An incident at a KFC franchisee late last week shows that anyone, even the most experienced IT professional, can fall victim to a phishing attack.
Last Thursday an IT manager at Brisbane-based Collins Foods, operator of hundreds of KFC stores across Australia as well as Germany and the Netherlands, clicked on a dodgy link.
It allowed unidentified attackers to take brief control of the manager’s email account, and send out phishing emails containing fake invoices to a database of contacts.
The company spotted the compromise and addressed it quickly, sending out an email on Friday to those it believed had been targeted.
“Collins Foods has identified that you may have received an email from our business which was not a legitimate communication,” the firm’s head of IT Jonathan Ives wrote, including details of the email header, time, and sender.
“Please be advised that this email was not sent as part of normal business activity and should not be actioned, Collins Foods recommends that the email be deleted. The email includes links which direct the receiver to a site not related to Collins Foods.”
Ives said the company was investigating and would provide a further update if it deemed the incident to have fallen within the remit of Australia’s new mandatory data breach notifications.
He did not detail the attack the IT manager had fallen victim to.
Ives told iTnews there had been “no further implications” from the incident.
“Collins Foods has stringent IT systems and processes in place to protect the integrity of our networks,” he said.
“It is a tribute to these processes that this situation could be identified and managed so quickly.”
He said the blunder was a reminder to all organisations of the need to “stay alert, maintain our monitoring processes and ensure we have quick reactive procedures ready to implement”.