For all of the benefits that the internet has brought to society, it has also become a venue for not-so-honest online activities. One of the most popular methods of obtaining sensitive data is called phishing, and it has been around since the infancy of the world wide web. Though we have since moved on from being chained to our desks with slow dial-up to working on-the-go with much more secured wireless broadband solutions, the sad reality is that cyber breaches still happen, despite our best efforts. Unfortunately, even with continuing efforts to inform and educate both clients and employees, some schemes look so convincing that even somebody with extensive knowledge of phishing could fall for them in a matter of seconds. In this article, we will discuss a few of the more elaborate breaches that actually fooled members of some of the biggest companies worldwide, with the hopes that it will help you and your own staff identify and avoid them in the future.
The IRS Login Breach
According to an article on Accounting Today, the International Revenue Service (IRS) released a statement warning taxpayers that fraudulent emails had been making the rounds back in February 2016. These e-mails, made to look like official correspondences from the IRS, requested certain details from many individuals, such as their official order transcripts, their PINs, and even the status of their tax payments, among other things. These communications are not limited to e-mails, as they have also been spotted spreading through text messages. The hackers also created pages that were modeled after the official IRS website.
The Seagate W-2 Breach
Even those who work at well-known tech companies can still fall victim to these schemes. Based on information provided by Krebs on Security, an employee of Seagate Technology was fooled into handing over a number of W-2 tax documents in March 2016. The data included not just the information of people who were currently employed by the company, but also that of individuals who have since moved on to other work. What tricked the person into giving away such sensitive data? It was an e-mail that was crafted to look like a genuine internal request from the company, according to Seagate spokesman Eric DeRitis.
The Snapchat Breach
In February 2016, a Snapchat employee was tricked into handing over information pertaining to the payrolls of current and former members of the company. How did the hackers pull it off? They claimed to be Evan Spiegel, the CEO of Snapchat, similar to the tactic used in the Seagate breach mentioned above. Andrea Peterson of The Washington Post notes that this exposes one of the true dangers of cyber security: not the systems themselves, but the vulnerability of the people working for companies.
Avoiding Phishing Schemes
Whenever an organization, especially one from the government, asks for your personal information, it never hurts to call their official phone numbers and ask for a representative to confirm whether or not the communications were actually legit or not. When in doubt, remember this: it is better for your employees to keep all information to themselves rather than giving everything out to just anybody who asks.