Snapchat’s Phishing Attack: A Reminder That Security Starts with Employee Education

By | March 2nd, 2016|Business Security, Industry News, Malware and Scams|

EducateSnapchat, the popular ephemeral messaging application, just announced a phishing attack that has compromised the identities of a number of its current and former employees.

According to a blog post from the company, Snapchat’s payroll department was targeted by an isolated phishing scam, where a scammer impersonated the company’s chief executive officer and asked for employee payroll information. The email was not recognized as a scam and as a result, personal information about some current and former employees was disclosed.

Snapchat has not revealed the specific information that was released, but because it is sensitive payroll information, it could likely include everything from salary data and Social Security numbers, to bank details and addresses.

The frequency of phishing attacks continues to rise, and even unsophisticated hackers now have access to the tools needed to orchestrate an attack. According to a report from PhishLabs, “basic, even free, phishing kits now contain a variety of clever functions, as well as obfuscation and anti-analysis techniques.” While more sophisticated attackers are selling phishing kits for anywhere between $1 and $50, others are making them freely available.

In 2015, the FBI coined the term “business email compromise” to describe the growing category of phishing attacks targeting American companies. As of August 2015, the Bureau estimated that “since 2013, the total dollar losses to American companies exceeded $740 million, while only hitting around 7,000 targets. When international victims are added in, the losses total $1.2 billion.”

As with the case of Snapchat, attackers frequently impersonate executives from the company in order to hack in to company networks. These attacks are often difficult to detect. It’s essential that companies invest time in educating their employees on safe email practices, including:

  • Using strong, unique passwords and enable two-factor authentication whenever possible
  • Keeping all systems up-to-date with the latest security patches and updates
  • Avoiding sharing sensitive information over email, or utilizing code words to verify that the person requesting the information is indeed that person and not an attacker
  • Not clicking on any suspicious links
  • Deploying SPAM filters

How are you keeping your company safe from phishing attacks? We’d love to hear from you–connect with us on Facebook, Twitter or LinkedIn.

Firewall Chats, Ep. 5: Scams, Malware, and Phishing Attempts

By | December 15th, 2015|Business Security, Firewall Chats|

MalwareToday airs the final episode in our pilot podcast series! To wind down the last few days of 2015, we sat down with Adam Dolby, Encap Security’s vice president of business development.

Prior to joining Encap Security, Dolby was focused on banking, ATM networks, and card processing. His expertise lies within multi-factor authentication, security, and electronic financial services, which is why we wanted to discuss the tricks, traps, scams and malware that consumers face daily.

Did you know, according to Get Cyber Safe, roughly 156 million phishing emails are sent each day? Of that, 16 million make it through filters. Half are opened. In the end, 80,000 people fall victim to scams and share personal information with cyber criminals.

“Bad guys will cast a fairly wide net–the wider the net, the better for them,” Dolby said. “They see who ends up in it at the end. … While the online community has come [far], when you can still trick 80,000 people, a day, into giving away their credentials that means we have a really long way to go.”

Malicious emails aren’t the only danger to businesses and consumers.

“Malware, to me, is the real threat.” Dolby said. “Malware is a form of computer program designed specifically to steal your login credentials.”

Dolby said there were 255,000 new malware variants every single day in 2014.

Our guest also shared that long gone are the days when hackers were individuals, hiding in basements. Now these scams and hacks are part of sophisticated, organized attacks.

In our episode, Dolby shares tips to be aware of these scams, the cost of data breaches, two-factor authentication, and how businesses can better protect their employees and customers.

“It’s up to you to protect your identity,” Dolby said. “Be prepared for the when, not the if.”

You can listen to the entire episode, as well as our past podcast episodes, at www.csid.com/firewallchats. Thanks for listening!

Questions? Comments? A topic you’d like to see us tackle next year? Reach out to us on Twitter and Facebook to let us know!

Load More Posts