Business Contact Information Stolen and Sold on Underground Forum
Specialists from Webroot the security company reveal that authorities have found cyber thieves earning money from sale of business contact information that were stolen from executives employed at high profile Forbes 100 organizations through one fresh underground forum causing anxiety that crooks could utilize the credentials for carrying out convincing phishing assaults.
According to the security company, the malevolent scam was found having Microsoft Access documents carrying executives' contact details from several major enterprises.
Webroot opines, those in possession of the data may well design sophisticated phishing campaigns. Such campaigns involve texts/e-mails called phishing messages, which are crafted for luring recipients into taking down a contaminated attachment else following embedded web-links which divert onto malware-serving sites.
Cyber-Crime Researcher as well as Security Blogger Dancho Danchev at Webroot wrote that his organization spotted one ad on an illegal online market that primarily presented one Microsoft Access document containing a databank of executive information in prominent firms acquired chiefly via business cards. V3.co.uk published this dated April 5, 2013.
Danchev added that the data repository contained 508 contacts belonging to offshore firms situated within Russia as well as 380 contacts of more firms namely Pernod Ricard Rouss, Mercedez-Benz Russia, Baltika, LVMH, GM, Gazprom Export, and Credit Suisse. Blog.webroot.com published this dated April 5, 2013.
Danchev also stated that according to Webroot's prediction, with market segmentation seen daily now, the next occurrence would be localization that would affect globally. That was because native speakers would have written the actual fake or malevolent messages.
Indeed, the scammers think they can dupe less-savvy PC-users and convince them of their messages.
But the security company cautions that any legitimate business for e.g., Mercedez-Benz Russia, Coca-Cola or other prominent firms stated above won't, in all probability, request for passwords else similar confidential things through an e-mail little protected. Hence, people shouldn't answer unsolicited e-mails requesting for providing their login details. They mustn't click web-links or view attachments asserting for recipients to supply account details. Besides, it's important that every online account be logged in via typing the URL inside the address bar of the browser, alone, the company adds.
Related article: Businesses Asked To Shoulder Security Of Online Transactions
» SPAMfighter News - 12-04-2013