Security reporter Graham Cluley recently reported on a data breach at the email newsletter service Mailchimp, which resulted in the exposure of customer data. However, this breach affects more than just Mailchimp customers. Even if you are not a Mailchimp customer, you may still be impacted by the breach.
Sportsbook and betting website FanDuel (like many, many other companies) outsourced its newsletter management to Mailchimp, which meant Mailchimp took responsibility for securing FanDuel’s customers’ email addresses and other personal data. Unfortunately, the company failed in its responsibility, leading to a security breach that impacted several of its clients, including FanDuel.
FanDuel has since sent warnings to its customers, informing them that their names and email addresses were exposed in the breach. However, no other personal information such as passwords, financial information, or the like were acquired.
The exposure of customers’ names and email addresses in the Mailchimp data breach is not just a minor inconvenience, however. The information that was acquired by the unauthorized actors could be used in targeted and personalized phishing attacks aimed at FanDuel users. Cybercriminals could create convincing-looking phishing emails that may trick unsuspecting users into revealing more information, such as their passwords.
How can we get better at phishing protection?
Phishing attacks are becoming increasingly sophisticated and can be difficult to detect. The use of the customer’s name and email address in the phishing email makes the attack even more convincing and increases the likelihood of the user falling for the scam. The cybercriminals could use the stolen information to send emails that appear to be from FanDuel, asking the recipient to provide additional personal or financial information. Fortunately, ConcealBrowse has advanced anti-phishing protection that identifies phishing sites using computer vision and machine learning, and stops users from providing their personal information.
Because phishing attacks are only successful if the victim is convinced a phishing site is legitimate, common advice to protect against phishing attacks is focused on user education and behavior. This includes being vigilant when receiving emails that ask for personal or financial information, even if they appear to be from a trusted source. Additionally, victims are urged to be cautious of any suspicious or unexpected emails, and not click on any links or download any attachments from unknown or untrusted sources. While all of this is solid advice, the fact remains that users will make bad decisions and provide information to phishing sites if they are forced to rely on their own judgment. ConcealBrowse’s secure browser anti-phishing solution removes that burden from users.
The Mailchimp data breach highlights the importance of protecting personal information and utilizing advanced phishing protection and browser security solutions. User education and email client-based phishing protection simply aren’t good enough. Click here to sign up for a free ConcealBrowse account and start protecting your company from sophisticated phishing attacks like this one today.
Written by: Conceal Research Team