Following a pattern I have warned you about in Scams of the Day for more than three years, yesterday the Swiss bank Banque Cantonale de Geneve became a victim of a hacking in which the hackers, a group called Rex Mundi, made public personal information of the bank’s customers including their names, email addresses, phone numbers and account numbers along with copies of customers’ emails to the bank when the bank refused to pay a ransom of ten thousand euros, which is equivalent to about twelve thousand dollars. It should be emphasized that customers’ accounts were not hacked. Access to those accounts requires multiple passwords and codes in order to gain access to the accounts and that information was not obtained in the hack of 30,000 emails.
Rex Mundi is a group of hackers from France, Austria and Germany who have hacked other companies in search of ransom, most notably Domino’s Pizza franchises in France and Belgium, which also refused to pay the ransom.
The good news is that the information obtained by the hackers did not represent a critical loss to either the bank or its customers and the fact that the hackers were not able to access customers’ accounts is a small testament to the value of the increased security that banks and other companies are employing in an effort to fight cybercrime. The bad news is that those affected customers may well expect to receive spear phishing communications directed to them by name that appear to come from their bank and even will carry their account number that will be used by the hackers to lure the customers into revealing personal information or trick them into clicking on links to download malware to be used to make the customers victims of identity theft. As always, you should never supply personal information or click on links unless you are absolutely sure and have confirmed that the communication is legitimate.