In August 2019, the security firm was informed that some of their customers were receiving tech support scam phone calls. The calls were impersonating TrendMicro tech support agents, they were appearing legitimate because the crooks were demonstrating a deep knowledge of the business relationship between the potential victims and TrendMicro.
TrendMicro investigated the calls and discovered that the attacks were not causal, instead, scammers were leveraging user data, a circumstance that suggested the involvement of insiders.
“In early August 2019, Trend Micro became aware that some of our consumer customers running our home security solution had been receiving scam calls by criminals impersonating Trend Micro support personnel.” reads a blog post published by Trend Micro.
“The information that the criminals reportedly possessed in these scam calls led us to suspect a coordinated attack.”
The investigation conducted by the company revealed that a TrendMicro employee performing unauthorized access to a customer support database and after stealing customer data was selling it to third-party tech support scammers.
“Although we immediately launched a thorough investigation, it was not until the end of October 2019 that we were able to definitively conclude that it was an insider threat,” continues the post. “A Trend Micro employee used fraudulent means to gain access to a customer support database that contained names, email addresses, Trend Micro support ticket numbers, and in some instances telephone numbers. There are no indications that any other information such as financial or credit payment information was involved, or that any data from our business or government customers was improperly accessed.”
Once identified the employee, the company immediately disabled the unauthorized account access and fired the man. Currently, the company is working with law enforcement on an ongoing investigation. and government customers that our investigations have shown no indication that the criminal has accessed any enterprise customer data.
Trend Micro revealed that the security incident affects less than 1% of Trend Micro’s 12 million consumer customers, the company confirmed that only targeted English-speaking users were impacted. According to the company, scammers have not accessed any enterprise customer data.
Users can contact Trend Micro technical support in their region at https://esupport.trendmicro.com for any questions or concerns.
(SecurityAffairs – hacking, scam)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.