Computer hackers have broken into a database of Three Mobile customers and accessed their personal details in order to steal smartphones, the UK network said on Thursday.

A spokesman for the company said there had been an uptick in attempted phone fraud over the past four weeks, both through burglaries of Three retail stores and intercepting customer phone upgrades.

"In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system.

"This upgrade system does not include any customer payment, card information or bank account information," the spokesman said.

Three Mobile Cyber Attack and Data BreachPersonal details including names and addresses were accessed and are believed to have been used by fraudsters to order the phone upgrades, which were sent to eight customers and intercepted.

A probe is currently underway to determine how many more of the company's nine million customers have had their data breached, while the eight known clients have been contacted by Three.

A source close to the matter was quoted by The Telegraph as saying the private information of two thirds of Three customers could be at risk.

"The investigation is ongoing and we have taken a number of steps to further strengthen our controls," said the company spokesman.

Three people were arrested on Wednesday in connection to the fraud and have since been bailed.

A 48-year-old man from Kent, south-east England, and a 39-year-old man from Manchester, north-west England, were arrested on suspicions of computer misuse offences.

A 35-year-old man also from Manchester was arrested on suspicion of attempting to pervert the course of justice.

Related: TalkTalk Handed Record Fine for Data Breach

Related: Information Commissioner Talks Privacy Laws in Post-Brexit UK

view counter

© AFP 2016


SecurityWeek RSS Feed

blog_gfiprime_SQLoyalty programs are often full of great benefits for existing customers, but how many of them have you seen giving valuable software products for free in addition to the purchased ones? None? It’s time for you to meet GFI Prime.

GFI Prime is a program designed to reward loyal GFI Software customers through special access to a selection of smartly engineered software solutions, completely free. To discover the details of this new program, we spoke with Andre Muscat, GFI Software’s Senior Vice President and Chief Product Officer.

TalkTechToMe: There are many customer loyalty programs out there and all of them offer generous benefits. So what makes GFI Prime so special?

Andre Muscat: GFI Software has been present in the IT industry for more than two decades, and we have thousands of satisfied customers all over the world. Looking for a way to add more value to the relationship with our customers, we wanted to develop a program that would generously reward their loyalty and trust in GFI Software. So we created GFI Prime, a loyalty program for customers which provides them with free access to some of our most popular software solutions.

Eligible customers will be able to download and deploy our first-class software products in the areas of security, communications and productivity, complementing the products they already own and use. So, besides rewarding their loyalty and keeping customers at the heart of our business, with GFI Prime we are helping them to build a safer and more reliable IT environment.

TTTM: Who can benefit from GFI Prime?

andre_muscatAM: If you have been a GFI Software customer for more than one year, then you are eligible to benefit from our new loyalty program and get immediate access to at least one additional GFI Software product for free. For each GFI Prime Qualifying Product you renew or purchase with a multiple year license or subscription, we will offer you access to one additional GFI Prime product at no additional cost. There are no fine prints or catches – as long as you have an active license for our products, you’ll be able to get additional GFI Prime products for free.

TTTM: How can customers check whether they are eligible for GFI Prime?

AM: All existing customers, and this includes the ones that have just recently purchased multiple year licenses or subscriptions, can log in into the GFI Accounts Portal, and they’ll be able to immediately see whether they own any products which make them eligible for the GFI Prime program.

TTTM: Which of the GFI products can customers get for free as part of the Prime program?

AM: We are starting by including some of our most popular products into the GFI Prime program, in an effort to deliver real value to our customers. Currently four of our products are part of the program: GFI Archiver, GFI EndPointSecurity, GFI EventsManager, and GFI WebMonitor, and the list of claimable GFI Prime benefits will continue to grow throughout the rest of the year and beyond.

For each unit or number of seats of the primary purchased qualifying product, you’ll receive an equal number of units or seat licenses for the GFI Prime products. You’ll also get access to version upgrades and new releases, along with free support resources such as Help, Knowledge Base and eLearning & Training, while technical support for these products can be purchased separately from our channel partners.

