Tech-support scammers used data stolen by Trend Micro employee
Technical-support telephone scams have been around for a long time, with scammers using random technical data to fool gullible consumers into handing over access to their computers and, often, their credit card data. But some customers of Trend Micro were called by scammers with a somewhat more convincing bit of data than some well-known Windows filename—the scammers had their names, email addresses, and technical-support request ticket numbers.
The scammers got that data from a Trend Micro employee who stole the data for 68,000 customers and sold it to the scammers, a company spokesperson revealed today in a statement on the company’s blog. While the stolen data included names, email addresses, some phone numbers, and Trend Micro support-ticket numbers for users of Trend Micro’s consumer security products, it did not include payment information.
“In early August 2019,” the spokesperson wrote, “Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.” The information that was used in these calls led Trend Micro’s security team “to suspect a coordinated attack.”
The investigation finally uncovered the source of the leaked data in late October. That’s when the investigation determined that an employee had downloaded customer support data and sold it to a “currently unknown third-party malicious actor.”
The company did not share information about the identity of the employee. The spokesperson said that all affected customers had already been contacted; it’s not clear whether any of them were convinced by the scammers.
“We took swift action to contain the situation, including immediately disabling the unauthorized account access and terminating the employee in question, and we are continuing to work with law enforcement on an ongoing investigation,” the spokesperson stated.
New scam, who this?
The best defense against scam calls like these is education: Trend Micro, other technology companies, the IRS, and the Social Security Administration will not call you unexpectedly. Anyone who calls you out of the blue claiming to represent one of those companies or agencies is almost certainly a scammer.
“If a support call is to be made, it will be scheduled in advance,” Trend Micro’s spokesperson noted. “If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support.”
Anyone who did receive a call and has “technical issues that may have arisen from interaction with the scammers,” the company said, should connect with Trend Micro for support—support already covered by their product license.
https://arstechnica.com/?p=1597815