Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Snapchat Suffers Phishy Data Breach
Snapchat Suffers Employee Data Breach after Phishing Attack
Snapchat Suffers Employee Data Breach after Phishing Attack
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
A phishing attack on Friday tricked a payroll department staffer at Snapchat into revealing private information about some current and former employees, the video messaging service said yesterday in an online apology. No internal systems were breached and no information about users was released, the company added.

Employees whose information was released have been contacted and offered two years of free identity theft insurance and monitoring, according to the Snapchat blog post about the phishing incident. The company also reported the attack to the U.S. Federal Bureau of Investigation.

The phishing attack caused a payroll employee to believe an e-mail request for information came from Snapchat CEO Evan Spiegel. It's a type of attack known as "spear phishing" that targets individuals or narrow groups of people rather than sending out e-mails to thousands of random users.

Quickly Reported to FBI

The company said it responded "swiftly and aggressively" after learning of the suspicious e-mail and subsequent release of employee information.

"Within four hours of this incident, we confirmed that the phishing attack was an isolated incident and reported it to the FBI," the company said in its statement.

The company added that it will "redouble our already rigorous training programs around privacy and security in the coming weeks. Our hope is that we never have to write a blog post like this again."

Phishing Is 'No. 1 Attack Vector'

Scams involving spear phishing and other kinds of business e-mail compromise efforts "became a major problem in 2015," according to a report on phishing activity trends released in December by the Anti-Phishing Working Group (APWG). Between the first and third quarters of last year, the number of reports of unique e-mail phishing campaigns ranged from just under 50,000 in January to nearly 150,000 in May, the report said.

Founded in 2003, the APWG is an international organization whose members include businesses, government organizations, law enforcement agencies and non-governmental organizations. Among the businesses participating are Cisco, Facebook, Intel's McAfee, Microsoft, PayPal and Symantec.

"Phishing is the No. 1 attack vector today and with good reason -- it often leads to success," noted PhishMe's inaugural "Enterprise Phishing Susceptibility Report, also released in December. "An organization’s employees are the primary target, the means to the attackers' end of gaining access to company systems. Employees are the easier targets due to their susceptibility to various emotional and contextual triggers."

A company that provides "human-focused phishing defense solutions," PhishMe gathered data for the report by sending 8 million phishing simulation e-mails to more than 3.5 million employees of customer companies. The research showed that employees most often responded to phishing e-mails in the morning, especially at 8 a.m., and they were most often tricked by e-mails with subject lines like "File from Scanner" or "Unauthorized Activity/Access."

Providing behavioral conditioning to employees reduced the chances that they would respond to malicious e-mails by more than 97 percent after four simulations, the report added.

"It is important to train employees to report phishing attempts as soon as they are recognized in order to offset the likelihood that a phishing attempt will be responded to in its first several hours in a network environment," according to the report.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.