This weeks Knowledge Update talks about Equifax claiming 700k UK customers affected by the data breach, over 100 local councils are exposing users by not implementing DMARC and a phishing campaign that spoofs Netflix emails and seeks to collect payment card details.
Equifax claims 700k UK customers
Credit agency, Equifax is under-fire once again with 700,000 UK customers’ personal data having been breached. Initially, it had claimed that around 400,000 UK customers were affected.
Protecting customer data is a legal duty. If your company deals with your customers’ personal identifiable information then your business needs to take steps to protect their data. Cyber Essentials provides a framework, backed by the UK government, for businesses to improve their information security. More information can be found here.
Over 100 English local councils are exposing users by failing to implement DMARC
New research has found that over 100 English local councils are exposing users to the risk of email scams by failing to implement the DMARC protocol when sending emails.
A Cybersecurity firm, OnDMARC, have appraised 152 local authorities in England and had only found that 16% of the local authorities had implemented DMARC, leaving 128 non-compliant. OnDMARC had also found out that that in the Middle East only 11% were compliant and 15% in London.
More information about DMARC can be found here.
Contact us at Membership@londondsc.co.uk if you want help with implementing DMARC.
Netflix phish presses play on corporate dangers
Uncovered by PhishMe, a new phishing campaign that could affect businesses and individuals alike. The phishing
campaign spoofs Netflix emails and seeks to collect payment card details. Consumer and corporate accounts have been targeted.
The attack starts by the victim receiving an email that is purporting to be from Netflix, asking to update their account. Once the victim enters their Netflix credentials on a fake website they are redirected to a different page to input their credit card credentials.
Analysis at PhishMe has found out that the email address that was associated with the campaign has been involved in using five different phishing toolkits since June which has targeted customers of Chase Bank, Comcast, Netflix, TD
Bank and Wells Fargo.
Staff should be made aware of the threats posed from phishing through training and awareness sessions. Policies
regarding acceptable use of computer equipment, handling data and payment processes should be implemented and
adhered to. Prevention advice for phishing can be found here.