With international online broker firm, TD Ameritrade, last week admitting that hackers had gained access to its database of 6.3 million customer email addresses, Sophos is warning the firm's customers to be on red alert against targeted spam emails.
Sophos has already gained proof that hackers are trying to exploit these stolen addresses for commercial gain, with its worldwide network of spam traps blocking a phishing campaign, in which cybercriminals try to coax recipients to a spoof TD Ameritrade site in an attempt to capture user IDs and passwords.
One of several Ameritrade spear-phishing emails seen by Sophos.
TD Ameritrade, which was forced to disclose this data breach under US state law, has assured customers that their username IDs, personal identification numbers, passwords, date of birth details and Social Security Numbers were not accessed by the hackers, but it has apologised for the unwanted spam that the capture of these millions of email addresses is likely to generate. However, Sophos points out that the disclosure of email addresses alone can be used to exploit internet users out of their hard earned cash.
"Hackers are now in possession of 6.3 million email addresses for people that they know are interested in trading shares. This knowledge alone could spur the creation of highly targeted spam emails, such as 'pump and dump' campaigns which offer bogus share tips to artificially boost stock prices. We've already spotted spear-phishing campaigns where criminals send emails posing as TD Ameritrade in order to extract additional personal information," said Graham Cluley, senior technology consultant, Sophos. "TD Ameritrade customers the world over should be extra vigilant about responding to emails from the company and should immediately check to ensure that their accounts haven't been fiddled with. They should also change their passwords and run an anti-virus check to make sure their own computers haven't been compromised."
Experts note that a database of 6.3 million targeted email addresses is likely to be a valuable commodity in the computer underground, and details may be sold on between criminal groups for use in multiple ways.
"A current and authenticated email address is a prized possession in the criminal underworld; it's the first piece of the jigsaw needed to build up a user identity that a hacker can adopt in order to access online retail or bank accounts," continued Cluley. "While TD Ameritrade has gone to great lengths to reassure customers that this breach hasn't led to any ID theft, no one should underestimate just how wily hackers can be in order to extort confidential information from unsuspecting victims."
Another Ameritrade spear-phishing email seen by Sophos.
Sophos recommends that all companies learn from TD Ameritrade's misfortune and ensure they have proper defenses in place to reduce the risk of hackers breaking in and stealing data.
"Most companies these days understand the value of up-to-date anti-virus, firewalls and security patches - but it may be time for more firms to recognise the value of a Network Access Control solution which helps ensure that the corporate security policy is being adhered to by every PC connecting to the network," explained Cluley. "If you can't be sure that computers attached to your network aren't vulnerable then you could be at risk of customer data leakage, and heading for the same PR nightmare that TD Ameritrade is now facing."
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.