TRENDING:

Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Hackers Target Instant Quote Websites

New York Warns of Theft of Consumers' Information Doug Olenick (DougOlenick) • February 18, 2021    
Hackers Target Instant Quote Websites

Hackers are targeting vulnerabilities in websites offering instant quotes - especially those that provide auto insurance rates - in an ongoing campaign designed to steal consumers' information, according to an alert from the New York State Department of Financial Services .

See Also: OnDemand | API Protection – The Strategy of Protecting Your APIs

The alert says hackers are targeting the sites to steal driver's license numbers and other personally identifiable information. The sites affected were not named.

The department first heard about the issue earlier this year and informed 12 auto insurance instant quote sites in January that they were likely targeted.

"Following that alert, six more insurers reported to DFS the malicious targeting of their auto quote websites," the state agency says. "Two of those insurers reported that the attackers failed to gain access to NPI [nonpublic information] and four reported that the attackers did gain access to NPI or that their investigation was still ongoing."

The state agency says the campaign is likely tied to efforts to steal PII to use in fraudulent attempts to apply for pandemic-related benefits and unemployment insurance.

"Notably, the concerted effort to steal NPI from New Yorkers seems to have coincided with the implementation of enhanced identity requirements to obtain pandemic benefits in New York," the alert says.

DFS did not release any information on the number of individuals who have been victimized in these attacks in New York or elsewhere.

Stealing the Data

Fraudsters are using several techniques to infiltrate systems and then steal data from the instant quote websites, the alert says.

"On the auto quote websites, the criminals entered valid name, any date of birth and any address information into the required fields," the state agency says. "The automobile insurance quote websites then displayed an estimated insurance premium quote along with partial or redacted consumer NPI including a driver’s license number. The attackers captured the full, unredacted driver’s license numbers without going any further in the process and abandoned the quote."

The alert says the hackers:

  • Take advantage of vulnerabilities in the site to access unredacted PII directly from where it's stored;
  • Use developer debug tools to intercept and decode unredacted PII;
  • Use web browser developer tools to access the parts of the websites where the redacted data is stored;
  • After requesting a quote, enter an order to purchase an insurance policy, using fraudulent payment methods, to view the policy owner's driver's license number and other information;
  • Sometimes call an agent and use social engineering techniques to gain personal information.

The DFS Cyber Intelligence Unit has found complete step-by-step instructions to implement these techniques for sale on darknet forums.

Detecting an Attack

The initial telltale sign that a site is being hit with this style of attack is a spike in quote requests tied to an unusually large number of abandoned quotes taking place during a short period, the alert says.

"More broadly, regulated entities should look for any increase in consumer submissions that terminate as soon as NPI is revealed," DFS says.

If such activity is spotted, companies should check their server logs for indications of any manipulation of the website using web developer tools, state officials advise.

To help mitigate the risks, the state agency advises instant quote sites to make sure they're properly using Secure Sockets Layer, Transport Layer Security and HTTP Strict Transport Security and Hypertext Markup Language.

The state agency also suggests companies confirm that the technology they use for redaction and data obfuscation is properly implemented.

Previous
Nigerian Gets 10-Year Sentence for BEC Scam
Next
White House Preparing 'Executive Action' After SolarWinds Attack

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.