Cloudy biz Datrix locks down phishing attack in 15 mins after fat thumb triggers email badness

Cloud-'n'-comms biz Datrix has suffered a phishing attack that resulted in some customers' contact details being compromised – though the company reckons it contained the attack within 15 minutes.

The London-based firm sent an email to its customers earlier this week, seen by El Reg, confirming it had been "the target of a sophisticated cyber security attack, designed to defraud the company and appropriate company funds".

Company chairman Rob Wirszycz told us of the attackers: "They're incredibly clever, these guys."

He explained that someone within the company had been thumbing through emails on their mobile phone and accidentally tapped a link sent from a compromised supplier of Datrix's. In turn, that compromised the person's inbox, allowing the attackers to "access a bunch of internal emails, read them and send them to our finance department".

Those emails, sent to tempt finance bods into paying fake invoices, linked to a fake domain: datrlx.co.uk (with a lowercase L) (instead of datrix.co.uk).

On top of that, around 300 emails were sent to customers whose details were in emails sent to the hapless Datrix worker. Wirszycz said the company shut off the compromised email account within 15 minutes, preventing the sending of "several thousand" emails.

"We encourage all our customers and suppliers to permanently delete any suspicious emails that have been received from Datrix team members during the past week with the words 'new project' in the subject line and to be wary of any suspicious online activity involving our company," Datrix told its customers in a fresh email alerting them to the incident. Company reps also phoned all of those who had been emailed by the phishers to ensure the warning got through, Wirszycz told us.

"This was clearly the work of someone almost factory-like," he lamented. "As chairman I'm pleased the business did respond this way, that the guys took the steps we did. Everything seemed to work well."

Bad things do happen

As we reported last year, phishing crooks need to compromise just the one account to cause havoc, as Datrix's experience vividly demonstrates.

It's not just businesses that fall victim to this ever-increasing form of crime: fraudsters have begun targeting charities because those types of organisation tend to be more trusting. Before one starts sneering, however, it's worth remembering that developers are also a useful target for phish-happy crooks, as Guy Podjarny of security biz Snyk reminded attendees of a conference last year. ®