A number of debt buyers have commented that the frequency of phishing attacks on them has increased and, in one case, a virus was running through the industry last week.
There was no consensus as to the reasoning behind the increased attacks. Some posited that debt buyers were the focus of hackers because of their access to electronic files that contained non-public person information of consumers, including names, Social Security office 2016 download numbers, phone numbers, mailing addresses, and more. Others thought that the hackers were targeting debt buyers, sellers, and brokers because they might be considered to be wealthy and have something worth stealing.
“I don’t doubt that we’re targets for a second,” said Alex Flores of Invision Consulting Group. “That’s why I don’t keep anything on my hard drive.”
The phishing attack started last week when a debt broker clicked on a link in an email and started a chain reaction where the emails were sent to all of his contacts, which included most players in the industry. The good news was that the broker said that there were no unmasked filed on his computer. It was the fourth time that he had heard of a colleague being hacked, he said.
It took nearly 48 hours for the broker to reach out to his contacts with a separate message, clean up his own computer, and feel that things were back to normal. The lesson he learned? Never click on a link in an email.
“Even if you know who the sender is and you are expecting an email from that person, don’t click on it,” he said. “I was expecting an email from this person and I learned my lesson.”
There were nearly 125,000 separate phishing attacks during the second half of 2014, according to the Anti-Phishing Working Group. More than 550 financial institutions were the targets of those attacks. In most cases, phishing attacks are conducted by hackers looking to gain the login and password credentials to consumers’ online banking portals. The credentials are used to steal or launder money or are part of a more comprehensive identity theft. Phishing attacks generally have a short lifespan – the average attack was up for less than 12 hours in the second half of 2014, according to the APWG.
“A lot of people overlook these kinds of things that are no-brainers,” said Ian Ross of Pyramid Acquisitions.