Canadian Underwriter: Biggest risk with mass email theft is phishing, malware distribution

May 17, 2017 — Biggest risk with mass email theft is phishing, malware distribution, NuData Security says following Bell Canada hack

Robert Capps, VP at NuData Security, shares his expertise on mass email risk after Bell Canada confirmed an “illegal access” of customer information.

The biggest risk with mass email theft is phishing and malware distribution, the vice president of business development with Vancouver-based NuData Security said in a statement on Wednesday, two days after Bell Canada confirmed an “illegal access” of customer information.

Robert Capps said in the statement that 91% of cyberattacks start with a phishing email and reminded users to never click on links received from unknown people or on suspicious links sent by friends on social networking sites or via email.

“The continued success of these attacks highlights a major flaw in identity validation techniques that can be stolen and reused,” Capps said. “Companies that hold such critical and personal information about their users have a choice. Rather than just protecting transaction data, companies can accept the full ramifications of data protection and system security by designing their systems to protect their users and all account data first.”

He said that a multi-layered approach to authentication that provides newer and more secure techniques, such as passive biometrics and behavioural analytics, should be implemented by companies to determine if the “expected human user is accessing and transacting on the account, or a cybercriminal who needs to be blocked.”

On May 15, Bell Canada confirmed that an anonymous hacker obtained approximately 1.9 million active email addresses and about 1,700 names and active phone numbers. “There is no indication that any financial, password or other sensitive personal information was accessed,” the company said in a statement.

Bell said that it has contacted affected customers via the affected method of attack (by email for those whose email address was accessed and by phone for those whose phone number was accessed).

The company has also been working closely with the RCMP’s cybercrime unit and has informed the Office of the Privacy Commissioner of Canada.

For the complete article, go here.