Whenever there is a major event that attracts a lot of media attention cybercriminals will be poised to take advantage, so it is no surprise that warnings are being issued about Travelex phishing scams.
The Travelex ransomware attack that struck on New Year’s Eve involved a ransomware variant called Sodinokibi. The gang responsible is one of the most prolific threat groups using ransomware. The group’s attacks are highly targeted and seek to encrypt entire networks and the ransom demands reflect the scale of encryption. Travelex was initially issued with a demand for a payment of $3 million. That soon doubled to $6 million when payment was not made within the allocated timescale.
The fallout from the attack has been immense, which is unsurprising given that Travelex is the largest provider of currency exchange services worldwide. Many banks and retailers rely on Travelex to provide for their currency exchange services. Without access to those online services, currency exchange services came to a grinding halt. It has taken two weeks for Travelex to start bringing some of its services back online, but its website remains down and the disruption continues.
The attackers claimed to have stolen large quantities of customer data from Travelex. The attackers threatened to publish or sell the data if the ransom was not paid. This tactic is becoming increasingly common with ransomware gangs. In this case, the sodinokibi gang claimed to have gained access to Travelex systems 6 months previously and said they had stolen customer data including names, payment card information, and Social Security numbers and National Insurance numbers. The gang had also recently attacked the American IT company Artech Systems and had posted 337MB of data stolen in that attack, demonstrating to others that it was not an empty threat. Travelex maintained that no customer data had been stolen, but that has yet to be confirmed.
Warning Issued About Travelex Phishing Scams
Travelex customers should naturally err on the side of caution and monitor their accounts for signs of fraudulent use of their information but there are other risks from an attack such as this.
Travelex has issued a warning to its customers recommending they should be alert to the threat of phishing attacks via email and over the phone. Opportunistic scammers often take advantage of major events such as this and Travelex phishing scams are to be expected, as was the case following the TalkTalk data breach. These phishing scams are likely to be most effective on Travelex customers who have lost money as a result of the attack. Any offer of compensation or a refund is likely to attract a response.
For consumers, the advice is never to open email attachments or click on links in unsolicited emails. Businesses should also take steps to protect their networks from malware and phishing attacks.
Businesses should adopt a defense in depth strategy to protect against phishing scams and malware attacks. An advanced email security solution such as SpamTitan should be used to protect Office 365 accounts. SpamTitan improves protection against zero-day malware and phishing threats and blocks threats at the gateway.
A web filtering solution such as WebTitan should be used to block the web-based component of phishing and malspam campaigns and prevent end users from visiting malicious websites. End user training is also a must. It is important to teach employees how to identify phishing emails and malspam, and condition them how to respond when suspicious emails are received.