NBA: Phishing doesn’t spare sports institutions

NBA: Phishing doesn’t spare sports institutions
Image source: mohamed_hassan via Pixabay

On last May 10th, in a press release, the Pacers Sports & Entertainment (PSE) organization, owner of the NBA’s basketball team the Indiana Pacers, revealed that they were the victim of a sophisticated phishing attack at the end of 2018.

For reminder, phishing is a technique used to obtain personal information in order to commit an identity theft.  This is a «social engineering» technique, i.e. consisting in exploiting not an IT flaw but a «human flaw» by deceiving web users through an e-mail seemingly coming from a trustworthy company, typically a bank or a business website.

Pacers Sports & Entertainment victim of a phishing attack

At the end of 2018, the company PSE has then been the target of a phishing emails campaign resulting in the unauthorized access to emails containing personal information related to a limited number of individuals.

This cyberattack affected a limited number of
individuals but the amount of the stolen information is important: name,
address, date of birth, passport number, driver’s license, state identification
number, account number, credit/debit card number, digital signature, username
and password and for some individuals, the Social Security number.

The American company has quickly implemented
measures to secure the affected email accounts and investigate the incident
with the assistance of forensic experts. This investigation then revealed that
the hackers had access to the accounts of a limited number of persons between
October 15th and December 4th, 2018. The press release
doesn’t give any details regarding the identity of the targeted persons.

PSE individually notified each victim whose
information has been stolen and assures that “to date, PSE has no evidence of
actual or attempted misuse of any personal information”. The organization offered
to the victims of the cyberattack an access to credit monitoring and identity
protection services at no cost.

Some simple rules against phishing

Phishing attacks are increasing. Above all, they are becoming more and more sophisticated, and target all kinds of industries. Each and every one of us must be extra vigilant.

Lastly, for reminder, here are some simple rules to protect yourself against phishing attempts:

  • Do
    not reply when someone asks for your personal data by email;
  • Do
    not ever open an attachment from an unknown sender, or from one who is not
    entirely trustworthy;
  • Check
    the links by hovering the cursor over them (without clicking) to ensure that
    they link to trustworthy websites;
  • Do
    not trust the name of the mail’s sender. If there is any doubt, contact the
    sender through another method.

First published at nameshield blog

Back to top button