Back in August, customers of TrendMicro who were running home security systems were receiving suspicious calls from supposed TrendMicro employees. After an investigation was performed by the company, they learned that an internal employee had been pulling customer information such as names, email addresses, TrendMicro support ticket numbers, and occasional phone numbers from a database and selling it to a tech support scam group.
The company has assured customers that no financial information was obtained, but because attacks like these could lead to customers paying for services that aren’t necessary, it still raises the concern of monetary loss. It is believed that the scam has affected less than 1% of TrendMicro’s nearly 12 million consumer customer base and only went after English speaking customers. The employee responsible has since been identified and terminated and law enforcement officials have been notified.
TrendMicro has stated that they will never call their customers and if a call is received with someone on the other end claiming to be from TrendMicro, the call should be terminated immediately. The “insider threat” problem can affect any company and can be difficult to detect. One strategy that has been effective for many companies is to audit employee access to sensitive data and alert when an employee accesses any resource or runs any program that is out of the ordinary for their job duties.
This approach has the advantage that it may also catch external threat actors misusing an employee account to run unusual programs or connect to internal data sources that the employee doesn’t normally use. A Data Loss Prevention (DLP) solution may also be effective to alert when customer data leaves the network, provided the data is not encrypted or otherwise hidden from DLP inspection.