The Green Sheet Online Edition
January 1, 2019 • 19:01:01
Breaching into the New Year
Data breaches were rampant in 2018. I've identified four as particularly notable. Back in 2011, phishing was a major, developing issue. Now it is a streamlined staple of criminals attacking our financial networks.
What is phishing?
Phishing is a cyber-attack that uses a fake or forged e-mail. The goal of this method is to capture sensitive information from consumers while leading them to believe the information is being requested by a real entity, not by an impostor. These requests will typically include credit card numbers, Card Verification Value numbers, billing ZIP codes, usernames and passwords, and bank account information.
Fraudsters have grown adept at mimicking trusted entities such as a consumer's credit card company, bank, or other business related to an individual's personal finance accounts. And criminals' methods are becoming more and more sophisticated.
Today a phishing campaign will typically try to trick victims into handing over sensitive information and/or downloading malware. Malware is becoming increasingly popular because emails containing this malicious code can get the victims to infect their own computers. Then fraudsters can hold them ransom by locking and controlling their devices unless a specific amount is paid to unlock them.
How to protect yourself
Here are steps to take to protect yourself from phishing:
- Do not post any sort of personal data especially on social networks. For example, do not post birth dates, addresses, vacation plans, phone numbers, etc.
- If you question an email's authenticity, call the company involved. Its staff can help you decipher if the email is a legitimate.
- Keep an eye out for URL redirects. This means when you click a link, make sure it is not quickly forwarding you to a different, non-secure location. SSL certificates can also verify identities.
- Look for misspellings in URLs. Typically, they are one character off, so at a quick glance they look correct.
Notable breaches in 2018
Here are details on four notable breaches reported in 2018:
Time frame: reported Sept. 28; occurred for an unspecified period prior to that date.
Description: This breach, which allowed hackers to access and potentially take over about 50 million user accounts, was one of the largest in 2018. Facebook discovered this issue on it own. The company's stock dipped after the breach was reported. Three software bugs were found during the company's investigation: the View As feature let people look at profiles they did not own; digital keys, which allow users to stay logged in without having to re-enter passwords, were also exposed; and fraudsters were able to gain control of other users' accounts from the View As feature. This breach made national news and is still being investigated. Data taken is still yet to be announced.
T-Mobile
Time frame: reported Aug. 28, 2018; occurred prior to Aug. 20; timeline still being investigated
Description: This intrusion affected around 2 million T-Mobile customers. Information compromised included usernames, billing ZIP codes, phone numbers, emails, and account numbers. This breach will cause major phishing issues in the future. Fake email with valid information will be sent to consumers to try and get them to verify more sensitive details without knowing they are not actually communicating with T-Mobile. T-Mobile has reached out to customers determined to have been affected.
www.abcactionnews.com/news/t-mobile-data-breach-2-million-customers-affected-in-data-breach
Panera Bread
Time frame: reported April 6, 2018; occurred from before August 2017 to April 2018
Description: Panera’s online ordering system was compromised causing a data leak. This breach included data such as name, email, birth date, ordering preferences, addresses, and last four digits of credit card numbers. This is a notable breach because the information leaked will cause phishing emails to be sent. Fraudsters will be able to include order history and fake payment verification with the last four digits of the credit card number. All customers affected by this breach have been notified to not click any suspicious links regarding their Panera accounts.
https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/
Saks Fifth Avenue/Lord and Taylor
Time frame: reported April 6, 2018; occurred from May 2017 to April 2018
Description: Five million credit and debit cards may be affected by this breach. After the intrusion was reported, customers were notified and received communication on what to do to protect themselves. This attack affected any customer who used a credit or debit card at any Saks Fifth Avenue or Lord and Taylor retail location in the United States between May 2017 and April 2018. It was carried out by a known criminal group called Joker's Stash. Joker's Stash sells sensitive data from breaches through underground networks. The ring released data for an initial 125,000 payment cards on the black market to prove its success in this data theft.
www.saksfifthavenue.com/include/aem/aem_static.jsp?page=security-information-notice&site_refer=EML 
Nicholas Cucci is the co-founder and chief operating officer of Fluid Pay LLC and former director of marketing for NMI. Cucci is also a graduate of Benedictine University and a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners. Fluid Pay is a true cloud-based Level 1 PCI payment gateway processing transactions worldwide. Contact him at nick@fluidpay.com or 630-526-8670.
Whether you want to upgrade your POS offerings, find a payment gateway partner, bone up on fintech regs or PCI requirements, find an upcoming trade show, read about faster payments, or discover the latest innovations in merchant acquiring, The Green Sheet is the resource for you. Since 1983, we've helped empower and connect payments professionals, starting with the merchant level salespeople who bring tailored payment acceptance and digital commerce tools, along with a host of other business services to merchants across the globe. The Green Sheet Inc. is also a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals.
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
