Tech-support scammers used data stolen by Trend Micro employee

This is one of those cases which should make you think “How would I stop this happening, or at least get an early warning?” Assuming that you’ve identified and locked down sensitive data so that only those that need it can gain access (not always a given, but part of the GDPR principles), I can think of several strategies to help spot rogue employees/supply chain. First is to plant some breadcrumbs in the data that, if they get used, will raise an alert and identify the place they were accessed from. This is the basic premise of cyber deception. Second is to continually look for your data being accessible where it shouldn’t be e.g. on public shares, pastebin… this is where a leak detection service like CybelAngel comes in…:

Technical-support telephone scams have been around for a long time, with scammers using random technical data to fool gullible consumers into handing over access to their computers and, often, their credit card data. But some customers of Trend Micro were called by scammers with a somewhat more convincing bit of data than some well-known Windows filename—the scammers had their names, email addresses, and technical-support request ticket numbers.

The scammers got that data from a Trend Micro employee who stole the data for 68,000 customers and sold it to the scammers, a company spokesperson revealed today in a statement on the company’s blog. While the stolen data included names, email addresses, some phone numbers, and Trend Micro support-ticket numbers for users of Trend Micro’s consumer security products, it did not include payment information.

“In early August 2019,” the spokesperson wrote, “Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.” The information that was used in these calls led Trend Micro’s security team “to suspect a coordinated attack.”

[…]

Original article here