Category: Phishing

Customer passwords from Deutsche Telekom are for sale on the dark web

29. June 2016

Although the company stated this week that is has not been the victim of a cyber attack, account passwords from Deutsche Telekom, a German telecommunication company, are for sale on the dark web.

The respective stolen data was estimated to range from 64,000 records to 120,000 records.

Furthermore, the company hinted that the leaked data was obtained from another source, probably stolen via phishing. In its statement the company said that the sample of records were “real and current”.

The mentioned statement goes on by claiming that the company has 156 million global customers and that it has issued a warning due to the stolen data which suggests that all of its customers change their passwords.

Thomas Kremer, Telekom data privacy head, elaborates: “We want to use the event to promote a regular exchange of passwords”


Verizon publishes Data Breach Investigations Report 2016: Phishing attacks trend upwards

20. June 2016

Verizon, a company that provides communication and technology services, has recently published the 2016 Data Breach Investigations Report (DBIR). The report reveals the trends regarding the sources and reasons for incidents and data breaches. It also provides recommendations on how to prevent or minimize the risk to be victim of a data breach.

The study has been developed by using data from 100.000 occurred data breaches provided by different industries. The study showed that the most affected industries are such as accommodation, finance, retail or the public sector. According to the report, the most common cause for attacks is directly or indirectly financial. Additionally, when it comes to a data disclosure, the attacker is usually an external person, not directly from inside.

The report describes nine main types of vulnerabilities that involve a risk for companies and persons. Phishing attacks have increased considerable in the last year and constitute together with stolen credentials the main cause of data breaches. Phishing attacks aim at tricking the victim by sending an e-mail so that he/she clicks on a link that contains malware in order to obtain certain personal or confidential information.

The report remarks that 30% of the phishing messages were opened and even 12% of people tested clicked on the phishing attachment. Moreover, only 3% reported management about the phishing e-mail. Phishing messages mostly aim at stealing credentials such as ID and password authentication. 63% of the confirmed data breaches involved stolen passwords.

In order to minimize the risk of being victim of a phishing attack, the report gives the following recommendations:

  • Filter your e-mail and test its implementation
  • Rise employee awareness and offer means to report such events
  • Protect your network by segmenting it and implement strong authentication mechanisms between the user and the networks
  • Monitor external connections

McAffee also provides useful recommendations regarding the identification and prevention of phishing attacks and the use of effective passwords.