Scam Of The Week: Yahoo Massive Data Breach Settlement Phishing Attacks



scam_of_the_week-1Yahoo is close to reaching a $117.5 million settlement in a class-action lawsuit over a series of data breaches that affected users between 2012 and 2016 — and your employees are potentially eligible for a $100 check and/or free credit monitoring if they had an account during that period.

From 2012 through 2016, several hacks penetrated Yahoo systems and stole billions of records. 

While the $117.5 million is not nearly as big as the $700 million settlement that credit agency Equifax agreed to for its 2017 data breach involving 147 million records, it's still enough of a phish bait to use social engineering and deceive people in disclosing their personal information. Bad guys are going to benefit from Yahoo Settlement phishing scams,

They are going to promote not only cash, but Yahoo is also offering two years of free credit-monitoring services to anyone who had a compromised account. If the money sounds better, they can ask for a cash payment of $100 as long as they verify that they've already signed up for a credit-monitoring service. 

The bad guys are going to use the "urgency" trick. The settlement is a set amount, meaning there’s only so much cash to go around. If too many people sign up for the cash option, they will have to split the pool. If someone had to spend time or money dealing with identity theft or other problems they believe stemmed from the Yahoo hacks, they can file a claim for up to $25,000 in out-of-pocket losses. All in all, enough bait to trick people.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Internet bad guys are now trying to trick you into filing a Yahoo claim and get a $100 payment because your personal data was in one of the big Yahoo data breaches.  They are sending phishing attacks that look like they come from Yahoo and when you click on the links, you wind up on a fake website that looks like it's Yahoo, but will try to steal your personal information. Don't fall for it! 

For KnowBe4 customers, we have two templates ready so that you can inoculate your users against this attack. I suggest you send them one of these in the coming days. 

They are under Current Events:
Yahoo: You may be entitled to a Class Action Settlement
Yahoo: Class Action Settlement

Let's stay safe out there.

Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.

NewStu-6


Request Your Security Awareness Training Quote

products-KB4SAT6-2Old-school awareness training does not hack it anymore. Your email filters have a ~10% failure rate; you need a strong human firewall as your last line of defense. KnowBe4 is your platform for new-school security awareness training. We help you keep your users on their toes with security top of mind. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will. Find out how affordable this is for your organization and be pleasantly surprised.

Get A Quote Now

Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat_get_a_quote_now

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews