Discord server was hacked. Just a few months earlier, 254 NFTs valued at around $1.7million USD were stolen through what appear to have been phishing attacks. OpenSea has reportedly reimbursed the victims.

These incidences highlight the status of NFT marketplaces as high value targets for malicious actors and reveals that many of the security vulnerabilities faced in the ‘old’ world of cyber technology remain a threat in the new world of blockchain and NFTs.

Once again, these incidents serve as a reminder for organisations to develop effective cyber security risk management, which requires an approach that encompasses all security vulnerabilities and that includes mechanisms governing employee access and use of sensitive information.

easyJet hack: Nine million customer records stolen in “highly sophisticated” cyberattack

By Cameron Abbott, Warwick Andersen, Rob Pulham, Michelle Aggromito and Rebecca Gill

It has been reported that hackers have accessed and stolen details of about 9 million customers of British airline easyJet. Approximately 2,208 easyJet customers have also had their credit card details accessed and stolen.

easyJet reported that it became aware of this “highly sophisticated” cyberattack in late January this year. After an investigation, the airline recently disclosed that the details accessed and stolen by the hackers included email addresses, travel information, and credit card data including CVV numbers.

Read More

A phishing pandemic (and offensive): Part III

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

As noted in part I of this blog, various reports have highlighted the significant increase in phishing scams in light of the global COVID-19 pandemic. In particular, there has been an increase in coronavirus-related emails and SMS messages that are embedded with malicious links or documents, created for the purposes of stealing personal information (among other things), usually for financial gain. In order to stop the spread (pardon the pun) of such virus-inspired phishing scams, the Australian Signals Directorate (ASD) has confirmed that it has launched an offensive against malicious attackers located offshore.

Read More

A phishing pandemic – Part II

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

In part 1 of this blog, we highlighted the increase in phishing scams in light of the global COVID-19 pandemic. In this part 2, we discuss some practical tips that organisations can implement to mitigate the heightened risks of falling prey to such scams.

So, where to begin? You may have seen a recently published alert on the K&L Gates Hub: Responding to COVID-19 series, which provides high level ideas and tips for organisations when implementing remote working procedures for their employees. In particular, organisations should consider implementing:

Read More

A phishing pandemic – Part I

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Read More

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

The battle against phishing

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.

To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.

Read More

Cost of cybercrime hits a new high according to the ACCC’s Scamwatch Report

By Cameron Abbott and Giles Whittaker

Australians are suffering more than ever to various cyber scams, with the ACCC’s ninth annual Targeting Scams Report confirming the ACCC received more than 200,000 scam reports costing a total of roughly $340 million during 2017, a $40 million increase from 2016. Whilst this increase is attributed to a variety of different cyber scams, including investment scams which totalled $64 million, an increase of more than 8%, the second largest contributor to the $340 million total losses was from dating and romance scams which amounted to $42 million. The search for love clearly has its costs. With the average loss suffered per victim totalling $6500, these losses are not inconsequential and continue to push cybersecurity into the forefront of both individuals and businesses daily activities.

Read More

Cybersecurity vulnerability revealed after NSW Government agency’s 49-day hack

By Cameron Abbott and Harry Crawford

The NSW Government’s vulnerability to hacking has been exposed in a report by state’s auditor-general, in which it was revealed that one government agency took 49 days to shut down a hack.

This hack started with an email account of the unnamed agency being compromised and used to send out “phishing” emails to get the credentials of finance staff members. By day 20, 300 staff had clicked on the bogus link in the phishing email. 200 email accounts ended up being under the control of the hackers.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.