Amidst News of Massive Data Breach, Suit Says Condé Nast Sent $8M in Response to Scam Email
Amidst news today that a widespread spear-phishing campaign could follow a giant security breach that exposed millions of individual e-mail addresses comes word that it isn’t just unsophisticated small fry who can be tricked by such schemes.
Relying on a seemingly legitimate e-mail saying that payment should be sent to a different address than usual, magazine publisher Condé Nast blithely paid $8 million to an e-mail scammer that it thought was its regular printer, writes William P. Barrett on the Informer page of Forbes.
Fortunately, explains a lawsuit filed on behalf of Condé Nast by the U.S. Attorney’s office in Manhattan last week, the publisher was alerted in time by its actual printer, wanting to know why it hadn’t been paid. At that point, the money was still in the recipient’s account and authorities froze the funds, which the lawsuit seeks to recover.
Those involved in the suit on both sides declined to comment, the blog says.
As news stories in the Christian Science Monitor, the New York Times (reg. req.) and PC World explain, a security breach disclosed Friday at the Epsilon marketing firm apparently made names and e-mail addresses of actual customers of 2,500 client companies including Best Buy, Capital One, JPMorgan Chase, Citibank, Target and Walgreens available to hackers.
That increases the likelihood that individuals could be tricked into providing confidential information, such as passwords and account numbers, in response to e-mail that seemingly comes from a company with which they already do business.
“Any time you have an organization that loses the contact information of customers for some of the biggest banks in the world, that’s a big deal,” security expert Brian Krebs tells the Times. “You’ve just given the bad guys a road map between the banks and their customers.”
The data breach reportedly could be the largest ever.