Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 7 MINUTES AGO.
You are here: Home / Customer Data / Snapchat Suffers Phishy Data Breach
Snapchat Suffers Employee Data Breach after Phishing Attack
Snapchat Suffers Employee Data Breach after Phishing Attack
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
29
2016
A phishing attack on Friday tricked a payroll department staffer at Snapchat into revealing private information about some current and former employees, the video messaging service said yesterday in an online apology. No internal systems were breached and no information about users was released, the company added.

Employees whose information was released have been contacted and offered two years of free identity theft insurance and monitoring, according to the Snapchat blog post about the phishing incident. The company also reported the attack to the U.S. Federal Bureau of Investigation.

The phishing attack caused a payroll employee to believe an e-mail request for information came from Snapchat CEO Evan Spiegel. It's a type of attack known as "spear phishing" that targets individuals or narrow groups of people rather than sending out e-mails to thousands of random users.

Quickly Reported to FBI

The company said it responded "swiftly and aggressively" after learning of the suspicious e-mail and subsequent release of employee information.

"Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI," the company said in its statement.

The company added that it will "redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again."

Phishing Is 'No. 1 Attack Vector'

Scams involving spear phishing and other kinds of business e-mail compromise efforts "became a major problem in 2015," according to a report on phishing activity trends released in December by the Anti-Phishing Working Group (APWG). Between the first and third quarters of last year, the number of reports of unique e-mail phishing campaigns ranged from just under 50,000 in January to nearly 150,000 in May, the report said.

Founded in 2003, the APWG is an international organization whose members include businesses, government organizations, law enforcement agencies and non-governmental organizations. Among the businesses participating are Cisco, Facebook, Intel's McAfee, Microsoft, PayPal and Symantec.

"Phishing is the No. 1 attack vector today and with good reason -- it often leads to success," noted PhishMe's inaugural "Enterprise Phishing Susceptibility Report, also released in December. "An organization’s employees are the primary target, the means to the attackers' end of gaining access to company systems. Employees are the easier targets due to their susceptibility to various emotional and contextual triggers."

A company that provides "human-focused phishing defense solutions," PhishMe gathered data for the report by sending 8 million phishing simulation e-mails to more than 3.5 million employees of customer companies. The research showed that employees most often responded to phishing e-mails in the morning, especially at 8 a.m., and they were most often tricked by e-mails with subject lines like "File from Scanner" or "Unauthorized Activity/Access."

Providing behavioral conditioning to employees reduced the chances that they would respond to malicious e-mails by more than 97 percent after four simulations, the report added.

"It is important to train employees to report phishing attempts as soon as they are recognized in order to offset the likelihood that a phishing attempt will be responded to in its first several hours in a network environment," according to the report.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN CUSTOMER DATA

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.