Advanced Tech Support Suffers Insider Breach
A former employee apparently leveraged customer data to trick victims into providing remote access to their computers.
In a notice that has since been removed from its website, Advanced Tech Support warned that customers may be targeted by a scam in which callers claim to be Advanced Tech Support representatives, and attempt to gain access to the customer's computer.
The scam is particularly successful, the warning noted, because the caller often has details of the customer's past orders, "such as dates and/or services and products purchased by the customer." The caller then tells the customer that they're eligible for a refund, and requests remote access to the customer's computer in order to process the refund.
"Advanced Tech Support believes it has found the culprit and terminated the responsible party," the notice stated. "It is important to note that Advanced Tech Support does not store sensitive information such as credit card numbers so that data has not been compromised. The exact amount of records in question is unknown at this time."
As IDG's Jeremy Kirk notes, Advanced Tech Support and Inbound Call Experts were sued by the Federal Trade Commission in November 2014 for allegedly tricking victims into buying overpriced computer support services and unneeded security software.
"These operations prey on consumers' lack of technical knowledge with deceptive pitches and high-pressure tactics to sell useless software and services to the tune of millions of dollars," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said at the time.
Still, the more recent issue seems to be related to an insider breach at the company, not to allegedly deceptive practices.
According to Vormetric's 2015 Insider Threat Report, fully 93 percent of U.S. IT decision makers feel their organizations are somewhat or more vulnerable to insider threats, and 59 percent believe privileged users pose the greatest threat to their organizations. And the SANS 2015 Survey on Insider Threats found that while 74 percent of IT security professional said they're concerned about insider threats, 32 percent said they have no ability to prevent an insider breach.
Monzy Merza, chief security evangelist at Splunk, told eSecurity Planet by email that the Advanced Tech Support breach highlights the need for monitoring user activity and detecting privilege abuse. "When companies know a user's normal activity pattern, they can quickly spot abnormal or potentially threatening behavior and ultimately reduce the impact of a breach," he said.
"While outside threats pose obvious risks, those are part of the overall threat for an organization," Merza added. "Enterprises must be just as aware of the potential for fraud and threats from the inside. The best way to reduce these kinds of risks is to continously monitor system access and alert on unusual access activity."
Photo courtesy of Shutterstock.