In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 09

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

17 September 2007

Torrent of spam likely to hit 6.3 million TD Ameritrade hack victims Email address heist by cybercriminals leads to spear phishing attack

With international online broker firm, TD Ameritrade, last week admitting that hackers had gained access to its database of 6.3 million customer email addresses, Sophos is warning the firm's customers to be on red alert against targeted spam emails.

Sophos has already gained proof that hackers are trying to exploit these stolen addresses for commercial gain, with its worldwide network of spam traps blocking a phishing campaign, in which cybercriminals try to coax recipients to a spoof TD Ameritrade site in an attempt to capture user IDs and passwords.

One of several Ameritrade spear-phishing emails seen by Sophos.

TD Ameritrade, which was forced to disclose this data breach under US state law, has assured customers that their username IDs, personal identification numbers, passwords, date of birth details and Social Security Numbers were not accessed by the hackers, but it has apologised for the unwanted spam that the capture of these millions of email addresses is likely to generate. However, Sophos points out that the disclosure of email addresses alone can be used to exploit internet users out of their hard earned cash.

"Hackers are now in possession of 6.3 million email addresses for people that they know are interested in trading shares. This knowledge alone could spur the creation of highly targeted spam emails, such as 'pump and dump' campaigns which offer bogus share tips to artificially boost stock prices. We've already spotted spear-phishing campaigns where criminals send emails posing as TD Ameritrade in order to extract additional personal information," said Graham Cluley, senior technology consultant, Sophos. "TD Ameritrade customers the world over should be extra vigilant about responding to emails from the company and should immediately check to ensure that their accounts haven't been fiddled with. They should also change their passwords and run an anti-virus check to make sure their own computers haven't been compromised."

Experts note that a database of 6.3 million targeted email addresses is likely to be a valuable commodity in the computer underground, and details may be sold on between criminal groups for use in multiple ways.

"A current and authenticated email address is a prized possession in the criminal underworld; it's the first piece of the jigsaw needed to build up a user identity that a hacker can adopt in order to access online retail or bank accounts," continued Cluley. "While TD Ameritrade has gone to great lengths to reassure customers that this breach hasn't led to any ID theft, no one should underestimate just how wily hackers can be in order to extort confidential information from unsuspecting victims."

Another Ameritrade spear-phishing email seen by Sophos.

Sophos recommends that all companies learn from TD Ameritrade's misfortune and ensure they have proper defenses in place to reduce the risk of hackers breaking in and stealing data.

"Most companies these days understand the value of up-to-date anti-virus, firewalls and security patches - but it may be time for more firms to recognise the value of a Network Access Control solution which helps ensure that the corporate security policy is being adhered to by every PC connecting to the network," explained Cluley. "If you can't be sure that computers attached to your network aren't vulnerable then you could be at risk of customer data leakage, and heading for the same PR nightmare that TD Ameritrade is now facing."

• Read TD Ameritrade's statement on the security breach
• Read more about Network Access Control (NAC)
• Listen to a podcast about Network Access Control

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• TJ Maxx retail giant admits hackers stole 45 million credit card details
• Sign up for free notification of new viruses found in the wild