https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Best Practices


Security Central: A Banner Week for Hackers, Fraudsters – May 6th, 2016

  • Written by Chris
  • May 6, 2016

In this week's Security Central, The VAR Guy explores a stash of stolen email accounts on the Russian Dark Web, a hacking at Pomeroy Investment Corp. and stolen W-2s.

Information security consulting firm Hold Security has uncovered 272.3 million stolen email accounts on the Russian dark web. The stash, which included hundreds of millions of Mail.ru, Google, Yahoo and Microsoft usernames and passwords, is one of the largest stores of stolen credentials uncovered in the last two years, according to a Reuters exclusive.

Hold's researchers located a young hacker who was angling to trade his collection of stolen accounts. Oddly enough, the individual priced his prized collection at 50 rubles (less than US$1), but settled for payment in the form of favorable endorsements on a hacker forum.

While the discovery has been made and email providers alerted, the trouble might only just have started, according to Hold founder and CIO Alex Holden. Large-scale breaches of this kind can be used to design further attacks on the contacts tied to the compromised accounts, a common tactic among those eyeing financial theft as an end game.

Just this week, the Detroit News reported a business email compromise (BEC) hack resulted in a $495,000 loss for Michigan-based Pomeroy Investment Corp. After commandeering an employee's email account, a hacker emailed a co-worker with a request for the funds to be transferred. According to the Detroit police, email communications for transactions have been a standard practice for this company, so the request was granted. Whoops.

Alas, the Pomeroy incident isn’t the most unsettling fraud case this week. That distinction goes to payroll leader ADP, which is facing severe scrutiny after identity thieves stole employee W-2s from more than a dozen of the company's enterprise customers, including U.S. Bank. KrebsOnSecurity reported this week that thieves were able to register employee accounts through an external W-2 portal maintained by ADP. ADP assigns each of its client companies a unique link and company code, which some of its customers published online. Once hackers obtained this information, it was just a matter of gathering employees' basic personal data to allow them to enter the portal.

Exposure of W2 information is said to be limited to individuals who have previously been the victim of a prior breach separate from this week's ADP incident. However, both the ADP and Pomeroy incidents raise concerns about the persisting challenge of human error in data security. Incidents of the Pomeroy variety should prompt organizations to reassess the way in which they coach employees (if they coach them at all) on verification of these kinds of requests – even if the transaction requests come from a "trusted" source.

Unfortunately, today's threat landscape is plagued by a disastrous combination of savvy fraudsters and victim mistakes. As a result, online fraud is at an all time high and growing. A study released this week by Juniper Research puts worldwide online transaction fraud at $25 billion by 2020 (double the jackpot of transaction fraud in 2015). But can we really curb that prediction by doubling down on educating users in data security best practices? I'd say it's worth a shot.

 

5/6/16: The story has been edited to more accurately reflect the ADP breach. The sensitive customer information was published online by ADP clients, not ADP.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Best Practices

Related


  • Football playbook
    New Commvault EMEA Channel Exec Outlines Plans for Channel
    Former Veritas exec Jamie Farrelly reveals his plans for the channel across all routes-to-market (RTMs).
  • The words Helpful Tips inside a box next to a cartoon megaphone.
    From Salesperson to Trusted Adviser: 3 Tips for Mastering Consultative IT Sales
    Adapt sales techniques to thrive in today's changed landscape.
  • Growth depiction
    UK Channel Expects Big Growth in 2021, Cybersecurity a Big Driver
    Many partners view COVID-19 delays as one of the least important challenges they face.
  • Assessment
    CompTIA Rolls Out New Tech Vendor Assessment Tool
    Vendors may be overestimating their own channel readiness.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Channel Survey: Sales and Marketing, Analytics Are Significant Challenges
  • How SolarWinds' Massive Hack Upended Cybersecurity
  • New Year Means Time to Make Room for New IT Training
  • Looking Ahead: How to Pave the Road to Business Recovery

Galleries

View all

From The Second City: How to Use Improv as a Business Tool

March 3, 2021

Industry Perspectives

View all

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Backup Vulnerability: 4 Targets Hackers Might Utilize to Infiltrate Your Backup Solution

March 2, 2021

The “Roaring 20s” Are Coming

February 25, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

Kelly Leonard of @SecondCity talks to us about how improv can be used as a business tool to improve the company cul… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

Another amazing day at #CPVirtual. Here's what you missed and what's on tap for Day 3. @Channel_Expo… twitter.com/i/web/status/1…

March 4, 2021
ChannelFutures

Learn how @VMWare can help you build and deliver a #multicloud strategy. #hybridcloud #cloud #AWS… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

Learn about the merging of our media websites; plus, a new #MSP Summit this fall. @Channel_Expo… twitter.com/i/web/status/1…

March 3, 2021
ChannelFutures

.@KnowBe4 acquires @MediaPROInc to beef up #cybersecurity training. dlvr.it/RtvdpB https://t.co/FzseCn4K6A

March 3, 2021
ChannelFutures

#COVID19 is ramping up #socialengineering – time for MSSPs to step in. @Electric_AI dlvr.it/RtvRQc https://t.co/ebTJNJcOxz

March 3, 2021
ChannelFutures

.@pluribusnet launches expanded, simplified partner program. #SDN dlvr.it/RtvGtQ https://t.co/bRDqYLEhXJ

March 3, 2021
ChannelFutures

#SupplyChain agility is changing global distribution patterns and #ictservices, says @NeecoICT.… twitter.com/i/web/status/1…

March 3, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X