Recently, Framework’s primary external accounting partner, Keating Consulting, discovered at 8:13 am PST on January 11th, 2024, that the network of Frame Work had been hacked by an attacker using a phishing email.
Hackers use phishing emails to trick individuals into providing sensitive information. By posing as trustworthy entities, hackers exploit human psychology to trick recipients into compromising their security, which enables them to achieve unauthorized access or financial gain.
The American laptop computer manufacturing company Framework Computer proposes electronics repair rights by offering easily disassembled laptops with replaceable parts.
What happened?
In this event, a staff member was tricked into revealing customer PII (Personal Identifiable Information) linked to unpaid Framework purchases via a social engineering tactic.
The attacker posed as CEO in an email on Jan 9 at 4:27 am PST, requesting Accounts Receivable details for Framework purchases.
The accountant unknowingly responded on Jan 11 at 8:13 am PST, sharing a spreadsheet with the PII (Personal Identifiable Information).
Here below, we have mentioned the types of information provided:-
- Full Name
- Email Address
- Balance Owed
Within 29 minutes of the accountant’s response (8:42 am PST, January 11, 2024), Framework’s Head of Finance discovered the breach.
Framework’s Head of Finance promptly notified Keating Consulting about the breach and also escalated to framework leadership to initiate mass notification to affected customers.
What is the company doing, and what steps should users take?
In response to the breach, the company mandated phishing and social engineering training for relevant employees.
Several audits are underway for information request procedures and the training and procedures of accounting and finance consultants with customer information access.
The company urged all its users to remain vigilant and warned about potential impersonation or phishing attempts since information like name, email, and balance was compromised.
As the official payment emails from [email protected] only follow failed captures on the website. In such a scenario, never share payment info directly via email, and for verification, contact Framework Support.
Apart from this, Framework urged that they always prioritize their customer privacy and promised to address incidents like this promptly.
Looking for cost-effective penetration testing services? Try Kelltron’s to assess and evaluate the security posture of digital systems – Free Demo