This week on “What Are The Scammers Up To Again”—that’s a good podcast title—we have another phishing attack that targeted an employee’s account of the Singapore Airlines’ in-flight retailer, KrisShop.
Owing to the attack, the personal information of 4,749 KrisShop customers were exposed.
The Extent of the Damage
To any KrisShopper reader that might be panicking already, take a few deep breaths before continuing to read the article.
The personal data that was leaked included names, e-mail addresses, residential addresses, contact numbers and KrisShop e-voucher numbers.
The bank account numbers of approximately 195 customers, and the KrisFlyer account number of 17 people, were also exposed.
However, the silver lining here is that the leaked data did not include any password or credit information, because those files don’t contain such information in the first place.
The exposed files were all encrypted too, so that’s another layer that the unidentified attacker has to get through before they access the personal information.
Additionally, none of the other databases or systems had been compromised during the attack.
The targeted attack on the employee’s account is just a singular incident.
Nonetheless, if you’re feeling paranoid, you’re always free to swap out your bank accounts, and change your password to a stronger one, just in case.
Details of the Phishing Incident
According to a KrisFlyer spokesperson, Kris Shop discovered that one of its employees’ work accounts had been illegally access by an external party due to a phishing attack on 8 March.
The spokesperson chose to remain silent on the specific details regarding the attack and the identity of the external party.
The spokesperson then assured the public and its customers that the employee’s account was locked as soon as they were alerted to the phishing attack, and they wasted no time tracking the source of the trouble, and how much damage the phishing attack had caused.
“Upon further investigations, we found that files containing data involving 4,749 individuals may have been exposed due to this incident.”
As mentioned earlier, it’s unclear if the data has been completely cracked and exposed because KrisFlyer had encrypted those files.
To put it frankly, it might just be a matter of time.
After reviewing its systems and processes together with Singapore Airlines, the company concluded that the breach was just an isolated incident that arose due to human error.
Two days later, the Personal Data Protection Commission (PDPC) was informed of the incident, after the information needed to make the report was verified internally by KrisShop.
Join our Telegram channel for more entertaining and informative articles at https://t.me/goodyfeedsg or download the Goody Feed app here: https://goodyfeed.com/app/
KrisShop Apologies to its Customers
Because of this incident, KrisShop apologises to its affected customers, and it’s currently in the process of contacting those that were inadvertently involved in order to offer any assistance that they may require.
The affected KrisShop e-voucher have been nullified and replaced as well.
Customers who have any queries may contact KrisShop at [email protected].
Lastly, the spokesperson said: “The protection of our customers’ personal data is of utmost importance to KrisShop. We will continue to take steps to strengthen our systems and processes.”
The standard PR statement, yes, but their reputations are on the line for this isolated incident.
The Rising Frequency of Phishing Scams
With how frequent phishing scams have been occurring, Goody Feed might solely become dedicated to reporting all kinds of phishing scams someday.
…this is mostly said in jest, because the writers would be the ones suffering if that actually happened.
Nonetheless, there have been so many types of scams that happened in the past few months alone that can be listed from the top of my head:
- The SMS phishing scams targeting OCBC Bank customers
- The SMS phishing scams that still targeted bank customers, except the scammers changed from clickable links to toll-free numbers
- Scammers impersonating the Bill Gates foundation and purportedly giving out free cash to Singaporeans
- E-mails scams that allege that packages are either stuck in transit, or customers have supposedly placed orders for products when they never did
- Innocuous surveys that promise monetary rewards and ask for access into your Singpass account
The list goes on.
Earlier this month, at least 72 people lost $109,000 in total due to a phishing scam that happened on the online marketplace, Carousell.
This scam was particularly nifty, in the sense that there’s a bit of double impersonation going on.
The scammers would tell their victim sellers that they were going pay them via CarouPay, an in-app payment feature.
Afterwards, the victims would receive an e-mail that supposedly came from Carousell, stating that the payment has been made, but they need to access the link in order to receive it.
The link would then redirect the victims to fake websites that appear to be bank websites, where the victims would be made to give their banking details and one-time passwords in order to receive the payment.
Unfortunately for the victims, they would only realise they had been scammed after unauthorised transactions were made from their bank accounts.
Pro-tip: If it’s an in-app payment feature, why would you ever need to go outside of the application?
If only the scammers could use their craftiness for the greater good.
Read Also:
- COVID-19 Lockdown in China Might Affect E-Commerce Delivery to S’pore
- Woman in M’sia Dies After Falling Into a Wok of Hot Oil While Cooking in Her Hawker Stall
- The 2 Men Who Threw a Plate in Fat Po Are Now Being Investigated for Public Nuisance
- 3 Men Allegedly Rushed Out of Car That Slammed into Lamp Post in Hougang
Featured Image: KrisShop