The point of many phishing scams is to gain access to bank or credit account information for financial gain. So, it makes sense to target users or accounts with the highest odds of containing substantial amounts of money. That explains a new phishing attack reported by AppRiver which takes aim at customers of Global Payments.
Many phishing attacks simply cast as wide a net as possible and hope that at least some of the victims snared by the scam have funds to make it worthwhile. By specifically targeting a merchant services company–a provider that processes credit card payments for retail establishments–the attackers greatly enhance the chances that any compromised accounts will actually have money available–perhaps a lot of money.
Fred Touchette, a senior security analyst with AppRiver, explains in a blog post, “Global Payments is a company that handles merchant services for all sorts of businesses such as restaurants, retail stores, hotels, hospitals, you name it. Basically their service can be used by anyone that needs to process credit card transactions.”
Touchette describes how the phishing attack works as well. “These attacks arrive in email form, as is often the case, pretending to be from Global Payments, stating the usual “Your account has been blocked due to unusual activity”. As is also usual, the email asks the recipients to click on the link provided and log-in to their accounts to correct the situation. Once victims provide the false sites with their credentials, they then give the attackers full access to their accounts.”
As Touchette alludes to in the blog post, the targeting of a merchant services processor is particularly concerning for two reasons. First, for the business that uses Global Payments and falls unwitting victim to this attack, it means that funds could be redirected or stolen.
More importantly, though, a successful compromise from this phishing scam provides the attackers with the information necessary to access the merchant services account, and possibly much more sensitive data. Touchette says, “This attack carries a much larger weight than an attack against an individual as access to merchant processing accounts could lead to the breach of information and transaction details of all of the credit card holders that had done business with the Global Payments account holder. This could also lead to a major dent in the reputation of the company who was phished as the breach was disclosed.”
As always–you should have security tools to protect your system, but avoiding phishing scams is part common sense and part cautious skepticism. Could your account be blocked due to suspicious activity? Absolutely. And, I would hope that a company like Global Payments would do just that–as quickly as possible–if, in fact, unusual account activity was detected.
However, in the event that such a thing actually occurs, a company like Global Payments will not ask you to click on a link in an e-mail and share or change your account credentials. Do not open file attachments or click on URLs in e-mail messages unless you are 110% sure you know what awaits you. If you are concerned that the phishing message might be legitimate, pick up the phone and call the customer service department to clarify.