Thursday, December 6, 2018

[Heads-Up] Bad Guys Love Marriott: 500 Million Data Breach Is Phishing Heaven

[Heads-Up] Bad Guys Love Marriott: 500 Million Data Breach Is Phishing Heaven 

So, I guess we have just reached the tipping point, it's "privacy game over" for business travelers.

For about 327 million of the 500, the breached data includes names, mailing addresses, phone numbers, email addresses, passport numbers (!), Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

The company said in a statement that it discovered "unauthorized access" to the database, which extended back until 2014. In some cases, payment card numbers and expiration dates were also taken, but Marriott said it's unclear whether the hackers have information to decrypt the payment card numbers.

Marriott said it has set up a website for consumers impacted by the hack, at info.starwoodhotels.com, and a call center. "Call volume may be high, and we appreciate your patience," the company said. Starwood is sending an email to all addresses affected.

Here is where the bad guys come in.

You can expect a raft of phishing attacks that try to exploit this data breach, either by using just scare tactics, or by using actual data from the breach itself to make it look as real as possible.

If you are a KnowBe4 customer, we strongly recommend you inoculate your users and send a simulated phishing attack to your users that uses this Marriott data breach as the theme.

Two new phishing templates and a landing page have been added to our Current Events phishing templates category. Use them to prepare your users before the bad guys use social engineering tactics and trick them. Each template leads to a fake Marriott login page to mimic a credentials phishing attack.

Grab these template and landing pages and send it to either all users, or if you have a Smart Group containing your frequent travelers, that would be the first priority.

If you are not a KnowBe4 customer yet, we suggest you step your users through this free module that is available until the end of December 2018! “Safe Travels For Road Warriors" is a 12-minute animated course with lots of interactivity for those that travel for business—and some very helpful tips for personal travel too.

You will find this module as step 5 of a blog post with some practical advice for business travelers here:
https://blog.knowbe4.com/the-massive-marriott-data-breach-some-practical-advice-for-business-travelers

Infrastructure Organizations Beware