February 29, 2008

TDS internet customers fight massive phishing attack

TDS Telecom's email customers have been under attack this week,and the company and its Madison-based subsidiary, TDS Metrocom -- with more than one million phone lines and 300,000 internet customers -- has been struggling to maintain service and protect customer accounts.

For two days this week, customers had trouble with email -- it either wouldn't send or couldn't be retrieved. For hours on end.

The problem was two-fold. First, a coordinated phishing attack -- hackers sending fraudulent emails seeking account information -- obtained access to some customers' accounts and ran amok, generating what the company called "an extreme amount of email," more traffic than the system could handle. For hours on Monday and Tuesday, the attacks all-but shut down the email service -- customers couldn't send or receive email -- although phone and other internet access were not affected. Delays continued through Feb. 28.

TDS spokesperson DeAnne Boegli says the company put 200 more service reps on duty to deal with customer issues -- in many cases helping customers set up "strong" passwords -- passwords with at least eight characters, a capital letter, a number and a symbol. Harder to guess than your first name, donchaknow.

At the same time, TDS reported that customers in Minnesota underwent a "vishing" attack -- callers offered discounts and tried to pry account information from customers that way. (Vishing is a combination of voice and phishing.)

Andrew Petersen, director of public relations for TDS Telecommunications Corporation, said, "We have smart customers and thankfully they have been great in alerting us to the calls. It appears that these scam artists are just using a phone book to call our customers."

TDS offered the following tips after the break:

How do you know if your password is strong?

Must be at least 8 characters in length
Must contain upper AND lower case (a-Z)
Must contain at least one numeric character (0-9)
Must contain at least one special character (!,@,#,$,%,^,&,*,(,),_,+)
A space is not allowed within the password.
Cannot be ‘password’
Cannot contain the ‘username’
Example of an acceptable password: eXample2%

TDS reminds customers that it will never send an email to ask for password or other personal information, and only asks for this information when a customer calls the company directly.

Quick Phishing Tips:

Do not respond to Phishing emails in any way, not even to type, “take me off the list” or “unsubscribe,” because it validates your email address to the hacker.
Simply delete all emails from unknown or suspicious sources.

Never give out passwords or other personal data to phone or email solicitors
Call the company at a trusted number, such as the one on your bill, to verify it’s a valid request if you are unsure.

Use a variety of strong passwords with different companies you do business
Report Phishing emails and SPAM to your service provider or virus programs
Do not forward Phishing emails to warn your friends, it only feeds the system.

No comments:

Post a Comment