eBay Hack Could Lead to Spear Phishing

TechInsurance, the nation’s leading online source of business insurance for small IT firms, announced today that eBay’s recent data breach could lead to a spate of “spear phishing” attacks. Unlike traditional phishing scams, spear phishing messages incorporate information hackers gather about the target to personalize the phishing message and increase the likelihood that a victim will click on malicious links and expose their data.

While the breach itself is bad news, the fact that it happened at a major company can be positive for owners of small technology businesses. “Whenever an important data security issue hits the mainstream, it’s bittersweet for us,” said Ted Devine, CEO of TechInsurance. “We’re never happy to hear about a security breach, but big headlines about data protection make it easier for IT professionals to educate their clients about the importance of maintaining strong security practices.”

Devine explained that data security is important to IT professionals because they can often be held liable for hacking incidents and breaches that occur on their clients’ networks. If they are sued over a client breach, Errors and Omissions Insurance can cover the legal costs, but such lawsuits are expensive regardless of the outcome.

For that reason, having ongoing client conversations about best practices for data protection is a key part of minimizing the financial risks to an IT business.

TechInsurance recommends that IT professionals take the following steps to educate their clients about the risks posed by spear phishing emails:

  1. Contact clients to explain what spear phishing is and how it’s different from traditional phishing scams.
  2. Inform clients about the eBay hack, encourage them to update their passwords, and note that credentials like those accessed by eBay’s hackers are key ingredients for creating convincing spear phishing messages.
  3. Provide clients with additional resources for recognizing spear phishing emails and protecting their online information so they’re less likely to be victimized. This post on the TechInsurance blog provides those resources.

About TechInsurance, an insureon Company
TechInsurance is the nation’s leading online agent for small IT businesses. It offers General Liability Insurance and Errors & Omissions Insurance, as well as educational resources for IT professionals and their clients.