TTTM: What do people need to do to remain in the GFI Prime program?

AM: To remain a GFI Prime member, you just need to continue renewing your GFI products. As long as you maintain your GFI Prime membership by renewing your qualifying product, the additional Prime product will remain free. And yes, it’s that simple.

TalkTechToMe blog thanks Andre Muscat for these answers, and if you’re looking for more details on GFI Prime, you’ll find them at Also, you can use the comment box below to tell us what you think about this new program.

You may also like:

  • 10 new Windows 10 features for sysadmins
  • August 2016 – Microsoft Patch Tuesday
  • Introducing GFI LanGuard 12 – now with a web-based reporting…

GFI Blog

The infamous Ramnit Trojan is on the prowl again, and this time it targets personal banking customers of six unnamed UK banks.

Ramnit Trojan rides again

The Trojan has not changed much since we last saw it targeting banks and e-commerce sites in Canada, Australia, the USA, and Finland in December 2015: it still uses the same encryption algorithms, and the same (but updated) data-grabbing, web-injection, and file-exfiltrating modules (the latter is after files with interesting keywords, like ‘wallet’, ‘passwords’, and bank names targeted in the configurations).

“The configuration side is where we can see that Ramnit has been preparing for the next phase, with new attack schemes built for real time web-fraud attacks targeting online banking sessions,” IBM X-Force researchers explain. “Not all attacks have to happen in real time or from the victim’s device. Ramnit’s operators can also gather credentials from infected users and use them at a later time, in account takeover fraud from other devices.”

IBM warns of the Trojan’s resurgence after X-Force researcher Ziv Eli spotted the malware’s operators have set up two new attack servers and a new command and control server.

Whether these are the same operators that developed and used Ramnit in the last six years and went into temporary hiding after, in February 2015, a coalition of European law enforcement agencies shut down C&C servers used by the RAMNIT botnet is impossible to tell.

The Trojan’s source code was never sold or shared on underground forums, and IBM researchers believe it to be either still in the hands of the original cybergang, or of another one that bought it off of them.

If past delivery techniques are used again, the Trojan will be spread via spam, malvertising and exploit kits. IBM has helpfully provided indicators of compromise for administrators to use to spot the malware.

Help Net Security

Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.

banking customers

While security concerns are holding back non-mobile banking users from embracing the convenient, digital self-service solutions on the market, those who are active users of mobile banking today also share the same concerns. Of both, users and non-users of mobile banking, 85 percent said that they would increase their usage to “some extent” if there was more security and nearly half (44 percent) of those surveyed said that they would “significantly” increase their mobile banking usage with more security.

For financial organizations, an increase in self-service banking usage can drive revenue and reduce transactional costs, but currently customers don’t see a promising future for mobile banking in their lives – with 32 percent of respondents claiming that they do not ever foresee using mobile as the primary channel that they will engage with their bank or credit union. Banks that do not properly strengthen mobile financial security measures could miss out on a significant business opportunity and risk losing valuable customers in the process.

As financial institutions look for new ways to streamline adoption of self-service banking solutions, it is important that they proactively deploy and implement rigorous security solutions. In addition, banks should also reconsider their education strategies to ensure that customers understand the level of security in their mobile offerings. Survey Respondents want to see a proactive and informative approach to security from their banks with 80 percent indicating that they would like to see evidence of security measures being activated when they launch a mobile banking application.

“Consumers are concerned about security on their mobile devices, which has limited adoption of high margin mobile banking and payment activities including account opening, payments and transfers using a mobile phone.” Says Marc DeCastro, research director IDC Financial Insights. “As the next generation of online, mobile first and mobile only customers begin to explore digital banking choices, financial institutions that have and promote stronger security will attract and retain these customers more easily than those who do not.”

“As financial organizations continue to expand their self-service offerings to drive revenue and increase customer convenience, it’s important to proactively approach security technology for consumers’ mobile devices in the same way banks approach security for their own PC-based solutions, web offerings, and technology networks,” said Ross Hogan, Kaspersky Lab Global Head of Fraud Prevention.

Help Net Security