Not just Qantas: beware of broader scams
Loading
Qantas is one of nearly 40 high-profile companies – including Toyota, Disney and IKEA, along with fellow airlines Air France and KLM – whose illegally accessed consumer data is being marketed by hackers on the dark web. Since Qantas is not the only company that has been targeted, it’s possible the scammers could reference the other affected companies in their attacks.
Cybercriminals try to identify the same consumers across different hacked corporate databases, to form a clearer picture of a victim they can target.
For example, finding a Qantas customer who also subscribes to a Disney Plus allows the creation of a more nuanced profile, which can then be used for more realistic and effective scam communication. Qantas has posted examples of scam emails, notifications and websites on Qantas.com.
Hunt says this type of cross-referencing of customer data by scammers is very similar to what marketing companies do.
Qantas is using multi-factor authentication for key communication.Credit: Qantas
“This is often referred to as ‘enrichment’, where you take multiple different sources and combine them together”.
Qantas’ data will indicate how much a person travels, said Hunt, which can give a good sense of a potential target’s relative wealth. Combine that with the customer information that was stolen during the Optus and Medibank Private breaches and then a scammer can piece together a target’s profile much more adequately.
Hours after the data was released, HaveIBeenPwned.com, flagged that 7.3M unique customer email addresses of Vietnam Airlines had also been exposed. “The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers,” the service said.
Loading
While discerning exactly how many Australians were affected, Hunt estimates “probably tens of thousands of Aussies” have been drawn up in the breach of Vietnam Airlines data. Vietnam Airlines has been contacted for comment.
Meanwhile, Toyota Australia said on Monday that there was no evidence that their Australian customer data has been compromised.
“Toyota Australia is aware of recent media reports regarding a global cybersecurity incident involving Salesforce-connected environments.
We can confirm that an internal review has been conducted, and there is no evidence that Australian customer data has been compromised,” it said in a statement.
Disney has also been contacted for comment.
What else can you do to be safe?
Following the release of the data, Qantas encourages customers to use “where available” two-step authentication for email and online accounts.
Two-step authentication requires log-ons to have not one, but two, codes – often a regular one, and a unique one generated by an app or a secondary source, for that specific instance of communication.
Darktrace global field CISO Max Heinemeyer says affected customers should “make sure all your devices are up-to-date with the latest software and security patches”.
“As a precaution, log in to any potentially-affected accounts and create strong unique passwords for each account,” said Heinemeyer.
Loading
Customers should be vigilant of any communications purporting to be from Qantas or other official organisations that ask for information. “Hackers using stolen information and AI-powered social engineered techniques can create communications that are near impossible to tell from the real thing.”
Kevin Gosschalk, founder and CEO of Arkose Labs, said hacks will continue to “substantially increase” the likelihood of fraud against Australian consumers of these companies.
“Bad actors will be using the leaked and stolen data to compromise other accounts, such as financial accounts, with a mixture of the newly learned personally identifiable information, plus prior breaches and leaks and use that to socially engineer consumers.”
Alert but not alarmed
Loading
While the hackers have leaked the data, they will still try to shape the public conversation in ways that encourage affected organisations to pay. Since both Qantas and Salesforce – whose customer service platform is also used by Qantas – have said they are not paying ransom, the criminal group will seek to monetise the customer data in other ways.
For example, scammers can use the heightened awareness of cyber breaches – highlighted in the media – to trick customers to click through links or share personal details, sometimes in emails designed to appear as if they will help secure a person’s profile.
Qantas meanwhile has tried to limit the fall-out of the hack by getting an injunction in NSW on the publishing of the contents of the data (which, according to Cyber Security Coordinator Lieutenant General Michelle McGuinness, included the home addresses and phone numbers of several high office holders).
Nevertheless, the increased awareness should ensure the public is alert but not alarmed. Some ongoing scams would occur regardless of the data breach. And although companies, authorities and criminals are in an arms race of sorts, defence is improving, as well as an understanding of hackers’ tactics.
The Market Recap newsletter is a wrap of the day’s trading. Get it each weekday afternoon.
