Close Menu
    Facebook X (Twitter) Instagram
    Trending
    • 5 Active Malware Campaigns in Early 2025: What You Need to Know
    • 10 Critical Network Pentest Findings IT Teams Overlook
    • Report Phishing Instantly with PhishAlarm
    • Password Reuse Epidemic: Nearly Half of User Logins Compromised
    • Women in Cybersecurity: Interest, Exposure, or Just Stereotypes??
    • Stay Ahead of Scammers in 2025
    • Cybersecurity Alert: Risks of Abandoned Websites
    • DHS Unveils Playbook for the Deployment of Artificial Intelligence for the Public Sector
    Fordham University Information Security and Assurance
    • Information Security and Assurance Homepage
    • Privacy Blog
    • About
    Fordham University Information Security and Assurance
    You are at:Home»Phishing»Hacked Zappos Customers: Beware Phishing Scams
    Phishing

    Hacked Zappos Customers: Beware Phishing Scams

    By Shannon OrtizJanuary 17, 2012Updated:February 5, 20193 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Copy Link

    http://mashable.com/2012/01/16/zappos-phishing-scams/

    As hacks go, Zappos’s attack over the past weekend could have been a lot worse.
    If you’re one of the estimated 24 million affected Zappos or 6PM.com (an affiliate site) customers, you can take solace in the fact that only the last four digits of your credit card number have been compromised. Likewise, as Zappos CEO Tony Hseih explained in an email to customers on Sunday, hackers stole a cryptographically scrambled version of users’ passwords, not the actual password.
    But even though the damage sounds pretty benign, security experts caution that affected customers may still see some fallout, including becoming the target of phishing scams and possibly still worrying about those compromised passwords.
    Robert Siciliano, a McAfee consultant and identity theft expert, says he expects whoever hacked Zappos’s site will now sell the data to people who run phishing scams. “They’ll sell it 10,000 accounts at a time, short money, like $100,” he says. While hackers don’t have complete credit card numbers, Siciliano says there’s enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic phishing scam — which might be supplemented with a voicemail “vishing” attack as well.
    Siciliano warns users who got Hseih’s email to avoid clicking on links that purport to be from either Zappos or their credit card firm over the next few months. Phony emails and voicemail messages typically ask users to “update” their info, giving hackers access to more potentially damaging data.
    That said, Siciliano says he can’t be sure how many people are likely to be targeted. “I was a PlayStation user and I didn’t get [targeted by phising schemes],” he said, referring to an attack on attack on Sony’s PlayStation Network last April. “But that doesn’t mean nobody was.”
    Chester Wisniewski, a senior security advisor at Sophos, says another danger is that the hackers were able to decipher users’ passwords. Depending on the level of encryption, Wisniewski says this process can take anywhere from a few hours to a few weeks. “You can typically crack millions of [passwords] within hours with a single powerful computer,” he says. However, if Zappos employed password salting, then deciphering its passwords will take a lot longer.
    A Zappos rep declined comment on the level of encryption the company uses for its password.
    If the hackers do decipher user passwords, it won’t necessarily be dangerous in itself. The problem is that most people use the same password for multiple accounts. If a hacker knows what password you used at Zappos, he’ll probably be able to figure out how to hack your Facebook account as well.

    Share this:

    • Click to share on X (Opens in new window) X
    • Click to share on Facebook (Opens in new window) Facebook
    • Click to share on LinkedIn (Opens in new window) LinkedIn

    Like this:

    Like Loading...
    Phishing
    Previous ArticleStratfor subscribers receive phony emails – SC Magazine US
    Next Article Wells Fargo Checking Account Update – Phishing Email Sent to the Fordham Community on 1/25/2012

    Related Posts

    10 Critical Network Pentest Findings IT Teams Overlook

    Stay Ahead of Scammers in 2025

    Google Groups Vulnerability

    Follow Us on Twitter!
    Follow @FordhamSecureIT
    My Tweets
    Archives
    Categories
    • AI (1)
    • Alerts (384)
    • CISO (19)
    • Cyber Security Awareness Month Tip (150)
    • Data Privacy Week (2)
    • Executive Director (1)
    • Exploits and Vulnerabilities (35)
    • General Information (34)
    • Identity and Access Management (12)
    • Identity Theft (26)
    • Jason Benedict (19)
    • Legitimate Email (14)
    • Malicious Email (24)
    • Mobile (25)
    • Network Security (2)
    • News and Events (143)
    • Newsletter (13)
    • Password (17)
    • Phishing (333)
    • Phishing Email (340)
    • Privacy (10)
    • Ransomware (9)
    • Scam (104)
    • Security Awareness (262)
    • Security Guides (34)
    • Social Engineering (12)
    • SPAM (40)
    • Suspicious (6)
    • Telework (2)
    • Teleworking (3)
    • Trojan (7)
    • Uncategorized (9)
    • Virtual Meeting (4)
    • Virus (28)
    • Viruses (8)
    • World Backup Day (1)
    • Zoom (6)
    Tag Cloud
    Alerts Artificial Intelligence Backups cell phones CISO Cybersecurity Awareness Month Tip Cybersecurity Month Data Privacy Device email Exploits and Vulnerabilities fordham fraud Identity and Access Management Identity Theft Information Security Guides Jason Benedict Legitimate Email malicious email Mobile Multi-Factor Authentication networks Network Security News and Events Newsletter online safety Online Shopping Password Phishing Phishing Email Privacy ransomware scam scams Security Awareness social engineering Social Media spam trojan Virus Viruses Wireless wire transfer scam World Backup Day zoom
    About
    About

    Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to more than 15,100 students in its four undergraduate colleges and its six graduate and professional schools.

    Copyright © Fordham University
    Facebook X (Twitter) Instagram YouTube LinkedIn
    © 2025 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.

    %d