Security fail!
Dec. 7th, 2008 12:47 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
I've been using mycheckfree.com for years to pay my utility bills. So tonight, I get an email that purports to be from them informing me that if I had attempted to access online bill payment between 12:30 a.m. and 10:10 a.m. Eastern time on Tuesday, December 2, 2008 using Windows, their site may have redirected me to a site that might have infected me with malware which may have escaped detection by virus scanners. I use Opera and Chrome, not IE, so I'm probably safe, but I have no idea if I accessed the site during that time (I quickly log in and schedule payments when I get notification that bills have arrived, so I don't really remember when I used it), and they say they're working with McAfee to provide more information and assessment.
So, assuming this is legit, it's good of them to let customers know about the potential problem, though it would have been nice if they'd included a bit more detail on the malware in question. But they obviously have very little clue about how to handle this sort of thing.
The email they sent was mailed from mail17c.mkt030.com, and the return address is ebillinfo@customercenter.net. Links in the mail go to links.mkt030.com. That may be a legit bulk mailing company, but who knows?
They have a mechanism in place to deliver messages via the web site after you log in, so I check that; no copy of the message there, and no info on the site about the breach.
I go look up their customer service 888 number and call that; it's already closed for the night, and the message there says nothing about the problem.
There's an 877 number in the email I got, but the only google hit for that is a copy of this very email, and the guy who answers it admits it was newly registered to deal with this problem. So, um, how do I know I'm talking to Checkfree?
The email did contain my name and the out-of-date address I have on file with them, but of course, if their site was actually hacked, that doesn't tell me anything - and that much is public record anyways.
So, it's great they sent out a timely message about their breach. But I got it on Saturday night, and it appears there's no authenticatable method of contacting them for further information until Monday.
Checkfree Corp obviously has no clue about security and social engineering. Unfortunately I'm not sure there are any better options, since most billpay sites end up using Checkfree on the back-end. Anyone have any suggestions for other sites that do bill presentment and payment for Duke Energy and AT&T that don't use Checkfree?
ETA: Here's an article about the breach. So it would seem a Checkfree employee fell prey to a phishing attack and leaked their password with Network Solutions for domain registration. And now they're sending out emails to customers that are indistinguishable from a phishing attack. That's some astounding incompetence.
So, assuming this is legit, it's good of them to let customers know about the potential problem, though it would have been nice if they'd included a bit more detail on the malware in question. But they obviously have very little clue about how to handle this sort of thing.
The email they sent was mailed from mail17c.mkt030.com, and the return address is ebillinfo@customercenter.net. Links in the mail go to links.mkt030.com. That may be a legit bulk mailing company, but who knows?
They have a mechanism in place to deliver messages via the web site after you log in, so I check that; no copy of the message there, and no info on the site about the breach.
I go look up their customer service 888 number and call that; it's already closed for the night, and the message there says nothing about the problem.
There's an 877 number in the email I got, but the only google hit for that is a copy of this very email, and the guy who answers it admits it was newly registered to deal with this problem. So, um, how do I know I'm talking to Checkfree?
The email did contain my name and the out-of-date address I have on file with them, but of course, if their site was actually hacked, that doesn't tell me anything - and that much is public record anyways.
So, it's great they sent out a timely message about their breach. But I got it on Saturday night, and it appears there's no authenticatable method of contacting them for further information until Monday.
Checkfree Corp obviously has no clue about security and social engineering. Unfortunately I'm not sure there are any better options, since most billpay sites end up using Checkfree on the back-end. Anyone have any suggestions for other sites that do bill presentment and payment for Duke Energy and AT&T that don't use Checkfree?
ETA: Here's an article about the breach. So it would seem a Checkfree employee fell prey to a phishing attack and leaked their password with Network Solutions for domain registration. And now they're sending out emails to customers that are indistinguishable from a phishing attack. That's some astounding incompetence.
no subject
Date: 2008-12-07 06:52 am (UTC)no subject
Date: 2008-12-07 07:03 am (UTC)no subject
Date: 2008-12-07 08:54 am (UTC)I had a similar problem this week - I got an email purporting to be from my bank telling me that my account had been suspended due to too many attempts to log on with an incorrect password, and that I should click on the link in the email and enter my username and password to reactivate my account. However, there was a grammatical error in the very first sentence, which raised my suspicions, and so I looked carefully at the URL of the link - not in the link itself, but in the taskbar of my browser when I hovered my mouse over the link, and sure enough, it was going to a non-Bank of Montreal website. So I forwarded the email to their fraud department and deleted it.
None of this has any real direct bearing on your situation, of course, but who knows - there could be a company that's targeting a whole bunch of different financial services companies and sending out emails to make people think that their accounts have been hacked. (I'm not quite sure how they knew I was a BMO customer, though, unless they've hacked into BMO's database to get my email address, or I somehow got malware on my computer from another site prior to the last time I paid my bills.)
no subject
Date: 2008-12-07 08:55 am (UTC)Check your browser history.
Date: 2008-12-07 04:58 pm (UTC)no subject
Date: 2008-12-07 08:38 pm (UTC)This isn't the first time I've heard of that happening... I need to check my own domain admin accounts and make sure they have tight passwords...
Newsflash
Date: 2008-12-08 08:32 am (UTC)