4 examples of how e-billing and e-invoicing gets exposed: fishing mails and security breaches

January 3, 2012  |  Adoption, Electronic Invoicing, Legal

Phishing email 225x225 4 examples of how e billing and e invoicing gets exposed: fishing mails and security breachesSo we are going to transform from paper bills to digital bills (in whatever from). And maybe  the transformation to e-billing and e-invoicing isn’t going as fast as some of us hope.

But it at least SHOULD give us plenty of time to give attention to threats that at the same time are transformed from the mortar-and-brick world to the bits-and-bytes-sized world.

Examples of e-billing and e-invoicing getting exposed

Underneath are just a few examples we found. The last five or six weeks. And you know how it goes with this kind of news: it is only the tip of the iceberg. Just imagine how many ill secured e-billing and e-invoicing systems are out there.

And then: imagine how many clients’ can get there billing information exposed. This is truly worrying. We really should do something about this. But what?

1

FBI investigates security breach in hospital e-billing system

In our post “FBI to investigate security breach in hospital e-billing system” we mentioned that a billing service provider left a portal open that contained payment records from hospital patients. That information was crawled by Google. But not only that. The results were also cached and kept public. Ouch!

2

e-invoices CAN spread a virus, malware and scareware

We also showed that “e-invoices CAN spread a virus, malware and scareware”. Countries with liberalised legislation can experience an uptake of e-mailmessages that contain a hyperlink to a so-called e-bill. But in fact the hyperlink does not contain a bill of any kind. In stead it causes trouble. Big trouble.

3

Telstra BigPond customer details exposed online

Telstra (Australia’s biggest telco) was stung by another embarrassing privacy breach this month after the (email) addresses and phone numbers of 1500 BigPond customers were made accessible online.

Earlier this month a internal Telstra tool was revealed that was meant for use by Telstra employees to search customer records by a customer’s last name, reference number, billing account number or sales-force number. The tool wasn’t protected in any way.

Telstra closed access to the tool, and, as a precautionary measure, it also disabled its online billing, BigPond self-care and My Account functions on its website for a brief time, and reset the passwords of around 60,000 customers.

4

Phishing e-mail targets new Apple customers to steal their billing information

Cyber criminals are sending around a very official looking e-mail asking Apple users to update their billing information. The phishing scam (or scam that parades itself as a legitimate source and then steals information), targets new Apple users who are just setting up their accounts and may be unfamiliar with the Apple system.


1 Comment


  1. Yes security is extremely important when dealing with electronic invoicing. I can’t imagine any providers who deal in this industry not having a system that protects its own information but also it’s clients.

Leave a Reply