a major retail chain was targeted by cyber criminals in a well planned phishing attack that attempted to convince store staff to install rogue software on their computers.
Cybersecurity programme manager Chris Hails refuses to name the chain involved, but told NBR ONLINE, “We were pleased they reported the issue which gave us the opportunity to warn others.”
IT staff at the company found one branch had downloaded a file and infected computer systems after being called by an individual claiming to work for the well-known chain. The caller, who identified himself as a senior member of the company, directed employees to a fake website that was designed to look like the official tech support site.
Following instructions from the caller, staff at the store downloaded a malicious program that tried to take over computers. Fortunately, the company’s real IT staff noticed what was happening and managed to block further access to the fake website on all their systems before cleaning up and alerting all stores to the bogus caller. No data was accessed or lost.
“The effort that has gone into creating a convincing fake website and the use of a real executive’s name is what concerns us,” said Chris Hails, NetSafe’s cyber security programme manager.
“The website which delivered the malicious software was designed using the company’s branding, logo and corporate style and the criminals had gone to some effort to register a .co.nz URL which contained the chain’s name,” said Hails.
The FBI warned Americans back in July that spear phishing attacks targeting business executives and selected companies were on the rise but this is the first time that NetSafe has received this kind of report from a New Zealand company.
“This is well beyond common phishing tactics designed to harvest account login details – the cold caller posed as a genuine member of the company and tried to convince store staff that they should download the system update,” said Hails.
“This is targeted spear phishing and could have seriously impacted on the business if IT staff had not been quick to respond by blocking access to the fake site and warning all branches.”
The website was registered to a Nigerian address through an Indian company and based in Switzerland. There are concerned that the overseas criminals involved may try to use this set-up again to target another New Zealand business and is encouraging companies to warn their staff about these kinds of threats arriving via email and over the phone