With international online broker firm, TD Ameritrade, last week
admitting that hackers had gained access to its database of 6.3
million customer email addresses, Sophos is warning the firm's
customers to be on red alert against targeted spam emails.
Sophos has already gained proof that hackers are trying to
exploit these stolen addresses for commercial gain, with its
worldwide network of spam traps blocking a phishing campaign, in
which cybercriminals try to coax recipients to a spoof TD
Ameritrade site in an attempt to capture user IDs and
passwords.
One of several Ameritrade spear-phishing emails
seen by Sophos.
TD Ameritrade, which was forced to disclose this data breach
under US state law, has assured customers that their username IDs,
personal identification numbers, passwords, date of birth details
and Social Security Numbers were not accessed by the hackers, but
it has apologised for the unwanted spam that the capture of these
millions of email addresses is likely to generate. However, Sophos
points out that the disclosure of email addresses alone can be used
to exploit internet users out of their hard earned cash.
"Hackers are now in possession of 6.3 million email addresses
for people that they know are interested in trading shares. This
knowledge alone could spur the creation of highly targeted spam
emails, such as 'pump and dump' campaigns which offer bogus share
tips to artificially boost stock prices. We've already spotted
spear-phishing campaigns where criminals send emails posing as TD
Ameritrade in order to extract additional personal information,"
said Graham
Cluley, senior technology consultant, Sophos. "TD Ameritrade
customers the world over should be extra vigilant about responding
to emails from the company and should immediately check to ensure
that their accounts haven't been fiddled with. They should also
change their passwords and run an anti-virus check to make sure
their own computers haven't been compromised."
Experts note that a database of 6.3 million targeted email
addresses is likely to be a valuable commodity in the computer
underground, and details may be sold on between criminal groups for
use in multiple ways.
"A current and authenticated email address is a prized
possession in the criminal underworld; it's the first piece of the
jigsaw needed to build up a user identity that a hacker can adopt
in order to access online retail or bank accounts," continued
Cluley. "While TD Ameritrade has gone to great lengths to reassure
customers that this breach hasn't led to any ID theft, no one
should underestimate just how wily hackers can be in order to
extort confidential information from unsuspecting victims."
Another Ameritrade spear-phishing email seen by
Sophos.
Sophos recommends that all companies learn from TD Ameritrade's
misfortune and ensure they have proper defenses in place to reduce
the risk of hackers breaking in and stealing data.
"Most companies these days understand the value of up-to-date
anti-virus, firewalls and security patches - but it may be time for
more firms to recognise the value of a Network Access Control
solution which helps ensure that the corporate security policy is
being adhered to by every PC connecting to the network," explained
Cluley. "If you can't be sure that computers attached to your
network aren't vulnerable then you could be at risk of customer
data leakage, and heading for the same PR nightmare that TD
Ameritrade is now facing."
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.