Scam Of The Week: Yahoo Massive Data Breach Settlement Phishing Attacks

Yahoo Massive Data Breach Settlement Phishing AttacksYahoo is close to reaching a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and your employees are potentially eligible for a $100 check and/or free credit monitoring if they had an account during that period.

From 2012 through 2016, several hacks penetrated Yahoo systems and stole billions of records. 

While the $117.5 million is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving 147 million records, it's still enough of a phish bait to use social engineering and deceive people in disclosing their personal information. Cybercriminals are going to benefit from Yahoo Settlement phishing scams.

They are going to promote not only cash, but Yahoo is also offering two years of free credit-monitoring services to anyone who had a compromised account. If the money sounds better, they can ask for a cash payment of $100 as long as they verify that they've already signed up for a credit-monitoring service. 

Bad actors are going to use the "urgency" trick. The settlement is a set amount, meaning there’s only so much cash to go around. If too many people sign up for the cash option, they will have to split the pool. If someone had to spend time or money dealing with identity theft or other problems they believe stemmed from the Yahoo hacks, they can file a claim for up to $25,000 in out-of-pocket losses. All in all, enough bait to trick people.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Cybercriminals are now trying to trick you into filing a Yahoo claim and get a $100 payment because your personal data was in one of the big Yahoo data breaches.  They are sending phishing attacks that look like they come from Yahoo and when you click on the links, you wind up on a fake website that looks like it's Yahoo, but will try to steal your personal information. Don't fall for it! 

For KnowBe4 customers, we have two templates ready so that you can inoculate your users against this attack. I suggest you send them one of these in the coming days. 

They are under Current Events:
Yahoo: You may be entitled to a Class Action Settlement
Yahoo: Class Action Settlement

Let's stay safe out there.

Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews