[BreachExchange] When an IT manager falls victim to a phish

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 20 18:58:58 EDT 2018 

https://www.itnews.com.au/news/when-an-it-manager-falls-
victim-to-a-phish-487280

An incident at a KFC franchisee late last week shows that anyone, even the
most experienced IT professional, can fall victim to a phishing attack.

Last Thursday an IT manager at Brisbane-based Collins Foods, operator of
hundreds of KFC stores across Australia as well as Germany and the
Netherlands, clicked on a dodgy link.

It allowed unidentified attackers to take brief control of the manager's
email account, and send out phishing emails containing fake invoices to a
database of contacts.

The company spotted the compromise and addressed it quickly, sending out an
email on Friday to those it believed had been targeted.

"Collins Foods has identified that you may have received an email from our
business which was not a legitimate communication," the firm's head of IT
Jonathan Ives wrote, including details of the email header, time, and
sender.

"Please be advised that this email was not sent as part of normal business
activity and should not be actioned, Collins Foods recommends that the
email be deleted. The email includes links which direct the receiver to a
site not related to Collins Foods."

Ives said the company was investigating and would provide a further update
if it deemed the incident to have fallen within the remit of Australia's
new mandatory data breach notifications.

He did not detail the attack the IT manager had fallen victim to.

Ives told iTnews there had been "no further implications" from the incident.

"Collins Foods has stringent IT systems and processes in place to protect
the integrity of our networks," he said.

"It is a tribute to these processes that this situation could be identified
and managed so quickly."

He said the blunder was a reminder to all organisations of the need to
"stay alert, maintain our monitoring processes and ensure we have quick
reactive procedures ready to implement".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180320/6bc4eb2f/attachment.html>

More information about the BreachExchange mailing list