When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
In November 2020, security researcher Abraham Vegh notified KrebsOnSecurity about a domain sent to him from his bank with an unusual name. Fiserv, a banking software and tech solutions company, sent some of their customers emails with an unclaimed domain, defaultinstitution.com. Vegh did a simple search to realize the domain was not registered.
Anyone could have paid for this domain and claimed it as their own. If someone with malicious intent came across this email, an ensuing phishing scam could have been catastrophic.
Vegh set up an email account for the domain and watched as emails poured through to the account. Emails relating to the CashEdge service acquired by Fiserv were sent and bounced back to senders because they could not reach an active account. The users were trying to send emails to a client solutions director at Fiserv, but the reply address was “donotreply@defaultinstitution.com”.
CashEdge emails initially sent to the customers had information such as plan ID, send date, the amount being transferred, names, the last four digits of account numbers, and email addresses of the recipient. At the bottom of emails announcing CashEdge’s switch from their service Popmoney to Zelle, the support email was listed as “customersupport@defaultinstitution.com”.
Active customers became increasingly frustrated with the situation as they were being signed up for accounts they never intended to and when they replied, the emails weren’t reaching the right people. They were going to Vegh. After Vegh notified Fiserv, they announced they made a mistake by not changing the default address and contacted those affected customers to fill them in on the mishaps.
In conclusion, if it wasn’t for an intelligent researcher like Vegh, this mistake could have created a storm of phishing scams, and all the blame would have fallen on Fiserv. It’s crucial for organizations to have a team monitoring emails and searching for malicious action.
Engage with a security firm like SpearTip which has dedicated and certified engineers working around the clock to protect partners. Our Security Operations Center’s value comes from collaboration and knowledge that can’t be replicated by general security tools.
If any of the CashEdge customers were replying from company emails, a malicious actor likely would have been successful in getting a user to bite on a phishing email. The employee’s company would then be at risk of compromise depending on the actions of the theoretical threat actors.
SpearTip’s cyber experts continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you think your organization has been breached, call our Security Operations Center at 833.997.7327.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.