NetSafe has warned New Zealand businesses to take preventative measures against sophisticated phishing after the local branch of an international retailer became the target of such attacks.
A person claiming to be an executive of the retailer called one branch and tried to convince store staff to install rogue software on their computers. IT staff found this branch had downloaded a file and infected computer systems after being called by the purported executive.
The latter directed staff to a website designed to look like the official technical support staff.
NetSafe says the IT staff noticed the breach and blocked further access to the bogus website, and alerted all stores.
“For a CIO, really being able to show the value of taking preventative measures alongside the spending on hardware and software, is important to prevent these kinds of breaches.”
Chris Hails, cyber security programme manager at NetSafe, says no data was lost or accessed but the effort that went into creating a fake website and the use of a real executive’s name were prime concerns.
The bogus website used the company's branding, logo and corporate style and the criminals had gone to some effort to register a .co.nz URL containing the chain's name. The website was registered to a Nigerian address through an Indian company and is based in Switzerland.
Hails says NetSafe is concerned overseas criminals may use this set-up again to target other New Zealand businesses. He calls on organisations to warn staff about these kinds of threats arriving through email or on the phone.
“Education of your staff around these issues is key,” says Hails. “You can put the technology in place to protect the network and you can have anti-virus and all those defences but if the attackers are going after your staff, perhaps that is the weakest link.”
He says these threats place an additional challenge to CIOs and IT teams. “They are always aware they are considered a cost to the business,”’ he says. “For a CIO, really being able to show the value of taking preventative measures alongside the spending on hardware and software, is important to prevent these kinds of breaches.”
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter: @cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.