End-user customers of beleaguered foreign currency services provider Travelex – which is still trying to recover from a ransomware attack more than two weeks after its systems were first taken offline – have been warned that opportunistic criminals may try to take advantage of the situation to scam them.
In a new update on the firm’s still out-of-service website, Travelex said that because the attack on its systems was so high-profile, it was likely that criminal groups would try to take advantage of it.
“Based on the public attention this incident has received, individuals may try to take advantage of it and attempt some common email or telephone scams,” said Travelex.
“Increased awareness and vigilance are key to detecting and preventing this type of activity. As a precaution, if you receive a call from someone purporting to be from Travelex that you are not expecting or you are unsure about the identity of a caller, you should end the call and call back on 0345 872 7627.
“If you have any questions or believe you have received a suspicious email or telephone call, please do not hesitate to contact us. Please note that Travelex does not store credit card numbers on its system.”
In a blog post, cyber security expert Graham Cluley said Travelex was acting sensibly in this instance, as such scams have taken place before in the wake of major cyber incidents, notably in the 2015 attack against TalkTalk.
Scammers will generally attempt to use social engineering tactics against frustrated Travelex customers, either on the phone or via email.
Cluley said it was especially important for people to be alert to this, as some companies have in the past tried to use the fact that customers fell victim to scammers after a breach as an excuse to wriggle out of paying compensation.
Such scams are not necessarily an indication that any personal data on Travelex customers has been leaked – they are more usually opportunistic, preying on fears that data might have been compromised.
Indeed, at the time of writing, the perpetrators of the Sodinokibi attack on Travelex had not made good on their threat to release the personal data of Travelex customers if a multimillion-dollar ransom was not paid.
Read more about the Travelex ransomware crisis
- Travelex says it is making “good progress” in its recovery and is to begin restoring electronic foreign exchange services, but is silent about whether it has agreed to pay hackers a $6m ransom.
- The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department.
- Sodinokibi cyber gangsters have threatened to sell Travelex customers’ private data on a Russian underground cyber crime forum.
A post made to a Russian cyber crime forum on 7 January had claimed that the attackers had access to 5GB of Travelex’s data, including customers’ financial details, credit card numbers, US social security numbers and dates of birth.
Travelex has repeatedly claimed there is no evidence that the attackers do have any of its data, nor is it known whether the failure to release any data so far is an indication of whether or not it has paid off its attackers.
As of 13 January 2020, Travelex claimed it had restored a number of its internal order-processing systems and was starting the process of recovering its in-store computers.
“We are now at the point where we are able to start restoring functionality in our partner and customer services, and will be giving our partners additional detail on what that will look like during the course of this week,” said Travelex CEO Tony D’Souza.